Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-07-09 | CVE-2024-37174 | Cross-site Scripting vulnerability in SAP products Custom CSS support option in SAP CRM WebClient UI does not sufficiently encode user-controlled inputs resulting in Cross-Site Scripting vulnerability. | 6.1 |
| 2024-07-09 | CVE-2024-39592 | Missing Authorization vulnerability in SAP S4Core and S4Coreop Elements of PDCE does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This allows an attacker to read sensitive information causing high impact on the confidentiality of the application. | 6.5 |
| 2024-07-09 | CVE-2024-39593 | Unspecified vulnerability in SAP Landscape Management 3.0 SAP Landscape Management allows an authenticated user to read confidential data disclosed by the REST Provider Definition response. | 5.7 |
| 2024-07-09 | CVE-2024-5855 | The Media Hygiene: Remove or Delete Unused Images and More! plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the bulk_action_delete and delete_single_image_call AJAX actions in all versions up to, and including, 3.0.1. network low complexity | 4.3 |
| 2024-07-08 | CVE-2024-39203 | Cross-site Scripting vulnerability in Zblogcn Z-Blogphp A cross-site scripting (XSS) vulnerability in the Backend Theme Management module of Z-BlogPHP v1.7.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | 6.1 |
| 2024-07-08 | CVE-2024-39695 | Out-of-bounds Read vulnerability in Exiv2 0.28.0/0.28.1/0.28.2 Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. | 6.5 |
| 2024-07-08 | CVE-2024-39699 | Server-Side Request Forgery (SSRF) vulnerability in Monospace Directus Directus is a real-time API and App dashboard for managing SQL database content. | 5.0 |
| 2024-07-08 | CVE-2024-6563 | Classic Buffer Overflow vulnerability in Renesas Arm-Trusted-Firmware Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in Renesas arm-trusted-firmware allows Local Execution of Code. | 6.7 |
| 2024-07-08 | CVE-2024-6564 | Classic Buffer Overflow vulnerability in Renesas Arm-Trusted-Firmware Buffer overflow in "rcar_dev_init" due to using due to using untrusted data (rcar_image_number) as a loop counter before verifying it against RCAR_MAX_BL3X_IMAGE. | 6.7 |
| 2024-07-08 | CVE-2024-39308 | Cross-site Scripting vulnerability in Rails Admin Project Rails Admin RailsAdmin is a Rails engine that provides an interface for managing data. | 5.4 |