Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-06 | CVE-2024-32762 | Cross-site Scripting vulnerability in Qnap Qulog Center A cross-site scripting (XSS) vulnerability has been reported to affect QuLog Center. | 6.1 |
| 2024-09-06 | CVE-2024-38640 | Cross-site Scripting vulnerability in Qnap Download Station A cross-site scripting (XSS) vulnerability has been reported to affect Download Station. | 5.4 |
| 2024-09-06 | CVE-2024-8394 | Use After Free vulnerability in Mozilla Thunderbird When aborting the verification of an OTR chat session, an attacker could have caused a use-after-free bug leading to a potentially exploitable crash. | 6.5 |
| 2024-09-06 | CVE-2024-44837 | Cross-site Scripting vulnerability in Deathbreak Drug 1.0 A cross-site scripting (XSS) vulnerability in the component \bean\Manager.java of Drug v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the user parameter. | 5.4 |
| 2024-09-06 | CVE-2024-7599 | Cross-site Scripting vulnerability in Wpcodeus Advanced Sermons The Advanced Sermons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘sermon_video_embed’ parameter in all versions up to, and including, 3.3 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-09-06 | CVE-2024-7611 | Cross-site Scripting vulnerability in Themelooks Enter Addons The Enter Addons – Ultimate Template Builder for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tag' attribute of the Events Card widget in all versions up to, and including, 2.1.8 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-09-06 | CVE-2024-7622 | Missing Authorization vulnerability in Jetplugs Revision Manager TMC The Revision Manager TMC plugin for WordPress is vulnerable to unauthorized arbitrary email sending due to a missing capability check on the _a_ajaxQuickEmailTestCallback() function in all versions up to, and including, 2.8.19. | 4.3 |
| 2024-09-06 | CVE-2024-45039 | Unspecified vulnerability in Consensys Gnark-Crypto gnark is a fast zk-SNARK library that offers a high-level API to design circuits. | 6.2 |
| 2024-09-06 | CVE-2024-45040 | Unspecified vulnerability in Consensys Gnark-Crypto gnark is a fast zk-SNARK library that offers a high-level API to design circuits. | 5.9 |
| 2024-09-06 | CVE-2024-45300 | Race Condition vulnerability in ALF 2.0M42304 alf.io is an open source ticket reservation system for conferences, trade shows, workshops, and meetups. | 5.9 |