Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-07-09 | CVE-2024-34692 | Unrestricted Upload of File with Dangerous Type vulnerability in SAP Enable NOW Due to missing verification of file type or content, SAP Enable Now allows an authenticated attacker to upload arbitrary files. | 4.6 |
| 2024-07-09 | CVE-2024-37171 | Server-Side Request Forgery (SSRF) vulnerability in SAP Saptmui and Transportation Management SAP Transportation Management (Collaboration Portal) allows an attacker with non-administrative privileges to send a crafted request from a vulnerable web application. | 5.0 |
| 2024-07-09 | CVE-2024-37172 | Missing Authorization vulnerability in SAP S4Core 107/108 SAP S/4HANA Finance (Advanced Payment Management) does not perform necessary authorization check for an authenticated user, resulting in escalation of privileges. | 5.4 |
| 2024-07-09 | CVE-2024-37175 | Missing Authorization vulnerability in SAP products SAP CRM WebClient does not perform necessary authorization check for an authenticated user, resulting in escalation of privileges. | 6.5 |
| 2024-07-09 | CVE-2024-4667 | Cross-site Scripting vulnerability in Plugin-Devs Blog, Posts and Category Filter for Elementor The Blog, Posts and Category Filter for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Post and Category Filter widget in all versions up to, and including, 1.0.3 due to insufficient input sanitization and output escaping on user supplied 'post_types' attribute. | 5.4 |
| 2024-07-09 | CVE-2024-6169 | Cross-site Scripting vulnerability in Unlimited-Elements Unlimited Elements for Elementor (Free Widgets, Addons, Templates) The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘username’ parameter in all versions up to, and including, 1.5.112 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-07-09 | CVE-2024-6170 | Cross-site Scripting vulnerability in Unlimited-Elements Unlimited Elements for Elementor (Free Widgets, Addons, Templates) The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘email’ parameter in all versions up to, and including, 1.5.112 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-07-09 | CVE-2024-6171 | Unspecified vulnerability in Unlimited-Elements Unlimited Elements for Elementor (Free Widgets, Addons, Templates) The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to IP Address Spoofing in all versions up to, and including, 1.5.112 due to insufficient IP address validation and/or use of user-supplied HTTP headers as a primary method for IP retrieval. | 5.3 |
| 2024-07-09 | CVE-2024-34685 | Cross-site Scripting vulnerability in SAP Netweaver Knowledge Management and Collaboration (Kmc-Cm) 7.50 Due to weak encoding of user-controlled input in SAP NetWeaver Knowledge Management XMLEditor which allows malicious scripts can be executed in the application, potentially leading to a Cross-Site Scripting (XSS) vulnerability. | 6.1 |
| 2024-07-09 | CVE-2024-37173 | Cross-site Scripting vulnerability in SAP products Due to insufficient input validation, SAP CRM WebClient UI allows an unauthenticated attacker to craft a URL link which embeds a malicious script. | 6.1 |