Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-07-31 | CVE-2024-39947 | Unspecified vulnerability in Dahuasecurity products A vulnerability has been found in Dahua products.After obtaining the ordinary user's username and password, the attacker can send a carefully crafted data packet to the interface with vulnerabilities, causing the device to crash. | 6.5 |
| 2024-07-31 | CVE-2024-7285 | Cross-site Scripting vulnerability in Oretnom23 Establishment Billing Management System 1.0 A vulnerability has been found in SourceCodester Establishment Billing Management System 1.0 and classified as problematic. | 5.4 |
| 2024-07-31 | CVE-2024-7284 | Cross-site Scripting vulnerability in Oretnom23 LOT Reservation Management System 1.0 A vulnerability, which was classified as problematic, was found in SourceCodester Lot Reservation Management System 1.0. | 5.4 |
| 2024-07-30 | CVE-2024-5901 | The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Grid widget in all versions up to, and including, 1.62.2 due to insufficient input sanitization and output escaping on user supplied attributes. network low complexity | 6.4 |
| 2024-07-30 | CVE-2024-41437 | Out-of-bounds Write vulnerability in Dbohdan Hicolor 0.5.0 A heap buffer overflow in the function cp_unfilter() (/vendor/cute_png.h) of hicolor v0.5.0 allows attackers to cause a Denial of Service (DoS) via a crafted PNG file. | 5.5 |
| 2024-07-30 | CVE-2024-41439 | Out-of-bounds Write vulnerability in Dbohdan Hicolor 0.5.0 A heap buffer overflow in the function cp_block() (/vendor/cute_png.h) of hicolor v0.5.0 allows attackers to cause a Denial of Service (DoS) via a crafted PNG file. | 5.5 |
| 2024-07-30 | CVE-2024-41443 | Out-of-bounds Write vulnerability in Dbohdan Hicolor 0.5.0 A stack overflow in the function cp_dynamic() (/vendor/cute_png.h) of hicolor v0.5.0 allows attackers to cause a Denial of Service (DoS) via a crafted PNG file. | 5.5 |
| 2024-07-30 | CVE-2024-5250 | Information Exposure Through an Error Message vulnerability in Perforce Akana API In versions of Akana API Platform prior to 2024.1.0 overly verbose errors can be found in SAML integrations | 5.3 |
| 2024-07-30 | CVE-2024-41305 | Server-Side Request Forgery (SSRF) vulnerability in Wondercms 3.4.3 A Server-Side Request Forgery (SSRF) in the Plugins Page of WonderCMS v3.4.3 allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the pluginThemeUrl parameter. | 4.7 |
| 2024-07-30 | CVE-2023-26288 | Insufficient Session Expiration vulnerability in IBM Aspera Orchestrator 4.0.1 IBM Aspera Orchestrator 4.0.1 does not invalidate session after a password change which could allow an authenticated user to impersonate another user on the system. | 5.5 |