Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-06 | CVE-2023-52915 | NULL Pointer Dereference vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: media: dvb-usb-v2: af9035: Fix null-ptr-deref in af9035_i2c_master_xfer In af9035_i2c_master_xfer, msg is controlled by user. | 5.5 |
| 2024-09-06 | CVE-2024-8317 | Cross-site Scripting vulnerability in Wpeka WP Adcenter The WP AdCenter – Ad Manager & Adsense Ads plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘ad_alignment’ attribute in all versions up to, and including, 2.5.6 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-09-06 | CVE-2024-8427 | Missing Authorization vulnerability in Wpshuffle Frontend Post Submission Manager The Frontend Post Submission Manager Lite – Frontend Posting WordPress Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_global_settings and process_form_edit functions in all versions up to, and including, 1.2.2. | 4.3 |
| 2024-09-06 | CVE-2024-7415 | The Remember Me Controls plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.0.1. | 5.3 |
| 2024-09-06 | CVE-2024-40865 | Unspecified vulnerability in Apple Visionos 1.0.2/1.1/1.2 The issue was addressed by suspending Persona when the virtual keyboard is active. | 5.3 |
| 2024-09-06 | CVE-2024-45400 | Cross-site Scripting vulnerability in Mlewand Open Link ckeditor-plugin-openlink is a plugin for the CKEditor JavaScript text editor that extends the context menu with a possibility to open a link in a new tab. | 6.1 |
| 2024-09-05 | CVE-2024-45157 | Unspecified vulnerability in ARM Mbed TLS An issue was discovered in Mbed TLS before 2.28.9 and 3.x before 3.6.1, in which the user-selected algorithm is not used. | 5.1 |
| 2024-09-05 | CVE-2024-44728 | Cross-site Scripting vulnerability in Angeljudesuarez Event Management System 1.0 Sourcecodehero Event Management System 1.0 allows Stored Cross-Site Scripting via parameters Full Name, Address, Email, and contact# in /clientdetails/admin/regester.php. | 6.1 |
| 2024-09-05 | CVE-2024-45392 | Unspecified vulnerability in Salesagility Suitecrm SuiteCRM is an open-source customer relationship management (CRM) system. | 4.3 |
| 2024-09-05 | CVE-2023-51712 | Unspecified vulnerability in ARM Trusted Firmware-M An issue was discovered in Trusted Firmware-M through 2.0.0. high complexity arm | 4.7 |