Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-10 | CVE-2024-21753 | Path Traversal vulnerability in Fortinet Forticlient Endpoint Management Server A improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiClientEMS versions 7.2.0 through 7.2.4, 7.0.0 through 7.0.13, 6.4.0 through 6.4.9, 6.2.0 through 6.2.9, 6.0.0 through 6.0.8, 1.2.1 through 1.2.5 allows attacker to perform a denial of service, read or write a limited number of files via specially crafted HTTP requests | 6.0 |
| 2024-09-10 | CVE-2024-27257 | Unspecified vulnerability in IBM Openpages GRC Platform and Openpages With Watson IBM OpenPages 8.3 and 9.0 potentially exposes information about client-side source code through use of JavaScript source maps to unauthorized users. | 4.3 |
| 2024-09-10 | CVE-2024-31490 | Unspecified vulnerability in Fortinet Fortisandbox An exposure of sensitive information to an unauthorized actor in Fortinet FortiSandbox version 4.4.0 through 4.4.4 and 4.2.0 through 4.2.6 and 4.0.0 through 4.0.5 and 3.2.2 through 3.2.4 and 3.1.5 allows attacker to information disclosure via HTTP get requests. | 6.5 |
| 2024-09-10 | CVE-2024-35282 | Cleartext Storage of Sensitive Information vulnerability in Fortinet Forticlient A cleartext storage of sensitive information in memory vulnerability [CWE-316] affecting FortiClient VPN iOS 7.2 all versions, 7.0 all versions, 6.4 all versions, 6.2 all versions, 6.0 all versions may allow an unauthenticated attacker that has physical access to a jailbroken device to obtain cleartext passwords via keychain dump. | 4.6 |
| 2024-09-10 | CVE-2024-43796 | Cross-site Scripting vulnerability in Openjsf Express Express.js minimalist web framework for node. | 4.7 |
| 2024-09-10 | CVE-2024-43799 | Cross-site Scripting vulnerability in Send Project Send Send is a library for streaming files from the file system as a http response. | 4.7 |
| 2024-09-10 | CVE-2024-43800 | Cross-site Scripting vulnerability in Openjsf Serve-Static serve-static serves static files. | 4.7 |
| 2024-09-10 | CVE-2024-6282 | Cross-site Scripting vulnerability in Master-Addons Master Addons The Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the data-jltma-wrapper-link element in all versions up to, and including 2.0.6.4 due to insufficient input sanitization and output escaping on user-supplied attributes. | 5.4 |
| 2024-09-10 | CVE-2024-8369 | Missing Authorization vulnerability in Metagauss Eventprime The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized access to Private or Password-protected events due to missing authorization checks in all versions up to, and including, 4.0.4.3. | 5.3 |
| 2024-09-10 | CVE-2023-2919 | Cross-Site Request Forgery (CSRF) vulnerability in Themeum Tutor LMS The Tutor LMS plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.7.4. | 4.3 |