Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-07-24 | CVE-2024-6755 | Missing Authorization vulnerability in Wpwebinfotech Social Auto Poster The Social Auto Poster plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the ‘wpw_auto_poster_quick_delete_multiple’ function in all versions up to, and including, 5.3.14. | 5.3 |
| 2024-07-23 | CVE-2024-34128 | Cross-site Scripting vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. | 5.4 |
| 2024-07-23 | CVE-2024-41836 | InDesign Desktop versions ID18.5.2, ID19.3 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to an application denial-of-service (DoS). | 5.5 |
| 2024-07-23 | CVE-2024-41012 | Use After Free vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: filelock: Remove locks reliably when fcntl/close race is detected When fcntl_setlk() races with close(), it removes the created lock with do_lock_file_wait(). However, LSMs can allow the first do_lock_file_wait() that created the lock while denying the second do_lock_file_wait() that tries to remove the lock. Separately, posix_lock_file() could also fail to remove a lock due to GFP_KERNEL allocation failure (when splitting a range in the middle). After the bug has been triggered, use-after-free reads will occur in lock_get_status() when userspace reads /proc/locks. | 6.3 |
| 2024-07-22 | CVE-2024-24507 | Cross-site Scripting vulnerability in Act-On 2023 Cross Site Scripting vulnerability in Act-On 2023 allows a remote attacker to execute arbitrary code via the newUser parameter in the login.jsp component. | 6.1 |
| 2024-07-22 | CVE-2024-6122 | Incorrect Default Permissions vulnerability in NI Flexlogger and Systemlink An incorrect permission in the installation directory for the shared NI SystemLink Server KeyValueDatabase service may result in information disclosure via local access. | 5.5 |
| 2024-07-22 | CVE-2024-39688 | Path Traversal vulnerability in Fish.Audio Bert-Vits2 Bert-VITS2 is the VITS2 Backbone with multilingual bert. | 6.5 |
| 2024-07-22 | CVE-2024-29073 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Ankiweb Anki 24.04 An vulnerability in the handling of Latex exists in Ankitects Anki 24.04. | 6.5 |
| 2024-07-22 | CVE-2024-32152 | Unspecified vulnerability in Ankitects Anki 24.04 A blocklist bypass vulnerability exists in the LaTeX functionality of Ankitects Anki 24.04. | 4.3 |
| 2024-07-22 | CVE-2024-41824 | Information Exposure Through Log Files vulnerability in Jetbrains Teamcity In JetBrains TeamCity before 2024.07 parameters of the "password" type could leak into the build log in some specific cases | 6.5 |