Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2025-01-10 CVE-2024-12473 The AI Scribe – SEO AI Writer, Content Generator, Humanizer, Blog Writer, SEO Optimizer, DALLE-3, AI WordPress Plugin ChatGPT (GPT-4o 128K) plugin for WordPress is vulnerable to SQL Injection via the 'template_id' parameter of the 'article_builder_generate_data' shortcode in all versions up to, and including, 2.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.
network
low complexity
CWE-89
6.5
6.5
2025-01-10 CVE-2024-12606 The AI Scribe – SEO AI Writer, Content Generator, Humanizer, Blog Writer, SEO Optimizer, DALLE-3, AI WordPress Plugin ChatGPT (GPT-4o 128K) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the engine_request_data() function in all versions up to, and including, 2.3.
network
low complexity
CWE-862
4.3
4.3
2025-01-09 CVE-2024-56376 Cross-site Scripting vulnerability in Vanderbilt Redcap 14.9.6
A stored cross-site scripting (XSS) vulnerability in the built-in messenger of REDCap 14.9.6 allows authenticated users to inject malicious scripts into the message field.
network
low complexity
vanderbilt CWE-79
5.4
5.4
2025-01-09 CVE-2024-56377 Cross-site Scripting vulnerability in Vanderbilt Redcap 14.9.6
A stored cross-site scripting (XSS) vulnerability in survey titles of REDCap 14.9.6 allows authenticated users to inject malicious scripts into the Survey Title field or Survey Instructions.
network
low complexity
vanderbilt CWE-79
5.4
5.4
2025-01-09 CVE-2025-21380 Unspecified vulnerability in Microsoft Azure Marketplace
Improper access control in Azure SaaS Resources allows an authorized attacker to disclose information over a network.
network
low complexity
microsoft
6.5
6.5
2025-01-09 CVE-2025-21385 Server-Side Request Forgery (SSRF) vulnerability in Microsoft Purview
A Server-Side Request Forgery (SSRF) vulnerability in Microsoft Purview allows an authorized attacker to disclose information over a network.
network
low complexity
microsoft CWE-918
6.5
6.5
2025-01-09 CVE-2025-21592 An Exposure of Sensitive Information to an Unauthorized Actor vulnerability in the command-line interface (CLI) of Juniper Networks Junos OS on SRX Series devices allows a local, low-privileged user with access to the Junos CLI to view the contents of sensitive files on the file system. Through the execution of either 'show services advanced-anti-malware' or 'show services security-intelligence' command, a user with limited permissions (e.g., a low privilege login class user) can access protected files that should not be accessible to the user.
local
low complexity
CWE-200
5.5
5.5
2025-01-09 CVE-2025-21593 An Improper Control of a Resource Through its Lifetime vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker to cause a Denial-of-Service (DoS). On devices with SRv6 (Segment Routing over IPv6) enabled, an attacker can send a malformed BGP UPDATE packet which will cause the rpd to crash and restart.
low complexity
CWE-664
6.5
6.5
2025-01-09 CVE-2025-21596 An Improper Handling of Exceptional Conditions vulnerability in the command-line processing of Juniper Networks Junos OS on SRX1500, SRX4100, and SRX4200 devices allows a local, low-privileged authenticated attacker executing the 'show chassis environment pem' command to cause the chassis daemon (chassisd) to crash and restart, resulting in a temporary Denial of Service (DoS).
local
low complexity
CWE-755
5.5
5.5
2025-01-09 CVE-2025-21602 An Improper Handling of Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated adjacent attacker sending a specific BGP update packet to cause rpd to crash and restart, resulting in a Denial of Service (DoS).
low complexity
CWE-755
6.5
6.5