Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-28 | CVE-2024-5864 | The Easy Affiliate Links plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the eafl_reset_settings AJAX action in all versions up to, and including, 3.7.3. network low complexity | 4.3 |
| 2024-06-28 | CVE-2024-6296 | The Stackable – Page Builder Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘data-caption’ parameter in all versions up to, and including, 3.13.1 due to insufficient input sanitization and output escaping. network low complexity | 6.4 |
| 2024-06-27 | CVE-2023-38368 | Incorrect Authorization vulnerability in IBM Security Access Manager 10.0.0.0/10.0.7.1 IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could disclose sensitive information to a local user to do improper permission controls. | 5.5 |
| 2024-06-27 | CVE-2023-38370 | Incorrect Default Permissions vulnerability in IBM Security Access Manager 10.0.0.0/10.0.7.1 IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1, under certain configurations, could allow a user on the network to install malicious packages. | 6.5 |
| 2024-06-27 | CVE-2024-5710 | Unspecified vulnerability in Litellm 1.34.34 berriai/litellm version 1.34.34 is vulnerable to improper access control in its team management functionality. | 6.5 |
| 2024-06-27 | CVE-2024-5714 | Unspecified vulnerability in Lunary 1.2.4 In lunary-ai/lunary version 1.2.4, an improper access control vulnerability allows members with team management permissions to manipulate project identifiers in requests, enabling them to invite users to projects in other organizations, change members to projects in other organizations with escalated privileges, and change members from other organizations to their own or other projects, also with escalated privileges. | 6.8 |
| 2024-06-27 | CVE-2024-5755 | Unspecified vulnerability in Lunary In lunary-ai/lunary versions <=v1.2.11, an attacker can bypass email validation by using a dot character ('.') in the email address. | 5.3 |
| 2024-06-27 | CVE-2024-5933 | Cross-site Scripting vulnerability in Lollms Webui A Cross-site Scripting (XSS) vulnerability exists in the chat functionality of parisneo/lollms-webui in the latest version. | 5.4 |
| 2024-06-27 | CVE-2024-6086 | Unspecified vulnerability in Lunary 1.2.7 In version 1.2.7 of lunary-ai/lunary, any authenticated user, regardless of their role, can change the name of an organization due to improper access control. | 4.3 |
| 2024-06-27 | CVE-2023-42011 | Improper Restriction of Rendered UI Layers or Frames vulnerability in IBM Sterling B2B Integrator 6.1/6.2 IBM Sterling B2B Integrator Standard Edition 6.1 and 6.2 does not restrict or incorrectly restricts frame objects or UI layers that belong to another application or domain, which can lead to user confusion about which interface the user is interacting with. | 5.4 |