Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-07-01 | CVE-2024-23737 | Cross-Site Request Forgery (CSRF) vulnerability in Savignano S-Notify Cross Site Request Forgery (CSRF) vulnerability in savignano S/Notify before 4.0.2 for Jira allows attackers to allows attackers to manipulate a user's S/MIME certificate of PGP key via malicious link or email. | 5.4 |
| 2024-07-01 | CVE-2024-36423 | Cross-site Scripting vulnerability in Flowiseai Flowise Flowise is a drag & drop user interface to build a customized large language model flow. | 6.1 |
| 2024-07-01 | CVE-2024-37145 | Cross-site Scripting vulnerability in Flowiseai Flowise Flowise is a drag & drop user interface to build a customized large language model flow. | 6.1 |
| 2024-07-01 | CVE-2024-37146 | Cross-site Scripting vulnerability in Flowiseai Flowise Flowise is a drag & drop user interface to build a customized large language model flow. | 6.1 |
| 2024-07-01 | CVE-2024-39303 | Unspecified vulnerability in Weblate Weblate is a web based localization tool. | 5.4 |
| 2024-07-01 | CVE-2024-20399 | OS Command Injection vulnerability in Cisco Nx-Os A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated user in possession of Administrator credentials to execute arbitrary commands as root on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of arguments that are passed to specific configuration CLI commands. | 6.7 |
| 2024-07-01 | CVE-2024-36986 | Unspecified vulnerability in Splunk Cloud and Splunk In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, an authenticated user could run risky commands using the permissions of a higher-privileged user to bypass SPL safeguards for risky commands in the Analytics Workspace. | 5.7 |
| 2024-07-01 | CVE-2024-36987 | Unrestricted Upload of File with Dangerous Type vulnerability in Splunk Cloud and Splunk In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200, an authenticated, low-privileged user who does not hold the admin or power Splunk roles could upload a file with an arbitrary extension using the indexing/preview REST endpoint. | 6.5 |
| 2024-07-01 | CVE-2024-36989 | Unspecified vulnerability in Splunk Cloud and Splunk In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200, a low-privileged user that does not hold the admin or power Splunk roles could create notifications in Splunk Web Bulletin Messages that all users on the instance receive. | 6.5 |
| 2024-07-01 | CVE-2024-36990 | Infinite Loop vulnerability in Splunk and Splunk Cloud Platform In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.2.2403.100, an authenticated, low-privileged user that does not hold the admin or power Splunk roles could send a specially crafted HTTP POST request to the datamodel/web REST endpoint in Splunk Enterprise, potentially causing a denial of service. | 6.5 |