Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-30 | CVE-2024-8337 | Cross-site Scripting vulnerability in Rems Contact Manager With Export to VCF 1.0 A vulnerability, which was classified as problematic, has been found in SourceCodester Contact Manager with Export to VCF 1.0. | 5.4 |
| 2024-08-30 | CVE-2022-48944 | Unspecified vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: sched: Fix yet more sched_fork() races Where commit 4ef0c5c6b5ba ("kernel/sched: Fix sched_fork() access an invalid sched_task_group") fixed a fork race vs cgroup, it opened up a race vs syscalls by not placing the task on the runqueue before it gets exposed through the pidhash. Commit 13765de8148f ("sched/fair: Fix fault in reweight_entity") is trying to fix a single instance of this, instead fix the whole class of issues, effectively reverting this commit. | 5.5 |
| 2024-08-30 | CVE-2024-7122 | Cross-site Scripting vulnerability in Wpvibes Elementor Addon Elements The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 1.13.6 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-08-30 | CVE-2024-7858 | Missing Authorization vulnerability in Maxfoundry Media Library Folders The Media Library Folders plugin for WordPress is vulnerable to unauthorized access due to missing capability checks on several AJAX functions in the media-library-plus.php file in all versions up to, and including, 8.2.3. | 6.3 |
| 2024-08-30 | CVE-2024-8274 | Cross-site Scripting vulnerability in Wpbookingcalendar WP Booking Calendar The WP Booking Calendar plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via several parameters from 'timeline_obj' in all versions up to, and including, 10.5 due to insufficient input sanitization and output escaping. | 6.1 |
| 2024-08-30 | CVE-2024-44944 | Memory Leak vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: netfilter: ctnetlink: use helper function to calculate expect ID Delete expectation path is missing a call to the nf_expect_get_id() helper function to calculate the expectation ID, otherwise LSB of the expectation object address is leaked to userspace. | 5.5 |
| 2024-08-30 | CVE-2024-8319 | Cross-Site Request Forgery (CSRF) vulnerability in Themeific Tourfic The Tourfic plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.11.20. | 4.3 |
| 2024-08-30 | CVE-2024-34577 | Cross-site Scripting vulnerability in Elecom products Cross-site scripting vulnerability exists in WRC-X3000GS2-B, WRC-X3000GS2-W, and WRC-X3000GS2A-B due to improper processing of input values in easysetup.cgi. | 6.1 |
| 2024-08-30 | CVE-2024-42412 | Cross-site Scripting vulnerability in Elecom Wab-I1750-Ps Firmware and Wab-S1167-Ps Firmware Cross-site scripting vulnerability exists in WAB-I1750-PS and WAB-S1167-PS due to improper processing of input values in menu.cgi. | 6.1 |
| 2024-08-30 | CVE-2024-3998 | Cross-site Scripting vulnerability in Muffingroup Betheme 26.5.1.4/26.6/26.6.1 The Betheme theme for WordPress is vulnerable to Stored Cross-Site Scripting via several of the plugin's shortcodes in all versions up to, and including, 27.5.6 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |