71
|
5.3 |
MEDIUM
Network
sap
|
netweaver_application_server_abap
|
SAP NetWeaver Application Server (ABAP) - versions KERNEL 7.53, KERNEL 7.54, KERNEL 7.77, KERNEL 7.85, KERNEL 7.89, KERNEL 7.93, KERNEL 7.94, KRNL64UC 7.53, under certain conditions, allows an attack…
Update
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2024-24740
|
2024-10-17 06:18 |
2024-02-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
72
|
7.4 |
HIGH
Network
|
sap
|
cloud_connector
|
Due to improper validation of certificate in SAP Cloud Connector - version 2.0, attacker can impersonate the genuine servers to interact with SCC breaking the mutual authentication. Hence, the attack…
Update
|
CWE-295
Improper Certificate Validation
|
CVE-2024-25642
|
2024-10-17 06:17 |
2024-02-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
73
|
7.5 |
HIGH
Network
sap
|
netweaver_application_server_java
|
SAP NetWeaver AS Java (CAF - Guided Procedures) - version 7.50, allows an unauthenticated attacker to submit a malicious request with a crafted XML file over the network, which when parsed will enabl…
Update
|
CWE-611
XXE
|
CVE-2024-24743
|
2024-10-17 06:17 |
2024-02-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
74
|
4.3 |
MEDIUM
Network
|
sap
|
master_data_governance_for_material_data
|
SAP Master Data Governance for Material Data - versions 618, 619, 620, 621, 622, 800, 801, 802, 803, 804, does not perform necessary authorization check for an authenticated user, resulting in escala…
Update
|
CWE-862
Missing Authorization
|
CVE-2024-24741
|
2024-10-17 06:16 |
2024-02-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
75
|
7.6 |
HIGH
Network
|
sap
|
companion
|
SAP Companion - version <3.1.38, has a URL with parameter that could be vulnerable to XSS attack. The attacker could send a malicious link to a user that would possibly allow an attacker to retrieve …
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-22129
|
2024-10-17 06:16 |
2024-02-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
76
|
- |
|
-
|
-
|
dingfanzu CMS V1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the addPro parameter of the component doAdminAction.php which allows a remote attacker to execute arbitrary code
New
|
-
|
CVE-2024-48758
|
2024-10-17 06:15 |
2024-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
77
|
- |
|
-
|
-
|
ClassCMS <=4.8 is vulnerable to file inclusion in the nowView method in/class/cms/cms.php, which can include a file uploaded to the/class/template directory to execute PHP code.
New
|
-
|
CVE-2024-48180
|
2024-10-17 06:15 |
2024-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
78
|
- |
|
-
|
-
|
REDAXO CMS v2.11.0 was discovered to contain a remote code execution (RCE) vulnerability.
New
|
-
|
CVE-2024-46213
|
2024-10-17 06:15 |
2024-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
79
|
- |
|
-
|
-
|
An issue in the component /index.php?page=backup/export of REDAXO CMS v5.17.1 allows attackers to execute a directory traversal.
New
|
-
|
CVE-2024-46212
|
2024-10-17 06:15 |
2024-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
80
|
- |
|
-
|
-
|
A discrepancy in error messages for invalid login attempts in Webmin Usermin v2.100 allows attackers to enumerate valid user accounts.
New
|
-
|
CVE-2024-44762
|
2024-10-17 06:15 |
2024-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|