Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-07-25 CVE-2024-38103 Microsoft Edge (Chromium-based) Information Disclosure Vulnerability
network
high complexity
CWE-359
5.9
5.9
2024-07-24 CVE-2024-22444 A vulnerability within the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface.
network
low complexity
CWE-79
6.1
6.1
2024-07-24 CVE-2024-40575 Unspecified vulnerability in Huawei Opengauss 7.3.0
An issue in Huawei Technologies opengauss (openGauss 5.0.0 build) v.7.3.0 allows a local attacker to cause a denial of service via the modification of table attributes
local
low complexity
huawei
5.5
5.5
2024-07-24 CVE-2024-7079 Missing Authentication for Critical Function vulnerability in Redhat Openshift Container Platform 3.11/4.0
A flaw was found in the Openshift console.
network
low complexity
redhat CWE-306
6.5
6.5
2024-07-24 CVE-2024-7068 Cross-site Scripting vulnerability in Insurance Management System Project Insurance Management System 1.0
A vulnerability classified as problematic has been found in SourceCodester Insurance Management System 1.0. 		4.6
4.6
2024-07-24 CVE-2024-3896 The Photo Gallery, Images, Slider in Rbs Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the the Gallery title field in all versions up to, and including, 3.2.19 due to insufficient input sanitization and output escaping.
network
low complexity
 6.4
6.4
2024-07-24 CVE-2024-5818 The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored DOM-based Cross-Site Scripting via the plugin's Magazine Grid/Slider widget in all versions up to, and including, 1.3.980 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
 6.4
6.4
2024-07-24 CVE-2024-6896 The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.96.1 due to insufficient input sanitization and output escaping.
network
low complexity
 6.4
6.4
2024-07-24 CVE-2024-6930 The WP Booking Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'type' attribute within the plugin's bookingform shortcode in all versions up to, and including, 10.2.1 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
 6.4
6.4
2024-07-24 CVE-2024-6553 The WP Meteor Website Speed Optimization Addon plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.4.3.This is due to the plugin utilizing wpdesk and leaving test files with display_errors on.
network
low complexity
 5.3
5.3