Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-16 | CVE-2024-39772 | Unspecified vulnerability in Mattermost Server Mattermost Desktop App versions <=5.8.0 fail to safeguard screen capture functionality which allows an attacker to silently capture high-quality screenshots via JavaScript APIs. | 5.3 |
| 2024-09-16 | CVE-2024-45835 | Unspecified vulnerability in Mattermost Server Mattermost Desktop App versions <=5.8.0 fail to sufficiently configure Electron Fuses which allows an attacker to gather Chromium cookies or abuse other misconfigurations via remote/local access. | 6.5 |
| 2024-09-16 | CVE-2024-46970 | Cross-site Scripting vulnerability in Jetbrains Intellij Idea In JetBrains IntelliJ IDEA before 2024.1 hTML injection via the project name was possible | 6.1 |
| 2024-09-16 | CVE-2024-1578 | Unspecified vulnerability in Rfideas Micard Plus BLE Firmware and Micard Plus CI Firmware The MiCard PLUS Ci and MiCard PLUS BLE reader products developed by rf IDEAS and rebranded by NT-ware have a firmware fault that may result in characters randomly being dropped from some ID card reads, which would result in the wrong ID card number being assigned during ID card self-registration and might result in failed login attempts for end-users. high complexity rfideas | 5.3 |
| 2024-09-16 | CVE-2024-45833 | Unspecified vulnerability in Mattermost Mobile 1.26.0/1.29.0/1.30.0 Mattermost Mobile Apps versions <=2.18.0 fail to disable autocomplete during login while typing the password and visible password is selected, which allows the password to get saved in the dictionary when the user has Swiftkey as the default keyboard, the masking is off and the password contains a special character.. | 6.5 |
| 2024-09-16 | CVE-2024-8776 | Cross-site Scripting vulnerability in Intumit Smartrobot Firmware 6.0.0202012Tw SmartRobot from INTUMIT does not properly validate a specific page parameter, allowing unautheticated remote attackers to inject JavaScript code to the parameter for Reflected Cross-site Scripting attacks. | 6.1 |
| 2024-09-16 | CVE-2024-8778 | Path Traversal vulnerability in Syscomgo Omflow OMFLOW from The SYSCOM Group does not properly validate user input of the download functionality, allowing remote attackers with regular privileges to read arbitrary system files. | 6.5 |
| 2024-09-16 | CVE-2024-8780 | Unspecified vulnerability in Syscomgo Omflow OMFLOW from The SYSCOM Group does not properly restrict the query range of its data query functionality, allowing remote attackers with regular privileges to obtain accounts and password hashes of other users. | 6.5 |
| 2024-09-15 | CVE-2024-46942 | Unspecified vulnerability in Opendaylight Model-Driven Service Abstraction Layer In OpenDaylight Model-Driven Service Abstraction Layer (MD-SAL) through 13.0.1, a controller with a follower role can configure flow entries in an OpenDaylight clustering deployment. | 6.5 |
| 2024-09-15 | CVE-2024-46918 | Incorrect Authorization vulnerability in Misp app/Controller/UserLoginProfilesController.php in MISP before 2.4.198 does not prevent an org admin from viewing sensitive login fields of another org admin in the same org. | 4.9 |