Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-08-01 CVE-2024-41948 Unspecified vulnerability in Biscuitsec Biscuit-Java
biscuit-java is the java implementation of Biscuit, an authentication and authorization token for microservices architectures.
network
low complexity
biscuitsec
5.0
5.0
2024-08-01 CVE-2024-41949 Unspecified vulnerability in Biscuitsec Biscuit-Auth
biscuit-rust is the Rust implementation of Biscuit, an authentication and authorization token for microservices architectures.
network
low complexity
biscuitsec
6.4
6.4
2024-08-01 CVE-2024-41957 Double Free vulnerability in VIM
Vim is an open source command line text editor.
local
low complexity
vim CWE-415
5.3
5.3
2024-08-01 CVE-2024-41965 Double Free vulnerability in VIM
Vim is an open source command line text editor.
local
high complexity
vim CWE-415
4.2
4.2
2024-08-01 CVE-2024-7368 Cross-site Scripting vulnerability in Oretnom23 Simple Realtime Quiz System 1.0
A vulnerability has been found in SourceCodester Simple Realtime Quiz System 1.0 and classified as problematic.
network
low complexity
oretnom23 CWE-79
5.4
5.4
2024-08-01 CVE-2024-41962 Unspecified vulnerability in Yonle Bostr
Bostr is an nostr relay aggregator proxy that acts like a regular nostr relay.
network
low complexity
yonle
6.3
6.3
2024-08-01 CVE-2024-7211 Open Redirect vulnerability in 1E Platform
The 1E Platform's component utilized the third-party Duende Identity Server, which suffered from an open redirect vulnerability, permitting an attacker to control the redirection path of end users. Note: 1E Platform's component utilizing the third-party Duende Identity Server has been updated with the patch that includes the fix.
network
low complexity
1e CWE-601
6.1
6.1
2024-08-01 CVE-2024-7359 Cross-site Scripting vulnerability in Oretnom23 Tracking Monitoring Management System 1.0
A vulnerability was found in SourceCodester Tracking Monitoring Management System 1.0.
network
low complexity
oretnom23 CWE-79
6.1
6.1
2024-08-01 CVE-2024-29977 Unspecified vulnerability in Mattermost
Mattermost versions 9.9.x <= 9.9.0, 9.5.x <= 9.5.6 fail to properly validate synced reactions, when shared channels are enabled, which allows a malicious remote to create arbitrary reactions on arbitrary posts
network
low complexity
mattermost
4.3
4.3
2024-08-01 CVE-2024-36492 Unspecified vulnerability in Mattermost
Mattermost versions 9.9.x <= 9.9.0, 9.5.x <= 9.5.6, 9.7.x <= 9.7.5, 9.8.x <= 9.8.1 fail to disallow the modification of local users when syncing users in shared channels.
network
low complexity
mattermost
6.4
6.4