Vulnerabilities > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-07-06 | CVE-2024-6095 | Server-Side Request Forgery (SSRF) vulnerability in Mudler Localai A vulnerability in the /models/apply endpoint of mudler/localai versions 2.15.0 allows for Server-Side Request Forgery (SSRF) and partial Local File Inclusion (LFI). | 5.8 |
2024-07-06 | CVE-2024-37554 | Cross-site Scripting vulnerability in Codeastrology Ultraaddons Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CodeAstrology Team UltraAddons Elementor Lite (Header & Footer Builder, Menu Builder, Cart Icon, Shortcode).This issue affects UltraAddons Elementor Lite (Header & Footer Builder, Menu Builder, Cart Icon, Shortcode): from n/a through 1.1.6. | 5.4 |
2024-07-06 | CVE-2024-37553 | Cross-site Scripting vulnerability in Axelerant Testimonials Widget Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Axelerant Testimonials Widget allows Stored XSS.This issue affects Testimonials Widget: from n/a through 4.0.4. | 5.4 |
2024-07-06 | CVE-2024-37546 | Cross-site Scripting vulnerability in Oxilab Image Hover Effects for Elementor With Lightbox and Flipbox Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in biplob018 Image Hover Effects - Caption Hover with Carousel allows Stored XSS.This issue affects Image Hover Effects - Caption Hover with Carousel: from n/a through 3.0.2. | 5.4 |
2024-07-06 | CVE-2024-37539 | Cross-site Scripting vulnerability in Delower WP to DO Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Delower WP To Do allows Stored XSS.This issue affects WP To Do: from n/a through 1.3.0. | 5.4 |
2024-07-06 | CVE-2024-37541 | Cross-site Scripting vulnerability in Staxwp Stax Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in StaxWP Elementor Addons, Widgets and Enhancements – Stax allows Stored XSS.This issue affects Elementor Addons, Widgets and Enhancements – Stax: from n/a through 1.4.4.1. | 5.4 |
2024-07-06 | CVE-2024-37542 | Missing Authorization vulnerability in Wpdevart Gallery Missing Authorization vulnerability in WpDevArt Responsive Image Gallery, Gallery Album.This issue affects Responsive Image Gallery, Gallery Album: from n/a through 2.0.3. | 6.3 |
2024-07-05 | CVE-2024-29318 | Cross-site Scripting vulnerability in Personal-Management-System Personal Management System 1.4.64 Volmarg Personal Management System 1.4.64 is vulnerable to stored cross site scripting (XSS) via upload of a SVG file with embedded javascript code. | 5.4 |
2024-07-05 | CVE-2024-23588 | Unspecified vulnerability in Hcltech Nomad Server on Domino HCL Nomad server on Domino fails to properly handle users configured with limited Domino access resulting in a possible denial of service vulnerability. | 6.5 |
2024-07-05 | CVE-2024-6505 | Out-of-bounds Read vulnerability in multiple products A flaw was found in the virtio-net device in QEMU. | 6.8 |