Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-29 | CVE-2024-44919 | Cross-site Scripting vulnerability in Seacms 12.9 A cross-site scripting (XSS) vulnerability in the component admin_ads.php of SeaCMS v12.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the ad description parameter. | 5.4 |
| 2024-08-29 | CVE-2024-45045 | Cross-site Scripting vulnerability in Collabora Online Collabora Online is a collaborative online office suite based on LibreOffice technology. | 6.1 |
| 2024-08-29 | CVE-2024-45056 | Incorrect Calculation vulnerability in Matter-Labs Zksolc zksolc is a Solidity compiler for ZKsync. | 5.9 |
| 2024-08-29 | CVE-2024-35118 | Use of Hard-coded Credentials vulnerability in IBM Maas360 MDM IBM MaaS360 for Android 6.31 through 8.60 is using hard coded credentials that can be obtained by a user with physical access to the device. | 4.6 |
| 2024-08-29 | CVE-2024-43954 | Incorrect Authorization vulnerability in Themeum Droip Incorrect Authorization vulnerability in Themeum Droip allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Droip: from n/a through 1.1.1. | 6.3 |
| 2024-08-29 | CVE-2024-43939 | Missing Authorization vulnerability in Zynith Missing Authorization vulnerability in VIICTORY MEDIA LLC Z Y N I T H allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Z Y N I T H: from n/a through 7.4.9. | 6.5 |
| 2024-08-29 | CVE-2024-43940 | Missing Authorization vulnerability in Zynith Missing Authorization vulnerability in VIICTORY MEDIA LLC Z Y N I T H allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Z Y N I T H: from n/a through 7.4.9. | 6.5 |
| 2024-08-29 | CVE-2024-8304 | Path Traversal vulnerability in Jpress A vulnerability has been found in jpress up to 5.1.1 and classified as critical. | 4.9 |
| 2024-08-29 | CVE-2024-1056 | Cross-site Scripting vulnerability in Funnelkit Funnel Builder The FunnelKit Funnel Builder Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'allow_iframe_tag_in_post' function which uses the 'wp_kses_allowed_html' filter to globally allow script and iframe tags in posts in all versions up to, and including, 3.4.5. | 5.4 |
| 2024-08-29 | CVE-2024-1384 | Cross-site Scripting vulnerability in Averta Auxinportfolio The Premium Portfolio Features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'aux_recent_portfolios_grid' shortcode in all versions up to, and including, 2.3.3 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |