Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-11 | CVE-2024-0627 | The Custom Field Template plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's custom field name column in all versions up to, and including, 2.6.1 due to insufficient input sanitization and output escaping on user supplied custom fields. network low complexity | 6.4 |
| 2024-06-11 | CVE-2024-0653 | The Custom Field Template plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.6.1 due to insufficient input sanitization and output escaping. network high complexity | 4.4 |
| 2024-06-11 | CVE-2024-28164 | Unspecified vulnerability in SAP Netweaver Application Server Java Gpcore7.5 SAP NetWeaver AS Java (CAF - Guided Procedures) allows an unauthenticated user to access non-sensitive information about the server which would otherwise be restricted causing low impact on confidentiality of the application. | 5.3 |
| 2024-06-11 | CVE-2024-2473 | Unspecified vulnerability in Wpserveur WPS Hide Login The WPS Hide Login plugin for WordPress is vulnerable to Login Page Disclosure in all versions up to, and including, 1.9.15.2. | 5.3 |
| 2024-06-11 | CVE-2024-33001 | Unspecified vulnerability in SAP Netweaver Application Server Abap 20081710/740/Stpi20081700 SAP NetWeaver and ABAP platform allows an attacker to impede performance for legitimate users by crashing or flooding the service. An impact of this Denial of Service vulnerability might be long response delays and service interruptions, thus degrading the service quality experienced by legitimate users causing high impact on availability of the application. | 6.5 |
| 2024-06-11 | CVE-2024-34683 | Unrestricted Upload of File with Dangerous Type vulnerability in SAP Document Builder An authenticated attacker can upload malicious file to SAP Document Builder service. | 6.5 |
| 2024-06-11 | CVE-2024-34684 | Unspecified vulnerability in SAP Businessobjects Business Intelligence Platform 420/430/440 On Unix, SAP BusinessObjects Business Intelligence Platform (Scheduling) allows an authenticated attacker with administrator access on the local server to access the password of a local account. | 6.0 |
| 2024-06-11 | CVE-2024-34686 | Cross-site Scripting vulnerability in SAP Customer Relationship Management Webclient UI Due to insufficient input validation, SAP CRM WebClient UI allows an unauthenticated attacker to craft a URL link which embeds a malicious script. | 6.1 |
| 2024-06-11 | CVE-2024-34690 | Missing Authorization vulnerability in SAP Student Life Cycle Management SAP Student Life Cycle Management (SLcM) fails to conduct proper authorization checks for authenticated users, leading to the potential escalation of privileges. | 5.4 |
| 2024-06-11 | CVE-2024-34691 | Missing Authorization vulnerability in SAP S/4 Hana Manage Incoming Payment Files (F1680) of SAP S/4HANA does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. | 6.5 |