Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-03 | CVE-2024-7356 | The Zephyr Project Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘filename’ parameter in all versions up to, and including, 3.3.100 due to insufficient input sanitization and output escaping. network low complexity | 6.4 |
| 2024-08-02 | CVE-2024-3056 | Resource Exhaustion vulnerability in multiple products A flaw was found in Podman. | 4.8 |
| 2024-08-02 | CVE-2024-7319 | An incomplete fix for CVE-2023-1625 was found in openstack-heat. | 5.0 |
| 2024-08-02 | CVE-2024-42349 | Information Exposure Through Log Files vulnerability in Fogproject FOG is a cloning/imaging/rescue suite/inventory management system. | 5.3 |
| 2024-08-02 | CVE-2024-33893 | Cross-site Scripting vulnerability in Hms-Networks Ewon Cosy+ Firmware Cosy+ devices running a firmware 21.x below 21.2s10 or a firmware 22.x below 22.1s3 are vulnerable to XSS when displaying the logs due to improper input sanitization. | 6.1 |
| 2024-08-02 | CVE-2024-33895 | Use of Hard-coded Credentials vulnerability in Hms-Networks Ewon Cosy+ Firmware Cosy+ devices running a firmware 21.x below 21.2s10 or a firmware 22.x below 22.1s3 use a unique key to encrypt the configuration parameters. | 6.6 |
| 2024-08-02 | CVE-2024-41517 | Unspecified vulnerability in Mecodia Feripro An Incorrect Access Control vulnerability in "/admin/benutzer/institution/rechteverwaltung/uebersicht" in Feripro <= v2.2.3 allows remote attackers to get a list of all users and their corresponding privileges. | 5.3 |
| 2024-08-02 | CVE-2024-41519 | Cross-site Scripting vulnerability in Mecodia Feripro Feripro <= v2.2.3 is vulnerable to Cross Site Scripting (XSS) via "/admin/programm/<program_id>/zuordnung/veranstaltungen/<event_id>" through the "school" input field. | 5.4 |
| 2024-08-02 | CVE-2024-38878 | Path Traversal vulnerability in Siemens Omnivise T3000 Application Server R9.2 A vulnerability has been identified in Omnivise T3000 Application Server R9.2 (All versions), Omnivise T3000 R8.2 SP3 (All versions), Omnivise T3000 R8.2 SP4 (All versions). | 6.5 |
| 2024-08-02 | CVE-2024-40722 | Out-of-bounds Write vulnerability in Changingtec TCB Servisign The specific API in TCBServiSign Windows Version from CHANGING Information Technology does does not properly validate the length of server-side input. | 4.3 |