Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-07-26 | CVE-2024-40897 | Out-of-bounds Write vulnerability in Gstreamer ORC Stack-based buffer overflow vulnerability exists in orcparse.c of ORC versions prior to 0.4.39. | 6.7 |
| 2024-07-26 | CVE-2023-49921 | Information Exposure Through Log Files vulnerability in Elastic Elasticsearch An issue was discovered by Elastic whereby Watcher search input logged the search query results on DEBUG log level. | 6.5 |
| 2024-07-25 | CVE-2024-38103 | Unspecified vulnerability in Microsoft Edge Microsoft Edge (Chromium-based) Information Disclosure Vulnerability | 5.9 |
| 2024-07-25 | CVE-2024-3938 | Cross-site Scripting vulnerability in Dotcms The "reset password" login page accepted an HTML injection via URL parameters. This has already been rectified via patch, and as such it cannot be demonstrated via Demo site link. | 6.1 |
| 2024-07-25 | CVE-2024-41809 | Cross-site Scripting vulnerability in Openobserve OpenObserve is an open-source observability platform. | 6.1 |
| 2024-07-25 | CVE-2024-29068 | Unspecified vulnerability in Canonical Snapd In snapd versions prior to 2.62, snapd failed to properly check the file type when extracting a snap. | 6.6 |
| 2024-07-25 | CVE-2024-40324 | Injection vulnerability in Datex-Soft E-Staff 5.1 A CRLF injection vulnerability in E-Staff v5.1 allows attackers to insert Carriage Return (CR) and Line Feed (LF) characters into input fields, leading to HTTP response splitting and header manipulation. | 5.4 |
| 2024-07-25 | CVE-2024-41808 | Cross-site Scripting vulnerability in Openobserve The OpenObserve open-source observability platform provides the ability to filter logs in a dashboard by the values uploaded in a given log. | 5.4 |
| 2024-07-25 | CVE-2024-6558 | Cross-site Scripting vulnerability in Hms-Networks products HMS Industrial Networks Anybus-CompactCom 30 products are vulnerable to a XSS attack caused by the lack of input sanitation checks. | 6.1 |
| 2024-07-25 | CVE-2024-28772 | Cross-site Scripting vulnerability in IBM products IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 is vulnerable to stored cross-site scripting. | 5.4 |