Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-19 | CVE-2024-4663 | The OSM Map Widget for Elementor plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 1.2.2 due to insufficient input sanitization and output escaping. network low complexity | 6.4 |
| 2024-06-19 | CVE-2024-4787 | The Cost Calculator Builder PRO for WordPress is vulnerable to arbitrary email sending vulnerability in versions up to, and including, 3.1.75. network low complexity | 5.8 |
| 2024-06-19 | CVE-2024-4873 | The Replace Image plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.1.10 via the image replacement functionality due to missing validation on a user controlled key. network low complexity | 4.3 |
| 2024-06-19 | CVE-2024-5768 | The MIMO Woocommerce Order Tracking plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'mimo_update_provider' function in all versions up to, and including, 1.0.2. network low complexity | 6.4 |
| 2024-06-18 | CVE-2024-5970 | The MaxGalleria plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's maxgallery_thumb shortcode in all versions up to, and including, 6.4.4 due to insufficient input sanitization and output escaping on user supplied attributes. network low complexity | 6.4 |
| 2024-06-18 | CVE-2024-6128 | Unspecified vulnerability in Spa-Cart Spa-Cartcms 1.9.0.6 A vulnerability, which was classified as problematic, has been found in spa-cartcms 1.9.0.6. | 5.3 |
| 2024-06-18 | CVE-2024-36976 | Improper Locking vulnerability in Linux Kernel 6.9/6.9.1 In the Linux kernel, the following vulnerability has been resolved: Revert "media: v4l2-ctrls: show all owned controls in log_status" This reverts commit 9801b5b28c6929139d6fceeee8d739cc67bb2739. This patch introduced a potential deadlock scenario: [Wed May 8 10:02:06 2024] Possible unsafe locking scenario: [Wed May 8 10:02:06 2024] CPU0 CPU1 [Wed May 8 10:02:06 2024] ---- ---- [Wed May 8 10:02:06 2024] lock(vivid_ctrls:1620:(hdl_vid_cap)->_lock); [Wed May 8 10:02:06 2024] lock(vivid_ctrls:1608:(hdl_user_vid)->_lock); [Wed May 8 10:02:06 2024] lock(vivid_ctrls:1620:(hdl_vid_cap)->_lock); [Wed May 8 10:02:06 2024] lock(vivid_ctrls:1608:(hdl_user_vid)->_lock); For now just revert. | 5.5 |
| 2024-06-18 | CVE-2024-37800 | Cross-site Scripting vulnerability in Health Care Hospital Management System Project Health Care Hospital Management System 1.0 CodeProjects Restaurant Reservation System v1.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the Date parameter at index.php. | 6.1 |
| 2024-06-18 | CVE-2024-37803 | Cross-site Scripting vulnerability in Health Care Hospital Management System Project Health Care Hospital Management System 1.0 Multiple stored cross-site scripting (XSS) vulnerabilities in CodeProjects Health Care hospital Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the fname and lname parameters under the Staff Info page. | 5.4 |
| 2024-06-18 | CVE-2024-38504 | Missing Authorization vulnerability in Jetbrains Youtrack In JetBrains YouTrack before 2024.2.34646 the Guest User Account was enabled for attaching files to articles | 5.3 |