Vulnerabilities > Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2024-07-06	CVE-2024-6095	Server-Side Request Forgery (SSRF) vulnerability in Mudler Localai A vulnerability in the /models/apply endpoint of mudler/localai versions 2.15.0 allows for Server-Side Request Forgery (SSRF) and partial Local File Inclusion (LFI). network low complexity mudler CWE-918	5.8
2024-07-06	CVE-2024-37554	Cross-site Scripting vulnerability in Codeastrology Ultraaddons Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CodeAstrology Team UltraAddons Elementor Lite (Header & Footer Builder, Menu Builder, Cart Icon, Shortcode).This issue affects UltraAddons Elementor Lite (Header & Footer Builder, Menu Builder, Cart Icon, Shortcode): from n/a through 1.1.6. network low complexity codeastrology CWE-79	5.4
2024-07-06	CVE-2024-37553	Cross-site Scripting vulnerability in Axelerant Testimonials Widget Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Axelerant Testimonials Widget allows Stored XSS.This issue affects Testimonials Widget: from n/a through 4.0.4. network low complexity axelerant CWE-79	5.4
2024-07-06	CVE-2024-37546	Cross-site Scripting vulnerability in Oxilab Image Hover Effects for Elementor With Lightbox and Flipbox Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in biplob018 Image Hover Effects - Caption Hover with Carousel allows Stored XSS.This issue affects Image Hover Effects - Caption Hover with Carousel: from n/a through 3.0.2. network low complexity oxilab CWE-79	5.4
2024-07-06	CVE-2024-37539	Cross-site Scripting vulnerability in Delower WP to DO Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Delower WP To Do allows Stored XSS.This issue affects WP To Do: from n/a through 1.3.0. network low complexity delower CWE-79	5.4
2024-07-06	CVE-2024-37541	Cross-site Scripting vulnerability in Staxwp Stax Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in StaxWP Elementor Addons, Widgets and Enhancements – Stax allows Stored XSS.This issue affects Elementor Addons, Widgets and Enhancements – Stax: from n/a through 1.4.4.1. network low complexity staxwp CWE-79	5.4
2024-07-06	CVE-2024-37542	Missing Authorization vulnerability in Wpdevart Gallery Missing Authorization vulnerability in WpDevArt Responsive Image Gallery, Gallery Album.This issue affects Responsive Image Gallery, Gallery Album: from n/a through 2.0.3. network low complexity wpdevart CWE-862	6.3
2024-07-05	CVE-2024-29318	Cross-site Scripting vulnerability in Personal-Management-System Personal Management System 1.4.64 Volmarg Personal Management System 1.4.64 is vulnerable to stored cross site scripting (XSS) via upload of a SVG file with embedded javascript code. network low complexity personal-management-system CWE-79	5.4
2024-07-05	CVE-2024-23588	Unspecified vulnerability in Hcltech Nomad Server on Domino HCL Nomad server on Domino fails to properly handle users configured with limited Domino access resulting in a possible denial of service vulnerability. network low complexity hcltech	6.5
2024-07-05	CVE-2024-6505	Out-of-bounds Read vulnerability in multiple products A flaw was found in the virtio-net device in QEMU. network low complexity qemu redhat CWE-125	6.8

Vulnerabilities > Medium {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Medium"}]}

Vulnerabilities > Medium