Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-06 | CVE-2024-5256 | Integer Underflow (Wrap or Wraparound) vulnerability in Sonos ERA 100 Firmware 15.9 Sonos Era 100 SMB2 Message Handling Integer Underflow Information Disclosure Vulnerability. | 4.3 |
| 2024-06-06 | CVE-2024-5268 | Out-of-bounds Read vulnerability in Sonos ERA 100 Firmware 15.9 Sonos Era 100 SMB2 Message Handling Out-Of-Bounds Read Information Disclosure Vulnerability. | 6.5 |
| 2024-06-06 | CVE-2024-36399 | Authorization Bypass Through User-Controlled Key vulnerability in Kanboard Kanboard is project management software that focuses on the Kanban methodology. | 6.3 |
| 2024-06-06 | CVE-2024-37150 | Use of Incorrectly-Resolved Name or Reference vulnerability in Deno 1.44.0 An issue in `.npmrc` support in Deno 1.44.0 was discovered where Deno would send `.npmrc` credentials for the scope to the tarball URL when the registry provided URLs for a tarball on a different domain. | 6.5 |
| 2024-06-06 | CVE-2024-37156 | Cross-site Scripting vulnerability in Sulu Suluformbundle The SuluFormBundle adds support for creating dynamic forms in Sulu Admin. | 6.1 |
| 2024-06-06 | CVE-2024-36106 | Information Exposure Through an Error Message vulnerability in Argoproj Argo CD Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. | 4.3 |
| 2024-06-06 | CVE-2024-5489 | Missing Authorization vulnerability in Wbcomdesigns Custom Font Uploader The Wbcom Designs – Custom Font Uploader plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'cfu_delete_customfont' function in all versions up to, and including, 2.3.4. | 4.3 |
| 2024-06-06 | CVE-2024-5038 | Cross-site Scripting vulnerability in Extendthemes Colibri Page Builder The Colibri Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.0.276 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-06-06 | CVE-2024-5188 | Cross-site Scripting vulnerability in Wpdeveloper Essential Addons for Elementor The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'get_manual_calendar_events' function in all versions up to, and including, 5.9.22 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-06-06 | CVE-2024-5658 | Improper Authentication vulnerability in Born05 Two-Factor Authentication The CraftCMS plugin Two-Factor Authentication through 3.3.3 allows reuse of TOTP tokens multiple times within the validity period. | 6.5 |