Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-07-16 | CVE-2024-6570 | The Glossary plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.2.26. network low complexity | 5.3 |
| 2024-07-16 | CVE-2024-4780 | The Image Hover Effects – Elementor Addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘eihe_link’ parameter in all versions up to, and including, 1.4.3 due to insufficient input sanitization and output escaping. network low complexity | 6.4 |
| 2024-07-16 | CVE-2024-6557 | The SchedulePress – Auto Post & Publish, Auto Social Share, Schedule Posts with Editorial Calendar & Missed Schedule Post Publisher plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 5.1.3. network low complexity | 5.3 |
| 2024-07-15 | CVE-2024-38493 | Cross-site Scripting vulnerability in Broadcom Symantec Privileged Access Management 4.1.0.0/4.1.0.10 A reflected cross-site scripting (XSS) vulnerability exists in the PAM UI web interface. | 6.1 |
| 2024-07-15 | CVE-2024-32945 | Missing Initialization of Resource vulnerability in Mattermost Mobile 1.26.0/1.29.0/1.30.0 Mattermost Mobile Apps versions <=2.16.0 fail to protect against abuse of a globally shared MathJax state which allows an attacker to change the contents of a LateX post, by creating another post with specific macro definitions. | 5.3 |
| 2024-07-15 | CVE-2024-39767 | Improper Authentication vulnerability in Mattermost Mobile 1.26.0/1.29.0/1.30.0 Mattermost Mobile Apps versions <=2.16.0 fail to validate that the push notifications received for a server actually came from this serve that which allows a malicious server to send push notifications with another server’s diagnostic ID or server URL and have them show up in mobile apps as that server’s push notifications. | 6.5 |
| 2024-07-15 | CVE-2024-6398 | Unspecified vulnerability in Skyhighsecurity Secure web Gateway An information disclosure vulnerability in SWG in versions 12.x prior to 12.2.10 and 11.x prior to 11.2.24 allows information stored in a customizable block page to be disclosed to third-party websites due to Same Origin Policy Bypass of browsers in certain scenarios. | 5.3 |
| 2024-07-15 | CVE-2024-6741 | Unspecified vulnerability in Openfind Mail2000 7.0/8.0 Openfind's Mail2000 has a vulnerability that allows the HttpOnly flag to be bypassed. | 5.3 |
| 2024-07-15 | CVE-2023-41916 | Files or Directories Accessible to External Parties vulnerability in Apache Linkis 1.4.0/1.5.0 In Apache Linkis =1.4.0, due to the lack of effective filtering of parameters, an attacker configuring malicious Mysql JDBC parameters in the DataSource Manager Module will trigger arbitrary file reading. | 6.5 |
| 2024-07-15 | CVE-2024-6540 | Unspecified vulnerability in Otrs Improper filtering of fields when using the export function in the ticket overview of the external interface in OTRS could allow an authorized user to download a list of tickets containing information about tickets of other customers. | 5.3 |