Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-07-01 | CVE-2024-6375 | Missing Authorization vulnerability in Mongodb A command for refining a collection shard key is missing an authorization check. | 6.5 |
| 2024-07-01 | CVE-2024-38953 | Cross-site Scripting vulnerability in PHPok 6.4.003 phpok 6.4.003 contains a Cross Site Scripting (XSS) vulnerability in the ok_f() method under the framework/api/upload_control.php file. | 6.1 |
| 2024-07-01 | CVE-2024-6050 | Cross-site Scripting vulnerability in Sokrates Sowa Opac Improper Neutralization of Input During Web Page Generation vulnerability in SOKRATES-software SOWA OPAC allows a Reflected Cross-Site Scripting (XSS). An attacker might trick somebody into using a crafted URL, which will cause a script to be run in user's browser. This issue affects SOWA OPAC software in versions from 4.0 before 4.9.10, from 5.0 before 6.2.12. | 6.1 |
| 2024-07-01 | CVE-2024-39427 | Out-of-bounds Write vulnerability in Google Android 12.0/13.0/14.0 In trusty service, there is a possible out of bounds write due to a missing bounds check. | 4.4 |
| 2024-07-01 | CVE-2024-39428 | Out-of-bounds Write vulnerability in Google Android 12.0/13.0/14.0 In trusty service, there is a possible out of bounds write due to a missing bounds check. | 4.4 |
| 2024-07-01 | CVE-2024-39429 | Out-of-bounds Write vulnerability in Google Android 12.0 In faceid servive, there is a possible out of bounds write due to a missing bounds check. | 6.2 |
| 2024-07-01 | CVE-2024-39430 | Out-of-bounds Write vulnerability in Google Android 12.0 In faceid servive, there is a possible out of bounds write due to a missing bounds check. | 6.2 |
| 2024-07-01 | CVE-2024-3122 | CHANGING Mobile One Time Password does not properly filter parameters for the file download functionality, allowing remote attackers with administrator privilege to read arbitrary file on the system. | 4.9 |
| 2024-06-30 | CVE-2024-6418 | SQL Injection vulnerability in Oretnom23 Medicine Tracker System 1.0 A vulnerability classified as critical has been found in SourceCodester Medicine Tracker System 1.0. | 5.3 |
| 2024-06-30 | CVE-2023-50964 | Cross-site Scripting vulnerability in IBM Infosphere Information Server 11.7 IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. | 5.4 |