6.5

CVSS3.1

CVE-2024-28167 - Missing Authorization check in SAP Group Reporting Data Collection (Enter Package Data)

SAP Group Reporting Data Collection does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. On successful exploitation, specific data can be changed via the Enter Package Data app although the user does not have sufficient authorization caus…

📅 Published: April 9, 2024, 12:55 a.m. 🔄 Last Modified: April 15, 2026, 12:35 a.m.

7.2

CVSS3.1

CVE-2024-27901 - Directory Traversal vulnerability in SAP Asset Accounting

SAP Asset Accounting could allow a high privileged attacker to exploit insufficient validation of path information provided by the users and pass it through to the file API's. Thus, causing a considerable impact on confidentiality, integrity and availability of the application.

📅 Published: April 9, 2024, 12:55 a.m. 🔄 Last Modified: April 15, 2026, 12:35 a.m.

8.8

CVSS3.1

CVE-2024-27899 - Security misconfiguration vulnerability in SAP NetWeaver AS Java User Management Engine

Self-Registration and Modify your own profile in User Admin Application of NetWeaver AS Java does not enforce proper security requirements for the content of the newly defined security answer. This can be leveraged by an attacker to cause profound impact on confidentiality and low impact on both in…

📅 Published: April 9, 2024, 12:54 a.m. 🔄 Last Modified: April 15, 2026, 12:35 a.m.

5.3

CVSS3.1

CVE-2024-27898 - Server-Side Request Forgery in SAP NetWeaver

SAP NetWeaver application, due to insufficient input validation, allows an attacker to send a crafted request from a vulnerable web application targeting internal systems behind firewalls that are normally inaccessible to an attacker from the external network, resulting in a Server-Side Request For…

📅 Published: April 9, 2024, 12:52 a.m. 🔄 Last Modified: Feb. 6, 2025, 7:01 p.m.

7.7

CVSS3.1

CVE-2024-25646 - Information Disclosure vulnerability in SAP BusinessObjects Web Intelligence

Due to improper validation, SAP BusinessObject Business Intelligence Launch Pad allows an authenticated attacker to access operating system information using crafted document. On successful exploitation there could be a considerable impact on confidentiality of the application.

📅 Published: April 9, 2024, 12:47 a.m. 🔄 Last Modified: Oct. 29, 2025, 2:08 p.m.

7.8

CVSS3.1

CVE-2024-26256 - Libarchive Remote Code Execution Vulnerability

Libarchive Remote Code Execution Vulnerability

📅 Published: April 9, 2024, midnight 🔄 Last Modified: May 3, 2025, 12:39 a.m.

4.9

CVSS3.1

CVE-2024-31506 -

Sourcecodester Online Graduate Tracer System v1.0 is vulnerable to SQL Injection via the "id" parameter in admin/admin_cs.php.

📅 Published: April 9, 2024, midnight 🔄 Last Modified: March 20, 2025, 7:15 p.m.

7.3

CVSS3.1

CVE-2024-21409 - .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability

.NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability

📅 Published: April 9, 2024, midnight 🔄 Last Modified: May 3, 2025, 12:40 a.m.

7.8

CVSS3.1

CVE-2024-24245 -

An issue in Canimaan Software LTD ClamXAV v3.1.2 through v3.6.1 and fixed in v.3.6.2 allows a local attacker to escalate privileges via the ClamXAV helper tool component.

📅 Published: April 9, 2024, midnight 🔄 Last Modified: May 13, 2025, 3:26 p.m.

9.4

CVSS3.1

CVE-2024-1874 - Command injection via array-ish $command parameter of proc_open()

In PHP versions 8.1.* before 8.1.28, 8.2.* before 8.2.18, 8.3.* before 8.3.5, when using proc_open() command with array syntax, due to insufficient escaping, if the arguments of the executed command are controlled by a malicious user, the user can supply arguments that would execute arbitrary comma…

📅 Published: April 9, 2024, midnight 🔄 Last Modified: Nov. 4, 2025, 7:16 p.m.
Total resulsts: 349182
Page 10391 of 34,919
« previous page » next page
Filters