6
CVE-2024-41681 -
A vulnerability has been identified in Location Intelligence family (All versions < V4.4). The web server of affected products is configured to support weak ciphers by default. This could allow an unauthenticated attacker in an on-path position to to read and modify any data passed over the connecβ¦
5.1
CVE-2024-39922 -
A vulnerability has been identified in LOGO! 12/24RCE (6ED1052-1MD08-0BA1) (All versions), LOGO! 12/24RCEo (6ED1052-2MD08-0BA1) (All versions), LOGO! 230RCE (6ED1052-1FB08-0BA1) (All versions), LOGO! 230RCEo (6ED1052-2FB08-0BA1) (All versions), LOGO! 24CE (6ED1052-1CC08-0BA1) (All versions), LOGO! β¦
8.5
CVE-2024-36398 -
A vulnerability has been identified in SINEC NMS (All versions < V3.0). The affected application executes a subset of its services as `NT AUTHORITY\SYSTEM`. This could allow a local attacker to execute operating system commands with elevated privileges.
5.3
CVE-2024-7715 - D-Link DNS-1550-04 photocenter_mgr.cgi sprintf command injection
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240812. It has been β¦
4.8
CVE-2024-6724 - Generate Images β Magic Post Thumbnail < 5.2.8 - Admin+ Stored XSS
The Generate Images WordPress plugin before 5.2.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
8.8
CVE-2024-6823 - Media Library Assistant <= 3.18 - Authenticated (Author+) Arbitrary File Upload via mla-inline-editβ¦
The Media Library Assistant plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation involving the mla-inline-edit-upload-scripts AJAX action in all versions up to, and including, 3.18. This makes it possible for authenticated attackers, with Author-level accβ¦
6.4
CVE-2024-7247 - Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrβ¦
The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Custom Gallery and Countdown widgets in all versions up to, and including, 5.7.2 due to insufficient input sβ¦
4.3
CVE-2024-39591 - Missing Authorization check in SAP Document Builder
SAP Document Builder does not perform necessary authorization checks for one of the function modules resulting in escalation of privileges causing low impact on confidentiality of the application.
4.3
CVE-2024-42373 - Missing Authorization Check in SAP Student Life Cycle Management (SLcM)
SAP Student Life Cycle Management (SLcM) fails to conduct proper authorization checks for authenticated users, leading to the potential escalation of privileges. On successful exploitation it could allow an attacker to delete non-sensitive report variants that are typically restricted, causing miniβ¦
6.4
CVE-2024-7092 - Essential Addons for Elementor β Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= β¦
The Essential Addons for Elementor β Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the βno_more_items_textβ parameter in all versions up to, and including, 5.9.27 due to insufficient input sanitization and outputβ¦