6.5
CVE-2024-28167 - Missing Authorization check in SAP Group Reporting Data Collection (Enter Package Data)
SAP Group Reporting Data Collection does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. On successful exploitation, specific data can be changed via the Enter Package Data app although the user does not have sufficient authorization caus…
7.2
CVE-2024-27901 - Directory Traversal vulnerability in SAP Asset Accounting
SAP Asset Accounting could allow a high privileged attacker to exploit insufficient validation of path information provided by the users and pass it through to the file API's. Thus, causing a considerable impact on confidentiality, integrity and availability of the application.
8.8
CVE-2024-27899 - Security misconfiguration vulnerability in SAP NetWeaver AS Java User Management Engine
Self-Registration and Modify your own profile in User Admin Application of NetWeaver AS Java does not enforce proper security requirements for the content of the newly defined security answer. This can be leveraged by an attacker to cause profound impact on confidentiality and low impact on both in…
5.3
CVE-2024-27898 - Server-Side Request Forgery in SAP NetWeaver
SAP NetWeaver application, due to insufficient input validation, allows an attacker to send a crafted request from a vulnerable web application targeting internal systems behind firewalls that are normally inaccessible to an attacker from the external network, resulting in a Server-Side Request For…
7.7
CVE-2024-25646 - Information Disclosure vulnerability in SAP BusinessObjects Web Intelligence
Due to improper validation, SAP BusinessObject Business Intelligence Launch Pad allows an authenticated attacker to access operating system information using crafted document. On successful exploitation there could be a considerable impact on confidentiality of the application.
7.8
CVE-2024-26256 - Libarchive Remote Code Execution Vulnerability
Libarchive Remote Code Execution Vulnerability
4.9
CVE-2024-31506 -
Sourcecodester Online Graduate Tracer System v1.0 is vulnerable to SQL Injection via the "id" parameter in admin/admin_cs.php.
7.3
CVE-2024-21409 - .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability
.NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability
7.8
CVE-2024-24245 -
An issue in Canimaan Software LTD ClamXAV v3.1.2 through v3.6.1 and fixed in v.3.6.2 allows a local attacker to escalate privileges via the ClamXAV helper tool component.
9.4
CVE-2024-1874 - Command injection via array-ish $command parameter of proc_open()
In PHP versions 8.1.* before 8.1.28, 8.2.* before 8.2.18, 8.3.* before 8.3.5, when using proc_open() command with array syntax, due to insufficient escaping, if the arguments of the executed command are controlled by a malicious user, the user can supply arguments that would execute arbitrary comma…