1461
|
6.1 |
MEDIUM
Network
|
lucasstad
|
lucas_string_replace
|
The Lucas String Replace plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and includ…
|
CWE-79
Cross-site Scripting
|
CVE-2024-8734
|
2024-09-27 04:30 |
2024-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1462
|
5.4 |
MEDIUM
Network
|
khromov
|
email_obfuscate_shortcode
|
The Email Obfuscate Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'email-obfuscate' shortcode in all versions up to, and including, 2.0 due to insuffici…
|
CWE-79
Cross-site Scripting
|
CVE-2024-8747
|
2024-09-27 04:23 |
2024-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1463
|
6.1 |
MEDIUM
Network
|
kubiq
|
pdf_thumbnail_generator
|
The PDF Thumbnail Generator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and inc…
|
CWE-79
Cross-site Scripting
|
CVE-2024-8737
|
2024-09-27 04:18 |
2024-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1464
|
4.3 |
MEDIUM
Network
|
sentry
|
sentry
|
Sentry is a developer-first error tracking and performance monitoring platform. An authenticated user can mute alert rules from arbitrary organizations and projects with a know rule ID. The user does…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2024-45606
|
2024-09-27 04:16 |
2024-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1465
|
- |
|
-
|
-
|
SAP Replication Server allows an attacker to use gateway for executing some commands to RSSD. This could result in crashing the Replication Server due to memory corruption with high impact on Availab…
|
CWE-787
Out-of-bounds Write
|
CVE-2024-33008
|
2024-09-27 04:15 |
2024-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1466
|
- |
|
-
|
-
|
SAP NetWeaver Administrator AS Java (Administrator Log Viewer plug-in) - version 7.50, allows an attacker with high privileges to upload potentially dangerous files which leads to command injection v…
|
CWE-77
Command Injection
|
CVE-2024-22127
|
2024-09-27 04:15 |
2024-03-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1467
|
4.3 |
MEDIUM
Network
|
sap
|
business_one
|
SAP Business One (B1i) - version 10.0, allows an authorized attacker to retrieve the details stack trace of the fault message to conduct the XXE injection, which will lead to information disclosure. …
|
CWE-611
XXE
|
CVE-2023-41365
|
2024-09-27 04:15 |
2023-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1468
|
7.5 |
HIGH
Network
sap
|
netweaver_application_server_abap web_dispatcher content_server hana_database host_agent extended_application_services_and_runtime sapssoext commoncryptolib netweaver_applicat…
|
SAP CommonCryptoLib allows an unauthenticated attacker to craft a request, which when submitted to an open port causes a memory corruption error in a library which in turn causes the target component…
|
CWE-787
Out-of-bounds Write
|
CVE-2023-40308
|
2024-09-27 04:15 |
2023-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1469
|
5.3 |
MEDIUM
Network
sap
|
powerdesigner
|
SAP PowerDesigner - version 16.7, queries all password hashes in the backend database and compares it with the user provided one during login attempt, which might allow an attacker to access password…
|
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
|
CVE-2023-37484
|
2024-09-27 04:15 |
2023-08-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1470
|
5.3 |
MEDIUM
Network
sap
|
host_agent
|
Due to missing authentication check in SAP Host Agent - version 7.22, an unauthenticated attacker can set an undocumented parameter to a particular compatibility value and in turn call read functions…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2023-36926
|
2024-09-27 04:15 |
2023-08-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|