Vulnerabilities > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-06-25 | CVE-2024-39470 | NULL Pointer Dereference vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: eventfs: Fix a possible null pointer dereference in eventfs_find_events() In function eventfs_find_events,there is a potential null pointer that may be caused by calling update_events_attr which will perform some operations on the members of the ei struct when ei is NULL. Hence,When ei->is_freed is set,return NULL directly. | 5.5 |
2024-06-25 | CVE-2024-5451 | The The7 — Website and eCommerce Builder for WordPress theme for WordPress is vulnerable to Stored Cross-Site Scripting via the 'url' attribute within the plugin's Icon and Heading widgets in all versions up to, and including, 11.13.0 due to insufficient input sanitization and output escaping on user supplied attributes. network low complexity | 6.4 |
2024-06-25 | CVE-2024-6300 | Incomplete Cleanup vulnerability in Conduit Incomplete cleanup when performing redactions in Conduit, allowing an attacker to check whether certain strings were present in the PDU before redaction | 5.3 |
2024-06-25 | CVE-2024-6302 | Unspecified vulnerability in Conduit Lack of privilege checking when processing a redaction in Conduit versions v0.6.0 and lower, allowing a local user to redact any message from users on the same server, given that they are able to send redaction events. | 5.5 |
2024-06-25 | CVE-2024-6307 | WordPress Core is vulnerable to Stored Cross-Site Scripting via the HTML API in various versions prior to 6.5.5 due to insufficient input sanitization and output escaping on URLs. network low complexity | 6.4 |
2024-06-25 | CVE-2024-34141 | Cross-site Scripting vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. | 5.4 |
2024-06-25 | CVE-2024-34142 | Cross-site Scripting vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. | 5.4 |
2024-06-25 | CVE-2024-3249 | The Zita Elementor Site Library plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the import_xml_data, xml_data_import, import_option_data, import_widgets, and import_customizer_settings functions in all versions up to, and including, 1.6.2. network low complexity | 4.3 |
2024-06-24 | CVE-2024-34312 | Cross-site Scripting vulnerability in Moodle Virtual Programming LAB Virtual Programming Lab for Moodle up to v4.2.3 was discovered to contain a cross-site scripting (XSS) vulnerability via the component vplide.js. | 6.1 |
2024-06-24 | CVE-2021-45785 | Cross-Site Request Forgery (CSRF) vulnerability in Trudesk Project Trudesk 1.1.11 TruDesk Help Desk/Ticketing Solution v1.1.11 is vulnerable to a Cross-Site Request Forgery (CSRF) attack which would allow an attacker to restart the server, causing a DoS attack. | 6.5 |