5.3
CVE-2024-7715 - D-Link DNS-1550-04 photocenter_mgr.cgi sprintf command injection
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240812. It has been β¦
4.8
CVE-2024-6724 - Generate Images β Magic Post Thumbnail < 5.2.8 - Admin+ Stored XSS
The Generate Images WordPress plugin before 5.2.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
8.8
CVE-2024-6823 - Media Library Assistant <= 3.18 - Authenticated (Author+) Arbitrary File Upload via mla-inline-editβ¦
The Media Library Assistant plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation involving the mla-inline-edit-upload-scripts AJAX action in all versions up to, and including, 3.18. This makes it possible for authenticated attackers, with Author-level accβ¦
6.4
CVE-2024-7247 - Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrβ¦
The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Custom Gallery and Countdown widgets in all versions up to, and including, 5.7.2 due to insufficient input sβ¦
4.3
CVE-2024-39591 - Missing Authorization check in SAP Document Builder
SAP Document Builder does not perform necessary authorization checks for one of the function modules resulting in escalation of privileges causing low impact on confidentiality of the application.
4.3
CVE-2024-42373 - Missing Authorization Check in SAP Student Life Cycle Management (SLcM)
SAP Student Life Cycle Management (SLcM) fails to conduct proper authorization checks for authenticated users, leading to the potential escalation of privileges. On successful exploitation it could allow an attacker to delete non-sensitive report variants that are typically restricted, causing miniβ¦
6.4
CVE-2024-7092 - Essential Addons for Elementor β Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= β¦
The Essential Addons for Elementor β Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the βno_more_items_textβ parameter in all versions up to, and including, 5.9.27 due to insufficient input sanitization and outputβ¦
4.3
CVE-2024-41734 - Missing Authorization check in SAP NetWeaver Application Server ABAP and ABAP Platform
Due to missing authorization check in SAP NetWeaver Application Server ABAP and ABAP Platform, an authenticated attacker could call an underlying transaction, which leads to disclosure of user related information. There is no impact on integrity or availability.
4.3
CVE-2024-41736 - Information Disclosure vulnerability in SAP Permit to Work
Under certain conditions SAP Permit to Work allows an authenticated attacker to access information which would otherwise be restricted causing low impact on the confidentiality of the application.
3.1
CVE-2024-41731 - Multiple Unrestricted File Upload vulnerabilities in SAP BusinessObjects Business Intelligence Platβ¦
SAP BusinessObjects Business Intelligence Platform allows an authenticated attacker to upload malicious code over the network, that could be executed by the application. On successful exploitation, the attacker can cause a low impact on the Integrity of the application.