Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-10 | CVE-2024-43487 | Unspecified vulnerability in Microsoft products Windows Mark of the Web Security Feature Bypass Vulnerability | 6.5 |
| 2024-09-10 | CVE-2024-44872 | Cross-site Scripting vulnerability in Mozilo Mozilocms 3.0 A reflected cross-site scripting (XSS) vulnerability in moziloCMS v3.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload. | 6.1 |
| 2024-09-10 | CVE-2024-44676 | Cross-site Scripting vulnerability in Eladmin 2.7 eladmin v2.7 and before is vulnerable to Cross Site Scripting (XSS) which allows an attacker to execute arbitrary code via LocalStoreController. | 4.8 |
| 2024-09-10 | CVE-2024-44815 | Insufficiently Protected Credentials vulnerability in Hathway Skyworth Cm5100-511 Firmware 4.1.1.24 Vulnerability in Hathway Skyworth Router CM5100 v.4.1.1.24 allows a physically proximate attacker to obtain user credentials via SPI flash Firmware W25Q64JV. | 4.6 |
| 2024-09-10 | CVE-2024-45407 | Unspecified vulnerability in Lizardbyte Sunshine 20240527 Sunshine is a self-hosted game stream host for Moonlight. | 5.3 |
| 2024-09-10 | CVE-2024-45591 | Missing Authorization vulnerability in Xwiki XWiki Platform is a generic wiki platform. | 5.3 |
| 2024-09-10 | CVE-2024-45592 | Cross-site Scripting vulnerability in Damienharper Auditor-Bundle auditor-bundle, formerly known as DoctrineAuditBundle, integrates auditor library into any Symfony 3.4+ application. | 6.1 |
| 2024-09-10 | CVE-2024-6876 | Out-of-bounds Read vulnerability in Codesys Oscat Basic Library Out-of-Bounds read vulnerability in OSCAT Basic Library allows an local, unprivileged attacker to access limited internal data of the PLC which may lead to a crash of the affected service. | 4.4 |
| 2024-09-10 | CVE-2022-45856 | Improper Certificate Validation vulnerability in Fortinet Forticlient An improper certificate validation vulnerability [CWE-295] in FortiClientWindows 6.4 all versions, 7.0.0 through 7.0.7, FortiClientMac 6.4 all versions, 7.0 all versions, 7.2.0 through 7.2.4, FortiClientLinux 6.4 all versions, 7.0 all versions, 7.2.0 through 7.2.4, FortiClientAndroid 6.4 all versions, 7.0 all versions, 7.2.0 and FortiClientiOS 5.6 all versions, 6.0.0 through 6.0.1, 7.0.0 through 7.0.6 SAML SSO feature may allow an unauthenticated attacker to man-in-the-middle the communication between the FortiClient and both the service provider and the identity provider. | 5.9 |
| 2024-09-10 | CVE-2023-44254 | Authorization Bypass Through User-Controlled Key vulnerability in Fortinet Fortianalyzer and Fortimanager An authorization bypass through user-controlled key [CWE-639] vulnerability in FortiAnalyzer version 7.4.1 and before 7.2.5 and FortiManager version 7.4.1 and before 7.2.5 may allow a remote attacker with low privileges to read sensitive data via a crafted HTTP request. | 6.5 |