Vulnerabilities > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-08-28 | CVE-2024-41564 | Improper Validation of Array Index vulnerability in Emilyploszaj EMI EMI v.1.1.10 and before, fixed in v.1.1.11, contains an Improper Validation of Specified Index, Position, or Offset in Input vulnerability. | 5.3 |
2024-08-28 | CVE-2024-41565 | Improper Validation of Array Index vulnerability in Mezz Justenoughitems JustEnoughItems (JEI) 19.5.0.33 and before contains an Improper Validation of Specified Index, Position, or Offset in Input vulnerability. | 5.3 |
2024-08-28 | CVE-2024-6053 | Unspecified vulnerability in Teamviewer Meeting and Teamviewer Improper access control in the clipboard synchronization feature in TeamViewer Full Client prior version 15.57 and TeamViewer Meeting prior version 15.55.3 can lead to unintentional sharing of the clipboard with the current presenter of a meeting. | 4.3 |
2024-08-28 | CVE-2024-7744 | Path Traversal vulnerability in Progress WS FTP Server In WS_FTP Server versions before 8.8.8 (2022.0.8), an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in the Web Transfer Module allows File Discovery, Probe System Files, User-Controlled Filename, Path Traversal. An authenticated file download flaw has been identified where a user can craft an API call that allows them to download a file from an arbitrary folder on the drive where that user host's root folder is located (by default this is C:) | 6.5 |
2024-08-28 | CVE-2024-42698 | Improper Validation of Array Index vulnerability in Shedaniel Roughlyenoughitems Roughly Enough Items (REI) v.16.0.729 and before contains an Improper Validation of Specified Index, Position, or Offset in Input vulnerability. | 5.3 |
2024-08-28 | CVE-2024-8195 | Missing Authorization vulnerability in Permalink Manager Lite Project Permalink Manager Lite The Permalink Manager Lite plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'debug_data', 'debug_query', and 'debug_redirect' functions in all versions up to, and including, 2.4.4. | 5.3 |
2024-08-28 | CVE-2024-6449 | Unspecified vulnerability in Hyperview Geoportal Toolkit HyperView Geoportal Toolkit in versions lower than 8.5.0 does not restrict cross-domain requests when fetching remote content pointed by one of GET request parameters. An unauthenticated remote attacker can prepare links, which upon opening will load scripts from a remote location controlled by the attacker and execute them in the user space. By manipulating this parameter it is also possible to enumerate some of the devices in Local Area Network in which the server resides. | 6.5 |
2024-08-28 | CVE-2024-6450 | Cross-site Scripting vulnerability in Hyperview Geoportal Toolkit HyperView Geoportal Toolkit in versions lower than 8.5.0 is vulnerable to Reflected Cross-Site Scripting (XSS). | 6.1 |
2024-08-28 | CVE-2024-7447 | Missing Authorization vulnerability in Funnelforms Free The Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'fnsf_af2_handel_file_upload' function in all versions up to, and including, 3.7.3.2. | 5.3 |
2024-08-28 | CVE-2024-7269 | Cross-site Scripting vulnerability in Connx ESP HR Management 4.4.0 Improper Neutralization of Input During Web Page Generation vulnerability in "Update of Personal Details" form in ConnX ESP HR Management allows Stored XSS attack. An attacker might inject a script to be run in user's browser. After multiple attempts to contact the vendor we did not receive any answer. | 5.4 |