Export limit exceeded: 346245 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (346245 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-41175 | 1 Beckhoff | 2 Ipc Diagnostics Package, Twincat\/bsd | 2024-09-12 | 5.5 Medium |
| The IPC-Diagnostics package included in TwinCAT/BSD is vulnerable to a local denial-of-service attack by a low privileged attacker. | ||||
| CVE-2024-41730 | 2 Sap, Sap Se | 2 Business Objects Business Intelligence Platform, Sap Business Objects Business Intgelligence Platform | 2024-09-12 | 9.8 Critical |
| In SAP BusinessObjects Business Intelligence Platform, if Single Signed On is enabled on Enterprise authentication, an unauthorized user can get a logon token using a REST endpoint. The attacker can fully compromise the system resulting in High impact on confidentiality, integrity and availability. | ||||
| CVE-2024-41733 | 1 Sap | 3 Commerce, Commerce Cloud, Commerce Hycom | 2024-09-12 | 5.3 Medium |
| In SAP Commerce, valid user accounts can be identified during the customer registration and login processes. This allows a potential attacker to learn if a given e-mail is used for an account, but does not grant access to any customer data beyond this knowledge. The attacker must already know the e-mail that they wish to test for. The impact on confidentiality therefore is low and no impact to integrity or availability | ||||
| CVE-2024-41735 | 1 Sap | 1 Commerce Backoffice | 2024-09-12 | 5.4 Medium |
| SAP Commerce Backoffice does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability causing low impact on confidentiality and integrity of the application. | ||||
| CVE-2024-8155 | 1 Continew | 1 Admin | 2024-09-12 | 4.7 Medium |
| A vulnerability classified as critical was found in ContiNew Admin 3.2.0. Affected by this vulnerability is the function top.continew.starter.extension.crud.controller.BaseController#tree of the file /api/system/dept/tree?sort=parentId%2Casc&sort=sort%2Casc. The manipulation of the argument sort leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-41736 | 1 Sap | 1 Permit To Work | 2024-09-12 | 4.3 Medium |
| Under certain conditions SAP Permit to Work allows an authenticated attacker to access information which would otherwise be restricted causing low impact on the confidentiality of the application. | ||||
| CVE-2024-41737 | 1 Sap | 1 Crm Abap Insights Management | 2024-09-12 | 5 Medium |
| SAP CRM ABAP (Insights Management) allows an authenticated attacker to enumerate HTTP endpoints in the internal network by specially crafting HTTP requests. On successful exploitation this can result in information disclosure. It has no impact on integrity and availability of the application. | ||||
| CVE-2024-42376 | 1 Sap | 1 Shared Service Framework | 2024-09-12 | 6.5 Medium |
| SAP Shared Service Framework does not perform necessary authorization check for an authenticated user, resulting in escalation of privileges. On successful exploitation, an attacker can cause a high impact on confidentiality of the application. | ||||
| CVE-2024-42377 | 1 Sap | 1 Shared Service Framework | 2024-09-12 | 4.3 Medium |
| SAP shared service framework allows an authenticated non-administrative user to call a remote-enabled function, which will allow them to insert value entries into a non-sensitive table, causing low impact on integrity of the application | ||||
| CVE-2024-39591 | 1 Sap | 1 Document Builder | 2024-09-12 | 4.3 Medium |
| SAP Document Builder does not perform necessary authorization checks for one of the function modules resulting in escalation of privileges causing low impact on confidentiality of the application. | ||||
| CVE-2024-41734 | 1 Sap | 1 Netweaver Application Server Abap | 2024-09-12 | 4.3 Medium |
| Due to missing authorization check in SAP NetWeaver Application Server ABAP and ABAP Platform, an authenticated attacker could call an underlying transaction, which leads to disclosure of user related information. There is no impact on integrity or availability. | ||||
| CVE-2024-42373 | 1 Sap | 1 Student Life Cycle Management | 2024-09-12 | 4.3 Medium |
| SAP Student Life Cycle Management (SLcM) fails to conduct proper authorization checks for authenticated users, leading to the potential escalation of privileges. On successful exploitation it could allow an attacker to delete non-sensitive report variants that are typically restricted, causing minimal impact on the integrity of the application. | ||||
| CVE-2024-38688 | 2024-09-12 | N/A | ||
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | ||||
| CVE-2024-27729 | 1 Friendica | 1 Friendica | 2024-09-11 | 7.4 High |
| Cross Site Scripting vulnerability in Friendica v.2023.12 allows a remote attacker to obtain sensitive information via the location parameter of the calendar event feature. | ||||
| CVE-2024-37286 | 1 Elastic | 1 Apm Server | 2024-09-11 | 5.7 Medium |
| APM server logs contain document body from a partially failed bulk index request. For example, in case of unavailable_shards_exception for a specific document, since the ES response line contains the document body, and that APM server logs the ES response line on error, the document is effectively logged. | ||||
| CVE-2024-7500 | 2 Angeljudesuarez, Itsourcecode | 2 Airline Reservation System, Airline Reservation System | 2024-09-11 | 6.3 Medium |
| A vulnerability was found in itsourcecode Airline Reservation System 1.0. It has been rated as critical. Affected by this issue is the function save_settings of the file admin/admin_class.php. The manipulation of the argument img leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-273626 is the identifier assigned to this vulnerability. | ||||
| CVE-2024-7506 | 2 Angeljudesuarez, Itsourcecode | 2 Tailoring Management System, Tailoring Management System | 2024-09-11 | 6.3 Medium |
| A vulnerability has been found in itsourcecode Tailoring Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /setlogo.php. The manipulation of the argument bgimg leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-273649 was assigned to this vulnerability. | ||||
| CVE-2024-7505 | 2 Itsourcecode, Rainniar | 2 Bike Delivery System, Bike Delivery System | 2024-09-11 | 7.3 High |
| A vulnerability, which was classified as critical, was found in itsourcecode Bike Delivery System 1.0. Affected is an unknown function of the file contact_us_action.php. The manipulation of the argument name leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-273648. | ||||
| CVE-2024-7585 | 1 Tenda | 2 I22, I22 Firmware | 2024-09-11 | 8.8 High |
| A vulnerability has been found in Tenda i22 1.0.0.3(4687) and classified as critical. Affected by this vulnerability is the function formApPortalWebAuth of the file /goform/apPortalAuth. The manipulation of the argument webUserName/webUserPassword leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-7584 | 1 Tenda | 2 I22, I22 Firmware | 2024-09-11 | 8.8 High |
| A vulnerability, which was classified as critical, was found in Tenda i22 1.0.0.3(4687). Affected is the function formApPortalPhoneAuth of the file /goform/apPortalPhoneAuth. The manipulation of the argument data leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||