6.7
CVE-2024-25967 -
Dell PowerScale OneFS versions 8.2.x through 9.7.0.1 contains an execution with unnecessary privileges vulnerability. A local high privileged attacker could potentially exploit this vulnerability, leading to escalation of privileges.
5.9
CVE-2024-25968 -
Dell PowerScale OneFS versions 8.2.x through 9.7.0.2 contains a use of a broken or risky cryptographic algorithm vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to information disclosure.
5.4
CVE-2024-3241 - Ultimate Blocks < 3.1.7 - Contributor+ Stored XSS
The Ultimate Blocks WordPress plugin before 3.1.7 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
6.5
CVE-2024-4144 - Simple Basic Contact Form <= 20240502 - Unauthenticated Arbitrary Shortcode Execution
The Simple Basic Contact Form plugin for WordPress for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 20240502. This allows unauthenticated attackers to execute arbitrary shortcodes. The severity and exploitability depends on the functionality of otheโฆ
6.5
CVE-2024-4445 - WP Compress โ Image Optimizer [All-In-One] <= 6.20.01 - Missing Authorization
The WP Compress โ Image Optimizer [All-In-One] plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the several functions in versions up to, and including, 6.20.01. This makes it possible for authenticated attackers, with subscriber-level permโฆ
9.6
CVE-2024-33006 - File upload vulnerability in SAP NetWeaver Application Server ABAP and ABAP Platform
An unauthenticated attacker can upload a malicious file to the server which when accessed by a victim can allow an attacker to completely compromise system.ย
4.3
CVE-2024-33004 - Insecure Storage vulnerability in SAP BusinessObjects Business Intelligence Platform (Webservices)
SAP Business Objects Business Intelligence Platform is vulnerable to Insecure Storage as dynamic web pages are getting cached even after logging out. On successful exploitation, the attacker can see the sensitive information through cache and can open the pages causing limited impact on Confidentiaโฆ
4.2
CVE-2024-33009 - SQL injection vulnerability in SAP Global Label Management (GLM)
SAP Global Label Management is vulnerable to SQL injection. On exploitation the attacker can use specially crafted inputs to modify database commands resulting in the retrieval of additional information persisted by the system. This could lead to low impact on Confidentiality and Integrity of the aโฆ
6.5
CVE-2024-34687 - Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application server for ABAP and ABAP Platโฆ
SAP NetWeaver Application Server for ABAP and ABAP Platform do not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. An attacker can control code that is executed within a userโs browser, which could result in modification, deletion of data, includinโฆ
4.3
CVE-2024-4138 - Missing Authorization Checks in SAP S/4 HANA (Manage Bank Statement Reprocessing Rules)
Manage Bank Statement ReProcessing Rules does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. By exploiting this vulnerability, an attacker can enable/disable the sharing rule of other users affecting the integrity of the application. Conโฆ