Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-12 | CVE-2024-5759 | Improper Privilege Management vulnerability in Tenable Security Center An improper privilege management vulnerability exists in Tenable Security Center where an authenticated, remote attacker could view unauthorized objects and launch scans without having the required privileges | 6.3 |
| 2024-06-12 | CVE-2024-5897 | Cross-site Scripting vulnerability in Oretnom23 Employee and Visitor Gate Pass Logging System 1.0 A vulnerability has been found in SourceCodester Employee and Visitor Gate Pass Logging System 1.0 and classified as problematic. | 6.1 |
| 2024-06-12 | CVE-2024-31217 | Unspecified vulnerability in Strapi Strapi is an open-source content management system. | 6.5 |
| 2024-06-12 | CVE-2024-37297 | Cross-site Scripting vulnerability in Woocommerce WooCommerce is an open-source e-commerce platform built on WordPress. | 5.4 |
| 2024-06-12 | CVE-2024-5891 | Unspecified vulnerability in Redhat Quay 3.0.0 A vulnerability was found in Quay. | 4.2 |
| 2024-06-12 | CVE-2024-5313 | Unspecified vulnerability in Schneider-Electric Evlink Home Firmware 2.0.3.8.2128/2.0.4.1.2131 CWE-668: Exposure of the Resource Wrong Sphere vulnerability exists that exposes a SSH interface over the product network interface. | 6.5 |
| 2024-06-12 | CVE-2024-5056 | Files or Directories Accessible to External Parties vulnerability in Schneider-Electric products CWE-552: Files or Directories Accessible to External Parties vulnerability exists which may prevent user to update the device firmware and prevent proper behavior of the webserver when specific files or directories are removed from the filesystem. | 6.5 |
| 2024-06-12 | CVE-2024-1766 | Cross-site Scripting vulnerability in Wpdownloadmanager Download Manager The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a user's Display Name in all versions up to, and including, 3.2.86 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-06-12 | CVE-2024-3492 | The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'event', 'location', and 'event_category' shortcodes in all versions up to, and including, 6.4.7.3 due to insufficient input sanitization and output escaping on user supplied attributes. network low complexity | 6.4 |
| 2024-06-12 | CVE-2024-5674 | Unspecified vulnerability in Newsletter The Newsletter - API v1 and v2 addon plugin for WordPress is vulnerable to unauthorized subscribers management due to PHP type juggling issue on the check_api_key function in all versions up to, and including, 2.4.5. | 6.5 |