Vulnerabilities > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-06-10 | CVE-2024-36407 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Salesagility Suitecrm SuiteCRM is an open-source Customer Relationship Management (CRM) software application. | 6.5 |
2024-06-10 | CVE-2024-3850 | Cross-site Scripting vulnerability in Uniview Nvr301-04S2-P4 Firmware Uniview NVR301-04S2-P4 is vulnerable to reflected cross-site scripting attack (XSS). | 5.4 |
2024-06-10 | CVE-2024-35680 | Injection vulnerability in Yithemes Yith Woocommerce Product Add-Ons Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in YITH YITH WooCommerce Product Add-Ons allows Code Injection.This issue affects YITH WooCommerce Product Add-Ons: from n/a through 4.9.2. | 5.3 |
2024-06-10 | CVE-2024-35712 | Path Traversal vulnerability in Meowapps Database Cleaner Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Jordy Meow Database Cleaner allows Relative Path Traversal.This issue affects Database Cleaner: from n/a through 1.0.5. | 4.9 |
2024-06-10 | CVE-2022-45168 | Improper Authentication vulnerability in Liveboxcloud Vdesk 018 An issue was discovered in LIVEBOX Collaboration vDesk through v018. | 6.5 |
2024-06-10 | CVE-2022-45176 | Cross-site Scripting vulnerability in Liveboxcloud Vdesk 018 An issue was discovered in LIVEBOX Collaboration vDesk through v018. | 5.4 |
2024-06-10 | CVE-2024-4745 | Missing Authorization vulnerability in Seedprod Rafflepress Missing Authorization vulnerability in RafflePress Giveaways and Contests by RafflePress.This issue affects Giveaways and Contests by RafflePress: from n/a through 1.12.4. | 6.3 |
2024-06-10 | CVE-2024-4746 | Missing Authorization vulnerability in Netgsm 2.9.16 Missing Authorization vulnerability in Netgsm.This issue affects Netgsm: from n/a through 2.9.16. | 6.3 |
2024-06-09 | CVE-2024-2408 | Information Exposure Through Discrepancy vulnerability in multiple products The openssl_private_decrypt function in PHP, when using PKCS1 padding (OPENSSL_PKCS1_PADDING, which is the default), is vulnerable to the Marvin Attack unless it is used with an OpenSSL version that includes the changes from this pull request: https://github.com/openssl/openssl/pull/13817 (rsa_pkcs1_implicit_rejection). | 5.9 |
2024-06-09 | CVE-2024-35748 | Missing Authorization vulnerability in Opmc Woocommerce Dropshipping 4.4/5.0.4 Missing Authorization vulnerability in OPMC WooCommerce Dropshipping.This issue affects WooCommerce Dropshipping: from n/a through 5.0.4. | 5.3 |