|
314531
|
- |
|
-
|
-
|
All versions of the package node-gettext are vulnerable to Prototype Pollution via the addTranslations() function in gettext.js due to improper user input sanitization.
|
-
|
CVE-2024-21528
|
2024-09-10 14:15 |
2024-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314532
|
- |
|
-
|
-
|
Due to lack of proper authorization checks when calling user, a function module in obsolete Tobin interface in SAP Production and Revenue Accounting allows unauthorized access that could lead to disc…
|
CWE-862
Missing Authorization
|
CVE-2024-45286
|
2024-09-10 13:15 |
2024-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314533
|
- |
|
-
|
-
|
The RFC enabled function module allows a low privileged user to add any workbook to any user's workplace favourites. This vulnerability could be utilized to identify usernames and access information …
|
CWE-862
Missing Authorization
|
CVE-2024-44116
|
2024-09-10 12:15 |
2024-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314534
|
- |
|
-
|
-
|
The RFC enabled function module allows a low privileged user to add URLs to any user's workplace favourites. This vulnerability could be utilized to identify usernames and access information about ta…
|
CWE-862
Missing Authorization
|
CVE-2024-44115
|
2024-09-10 12:15 |
2024-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314535
|
- |
|
-
|
-
|
Due to missing authorization checks, SAP Business Warehouse (BEx Analyzer) allows an authenticated attacker to access information over the network which is otherwise restricted. On successful exploit…
|
CWE-359
Exposure of Private Personal Information to an Unauthorized Actor
|
CVE-2024-44113
|
2024-09-10 12:15 |
2024-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314536
|
- |
|
-
|
-
|
The RFC enabled function module allows a low privileged user to read any user's workplace favourites and user menu along with all the specific data of each node. Usernames can be enumerated by exploi…
|
-
|
CVE-2024-42380
|
2024-09-10 12:15 |
2024-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314537
|
- |
|
-
|
-
|
Due to weak encoding of user-controlled inputs, eProcurement on SAP S/4HANA allows malicious scripts to be executed in the application, potentially leading to a Reflected Cross-Site Scripting (XSS) v…
|
CWE-79
Cross-site Scripting
|
CVE-2024-42378
|
2024-09-10 12:15 |
2024-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314538
|
- |
|
-
|
-
|
The RFC enabled function module allows a low privileged user to delete the workplace favourites of any user. This vulnerability could be utilized to identify usernames and access information about ta…
|
CWE-862
Missing Authorization
|
CVE-2024-42371
|
2024-09-10 12:15 |
2024-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314539
|
- |
|
-
|
-
|
Due to missing authorization checks, SAP BEx Analyzer allows an authenticated attacker to access information over the network which is otherwise restricted. On successful exploitation the attacker ca…
|
CWE-359
CWE-862
Exposure of Private Personal Information to an Unauthorized Actor
Missing Authorization
|
CVE-2024-41729
|
2024-09-10 12:15 |
2024-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314540
|
9.8 |
CRITICAL
Network
|
-
|
-
|
**UNSUPPORTED WHEN ASSIGNED** A command injection vulnerability in the export-cgi program of Zyxel NAS326 firmware versions through V5.21(AAZF.18)C0 and NAS542 firmware versions through V5.21(ABAG.15…
|
CWE-78
OS Command
|
CVE-2024-6342
|
2024-09-10 11:15 |
2024-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
