Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-12-06 | CVE-2024-11220 | Incorrect Permission Assignment for Critical Resource vulnerability in Openautomationsoftware Open Automation Software A local low-level user on the server machine with credentials to the running OAS services can create and execute a report with an rdlx file on the server system itself. | 7.8 |
| 2024-12-06 | CVE-2024-42494 | Privacy Violation vulnerability in Ruijienetworks Reyee OS Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x contains a a feature that could enable sub accounts or attackers to view and exfiltrate sensitive information from all cloud accounts registered to Ruijie's services | 7.5 |
| 2024-12-06 | CVE-2024-47043 | Unspecified vulnerability in Ruijienetworks Reyee OS Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could enable an attacker to correlate a device serial number and the user's phone number and part of the email address. | 5.3 |
| 2024-12-06 | CVE-2024-47547 | Unspecified vulnerability in Ruijienetworks Reyee OS Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x contains a weak mechanism for its users to change their passwords which leaves authentication vulnerable to brute force attacks. | 9.8 |
| 2024-12-06 | CVE-2024-48703 | Cross-site Scripting vulnerability in Anujk305 Medical Card Generation System 1.0 PhpGurukul Medical Card Generation System v1.0 is vulnerable to Cross Site Scripting (XSS) in /admin/search-medicalcard.php via the searchdata parameter. | 4.8 |
| 2024-12-06 | CVE-2024-51727 | Premature Release of Resource During Expected Lifetime vulnerability in Ruijienetworks Reyee OS Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x contains a feature that could enable attackers to invalidate a legitimate user's session and cause a denial-of-service attack on a user's account. | 7.5 |
| 2024-12-06 | CVE-2024-55268 | Cross-site Scripting vulnerability in PHPgurukul Covid 19 Testing Management System 1.0 A Reflected Cross Site Scripting (XSS) vulnerability was found in /covidtms/registered-user-testing.php in PHPGurukul COVID 19 Testing Management System 1.0 which allows remote attackers to execute arbitrary code via the regmobilenumber parameter. | 6.1 |
| 2024-12-06 | CVE-2024-11738 | A flaw was found in Rustls 0.23.13 and related APIs. | 5.3 |
| 2024-12-06 | CVE-2024-11321 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Hi e-learning Learning Management System (LMS) allows Reflected XSS.This issue affects Learning Management System (LMS): before 06.12.2024. | 5.4 |
| 2024-12-06 | CVE-2024-4633 | The Slider and Carousel slider by Depicter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘addExtraMimeType’ function in versions up to, and including, 3.2.1 due to insufficient input sanitization and output escaping. | 6.4 |