Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-10 | CVE-2024-7698 | Improper Cross-boundary Removal of Sensitive Data vulnerability in Phoenixcontact products A low privileged remote attacker can get access to CSRF tokens of higher privileged users which can be abused to mount CSRF attacks. | 5.7 |
| 2024-09-10 | CVE-2024-7618 | Cross-site Scripting vulnerability in Peepso The Community by PeepSo – Social Network, Membership, Registration, User Profiles plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘content’ parameter in all versions up to, and including, 6.4.5.0 due to insufficient input sanitization and output escaping. | 4.8 |
| 2024-09-10 | CVE-2024-7655 | Cross-site Scripting vulnerability in Peepso The Community by PeepSo – Social Network, Membership, Registration, User Profiles plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 6.4.5.0 due to insufficient input sanitization and output escaping. | 4.8 |
| 2024-09-10 | CVE-2024-7734 | Allocation of Resources Without Limits or Throttling vulnerability in Phoenixcontact products An unauthenticated remote attacker can exploit the behavior of the pathfinder TCP encapsulation service by establishing a high number of TCP connections to the pathfinder TCP encapsulation service. | 5.3 |
| 2024-09-10 | CVE-2024-44112 | Missing Authorization vulnerability in SAP OIL %/ GAS Due to missing authorization check in SAP for Oil & Gas (Transportation and Distribution), an attacker authenticated as a non-administrative user could call a remote-enabled function which will allow them to delete non-sensitive entries in a user data table. | 4.3 |
| 2024-09-10 | CVE-2024-38270 | Insufficient Entropy vulnerability in Zyxel products An insufficient entropy vulnerability caused by the improper use of a randomness function with low entropy for web authentication tokens generation exists in the Zyxel GS1900-10HP firmware version V2.80(AAZI.0)C0. | 6.5 |
| 2024-09-09 | CVE-2024-27365 | Out-of-bounds Write vulnerability in Samsung products An issue was discovered in Samsung Mobile Processor Exynos Exynos 980, Exynos 850, Exynos 1080, Exynos 1280, Exynos 1380, Exynos 1330, Exynos 1480, Exynos W920, Exynos W930. | 5.5 |
| 2024-09-09 | CVE-2024-8610 | Cross-site Scripting vulnerability in Mayurik Best House Rental Management System 1.0 A vulnerability classified as problematic has been found in SourceCodester Best House Rental Management System 1.0. | 5.4 |
| 2024-09-09 | CVE-2023-50883 | Cross-site Scripting vulnerability in Onlyoffice Document Server ONLYOFFICE Docs before 8.0.1 allows XSS because a macro is an immediately-invoked function expression (IIFE), and therefore a sandbox escape is possible by directly calling the constructor of the Function object. | 6.1 |
| 2024-09-09 | CVE-2024-27364 | Out-of-bounds Read vulnerability in Samsung products An issue was discovered in Mobile Processor, Wearable Processor Exynos 980, Exynos 850, Exynos 1080, Exynos 1280, Exynos 1380, Exynos 1330, Exynos 1480, Exynos W920, Exynos W930. | 5.5 |