Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-07-19 | CVE-2024-41599 | Cross-site Scripting vulnerability in Ruoyi Cross Site Scripting vulnerability in RuoYi v.4.7.9 and before allows a remote attacker to execute arbitrary code via the file upload method | 6.1 |
| 2024-07-19 | CVE-2024-5977 | Authorization Bypass Through User-Controlled Key vulnerability in Givewp The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.13.0 via the 'handleRequest' function due to missing validation on a user controlled key. | 5.4 |
| 2024-07-19 | CVE-2024-6916 | Insecure Storage of Sensitive Information vulnerability in Zowe CLI A vulnerability in Zowe CLI allows local, privileged actors to display securely stored properties in cleartext within a terminal using the '--show-inputs-only' flag. | 5.5 |
| 2024-07-19 | CVE-2024-6907 | Cross-site Scripting vulnerability in Jkev Record Management System 1.0 A vulnerability was found in SourceCodester Record Management System 1.0. | 5.4 |
| 2024-07-19 | CVE-2024-39457 | Cross-site Scripting vulnerability in Cybozu Garoon 6.0.0/6.0.1 Cybozu Garoon 6.0.0 to 6.0.1 contains a cross-site scripting vulnerability in PDF preview. | 5.4 |
| 2024-07-19 | CVE-2024-6799 | Missing Authorization vulnerability in Yithemes Yith Essential KIT for Woocommerce The YITH Essential Kit for WooCommerce #1 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'activate_module', 'deactivate_module', and 'install_module' functions in all versions up to, and including, 2.34.0. | 4.3 |
| 2024-07-19 | CVE-2024-38156 | Unspecified vulnerability in Microsoft Edge Microsoft Edge (Chromium-based) Spoofing Vulnerability | 6.1 |
| 2024-07-18 | CVE-2024-5997 | The Duplica – Duplicate Posts, Pages, Custom Posts or Users plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the duplicate_user and duplicate_post functions in all versions up to, and including, 0.6. network low complexity | 4.3 |
| 2024-07-18 | CVE-2024-6455 | The ElementsKit Elementor addons plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.2.0 due to a missing capability checks on ekit_widgetarea_content function. network low complexity | 5.3 |
| 2024-07-18 | CVE-2023-40159 | Unspecified vulnerability in Philips VUE Pacs 12.2.8.0 A validated user not explicitly authorized to have access to certain sensitive information could access Philips Vue PACS on the same network to expose that information. | 6.5 |