Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-02 | CVE-2024-28044 | Integer Overflow or Wraparound vulnerability in Openatom Openharmony 4.0 in OpenHarmony v4.1.0 and prior versions allow a local attacker cause crash through integer overflow. | 5.5 |
| 2024-09-02 | CVE-2024-38382 | Out-of-bounds Read vulnerability in Openatom Openharmony 4.0/4.0.1 in OpenHarmony v4.0.0 and prior versions allow a local attacker cause information leak through out-of-bounds Read. | 5.5 |
| 2024-09-02 | CVE-2024-39612 | Out-of-bounds Read vulnerability in Openatom Openharmony 4.0/4.0.1 in OpenHarmony v4.0.0 and prior versions allow a local attacker cause information leak through out-of-bounds Read. | 5.5 |
| 2024-09-02 | CVE-2024-8365 | Information Exposure Through Log Files vulnerability in Hashicorp Vault Vault Community Edition and Vault Enterprise experienced a regression where functionality that HMAC’d sensitive headers in the configured audit device, specifically client tokens and token accessors, was removed. | 6.5 |
| 2024-09-02 | CVE-2024-45269 | Cross-Site Request Forgery (CSRF) vulnerability in Majeedraza Carousel Slider WordPress plugin "Carousel Slider" provided by Sayful Islam contains a cross-site request forgery vulnerability on Carousel image selection feature. | 4.3 |
| 2024-09-02 | CVE-2024-45270 | Cross-Site Request Forgery (CSRF) vulnerability in Majeedraza Carousel Slider WordPress plugin "Carousel Slider" provided by Sayful Islam contains a cross-site request forgery vulnerability on Hero image selection feature. | 4.3 |
| 2024-09-01 | CVE-2024-45509 | Incorrect Authorization vulnerability in Misp In MISP through 2.4.196, app/Controller/BookmarksController.php does not properly restrict access to bookmarks data in the case where the user is not an org admin. | 6.5 |
| 2024-09-01 | CVE-2024-5053 | The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to unauthorized Malichimp API key update due to an insufficient capability check on the verifyRequest function in all versions up to, and including, 5.1.18. | 4.2 |
| 2024-08-31 | CVE-2024-8366 | Cross-site Scripting vulnerability in Code-Projects Pharmacy Management System 1.0 A vulnerability was found in code-projects Pharmacy Management System 1.0. | 4.7 |
| 2024-08-31 | CVE-2024-44946 | Use After Free vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: kcm: Serialise kcm_sendmsg() for the same socket. syzkaller reported UAF in kcm_release(). | 5.5 |