Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-23 | CVE-2024-42766 | Unspecified vulnerability in Kjayvik BUS Ticket Reservation System 1.0 Kashipara Bus Ticket Reservation System v1.0 0 is vulnerable to Incorrect Access Control via /deleteTicket.php. | 5.4 |
| 2024-08-23 | CVE-2024-8112 | Cross-site Scripting vulnerability in Jeesite 5.3 A vulnerability was found in thinkgem JeeSite 5.3. | 6.1 |
| 2024-08-23 | CVE-2024-8113 | Cross-site Scripting vulnerability in Pretix Stored XSS in organizer and event settings of pretix up to 2024.7.0 allows malicious event organizers to inject HTML tags into e-mail previews on settings page. | 5.4 |
| 2024-08-23 | CVE-2024-5502 | Cross-site Scripting vulnerability in Piotnet Addons The Piotnet Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Accordion, Dual Heading, and Vertical Timeline widgets in all versions up to, and including, 2.4.30 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-08-22 | CVE-2024-38208 | Cross-site Scripting vulnerability in Microsoft Edge Microsoft Edge for Android Spoofing Vulnerability | 6.1 |
| 2024-08-22 | CVE-2024-8084 | Cross-site Scripting vulnerability in Oretnom23 Online Computer and Laptop Store 1.0 A vulnerability, which was classified as problematic, was found in SourceCodester Online Computer and Laptop Store 1.0. | 4.8 |
| 2024-08-22 | CVE-2024-6502 | Unspecified vulnerability in Gitlab An issue was discovered in GitLab CE/EE affecting all versions starting from 8.2 prior to 17.1.6 starting from 17.2 prior to 17.2.4, and starting from 17.3 prior to 17.3.1, which allows an attacker to create a branch with the same name as a deleted tag. | 6.5 |
| 2024-08-22 | CVE-2024-7110 | Command Injection vulnerability in Gitlab An issue was discovered in GitLab EE affecting all versions starting 17.0 to 17.1.6, 17.2 prior to 17.2.4, and 17.3 prior to 17.3.1 allows an attacker to execute arbitrary command in a victim's pipeline through prompt injection. | 6.4 |
| 2024-08-22 | CVE-2024-8041 | Unspecified vulnerability in Gitlab A Denial of Service (DoS) issue has been discovered in GitLab CE/EE affecting all versions prior to 17.1.6, 17.2 prior to 17.2.4, and 17.3 prior to 17.3.1. | 6.5 |
| 2024-08-22 | CVE-2024-35151 | Missing Authentication for Critical Function vulnerability in IBM Openpages GRC Platform and Openpages With Watson IBM OpenPages with Watson 8.3 and 9.0 could allow authenticated users access to sensitive information through improper authorization controls on APIs. | 6.5 |