Vulnerabilities > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-07-09 | CVE-2024-39901 | Authorization Bypass Through User-Controlled Key vulnerability in Opensearch Observability OpenSearch Observability is collection of plugins and applications that visualize data-driven events. | 5.4 |
2024-07-09 | CVE-2024-37865 | Improper Certificate Validation vulnerability in S3Browser S3 Browser An issue in S3Browser v.11.4.5 and v.10.9.9 and fixed in v.11.5.7 allows a remote attacker to obtain sensitive information via the S3 compatible storage component. | 5.9 |
2024-07-09 | CVE-2024-34140 | Out-of-bounds Read vulnerability in Adobe Bridge Bridge versions 14.0.4, 13.0.7, 14.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. | 5.5 |
2024-07-09 | CVE-2024-37830 | Open Redirect vulnerability in Getoutline Outline An issue in Outline <= v0.76.1 allows attackers to redirect a victim user to a malicious site via intercepting and changing the state cookie. | 6.1 |
2024-07-09 | CVE-2024-27183 | Cross-site Scripting vulnerability in Dj-Extensions Dj-Helpfularticles XSS vulnerability in DJ-HelpfulArticles component for Joomla. | 6.1 |
2024-07-09 | CVE-2024-38970 | Unspecified vulnerability in Vaethink 1.0.2 vaeThink 1.0.2 is vulnerable to Information Disclosure via the system backend,access management administrator function. | 4.9 |
2024-07-09 | CVE-2024-38971 | Cross-site Scripting vulnerability in Vaethink 1.0.2 vaeThink 1.0.2 is vulnerable to stored Cross Site Scripting (XSS) in the system backend. | 5.4 |
2024-07-09 | CVE-2024-38972 | Cross-site Scripting vulnerability in Netbox 4.0.3 A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/power-ports/add/. | 6.1 |
2024-07-09 | CVE-2024-40726 | Cross-site Scripting vulnerability in Netbox 4.0.3 A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/power-ports/{id}/edit/. | 6.1 |
2024-07-09 | CVE-2024-40727 | Cross-site Scripting vulnerability in Netbox 4.0.3 A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/console-server-ports/add/. | 6.1 |