Vulnerabilities > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-14 | CVE-2024-45737 | Cross-Site Request Forgery (CSRF) vulnerability in Splunk and Splunk Cloud Platform In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403.108, and 9.1.2312.204, a low-privileged user that does not hold the "admin" or "power" Splunk roles could change the maintenance mode state of App Key Value Store (KVStore) through a Cross-Site Request Forgery (CSRF). | 3.5 |
| 2024-10-10 | CVE-2024-47869 | Information Exposure Through Discrepancy vulnerability in Gradio Project Gradio Gradio is an open-source Python package designed for quick prototyping. | 3.7 |
| 2024-10-10 | CVE-2024-45120 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Adobe Commerce and Magento Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability that could lead to a security feature bypass. | 3.1 |
| 2024-10-10 | CVE-2024-45133 | Unspecified vulnerability in Adobe Commerce and Magento Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Information Exposure vulnerability that could result in a security feature bypass. | 2.7 |
| 2024-10-10 | CVE-2024-45134 | Unspecified vulnerability in Adobe Commerce and Magento Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Information Exposure vulnerability that could result in a security feature bypass. | 2.7 |
| 2024-10-10 | CVE-2024-45135 | Unspecified vulnerability in Adobe Commerce and Magento Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. | 2.7 |
| 2024-10-09 | CVE-2024-7038 | Information Exposure Through an Error Message vulnerability in Openwebui Open Webui An information disclosure vulnerability exists in open-webui version 0.3.8. | 2.7 |
| 2024-10-08 | CVE-2024-45476 | NULL Pointer Dereference vulnerability in Siemens Tecnomatix Plant Simulation A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). | 3.3 |
| 2024-10-08 | CVE-2024-9026 | Unspecified vulnerability in PHP-Fpm In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, when using PHP-FPM SAPI and it is configured to catch workers output through catch_workers_output = yes, it may be possible to pollute the final log or remove up to 4 characters from the log messages by manipulating log message content. | 3.3 |
| 2024-09-26 | CVE-2024-47123 | Insufficient Verification of Data Authenticity vulnerability in Gotenna PRO The goTenna Pro App uses AES CTR type encryption for short, encrypted messages without any additional integrity checking mechanisms. | 3.1 |