7.1
CVE-2024-31366 - WordPress Post Type Builder (PTB) plugin <= 2.0.8 - Auth. Arbitrary Post/Page Creation vulnerability
Missing Authorization vulnerability in Themify Post Type Builder (PTB).This issue affects Post Type Builder (PTB): from n/a through 2.0.8.
7.1
CVE-2024-31365 - WordPress Post Type Builder (PTB) plugin < 2.1.1 - Reflected Cross Site Scripting (XSS) vulnerabili…
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themify Post Type Builder (PTB) allows Reflected XSS.This issue affects Post Type Builder (PTB): from n/a before 2.1.1.
6.1
CVE-2024-1664 - Responsive Gallery Grid < 2.3.11 - Admin+ Stored XSS
The Responsive Gallery Grid WordPress plugin before 2.3.11 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
4.7
CVE-2024-2201 - CVE-2024-2201
A cross-privilege Spectre v2 vulnerability allows attackers to bypass all deployed mitigations, including the recent Fine(IBT), and to leak arbitrary Linux kernel memory on Intel systems.
6.5
CVE-2024-30218 - Denial of service (DOS) vulnerability in SAP NetWeaver AS ABAP and ABAP Platform
The ABAP Application Server of SAP NetWeaver as well as ABAP Platform allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. This leads to a considerable impact on availability.
4.3
CVE-2024-30217 - Missing Authorization check in SAP S/4 HANA (Cash Management)
Cash Management in SAP S/4 HANA does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. By exploiting this vulnerability, an attacker can approve or reject a bank account application affecting the integrity of the application. Confidentialit…
8.8
CVE-2024-2975 -
A race condition was identified through which privilege escalation was possible in certain configurations.
4.3
CVE-2024-30216 - Missing Authorization check in SAP S/4 HANA (Cash Management)
Cash Management in SAP S/4 HANA does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. By exploiting this vulnerability, attacker can add notes in the review request with 'completed' status affecting the integrity of the application. Confid…
4.8
CVE-2024-30215 - Cross-Site Scripting (XSS) vulnerability in SAP Business Connector
The Resource Settings page allows a high privilege attacker to load exploitable payload to be stored and reflected whenever a User visits the page. In a successful attack, some information could be obtained and/or modified. However, the attacker does not have control over what information is obtain…
4.8
CVE-2024-30214 - Cross-Site Scripting (XSS) vulnerability in SAP Business Connector
The application allows a high privilege attacker to append a malicious GET query parameter to Service invocations, which are reflected in the server response. Under certain circumstances, if the parameter contains a JavaScript, the script could be processed on client side.