Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-27 | CVE-2024-8208 | Cross-site Scripting vulnerability in Insurance Management System Project Insurance Management System 1.0 A vulnerability has been found in nafisulbari/itsourcecode Insurance Management System 1.0 and classified as problematic. | 6.1 |
| 2024-08-27 | CVE-2024-8209 | Cross-site Scripting vulnerability in Insurance Management System Project Insurance Management System 1.0 A vulnerability was found in nafisulbari/itsourcecode Insurance Management System 1.0 and classified as problematic. | 6.1 |
| 2024-08-27 | CVE-2024-43788 | Cross-site Scripting vulnerability in Webpack.Js Webpack Webpack is a module bundler. | 6.1 |
| 2024-08-27 | CVE-2024-40395 | Authorization Bypass Through User-Controlled Key vulnerability in PTC Thingworx 9.5.0 An Insecure Direct Object Reference (IDOR) in PTC ThingWorx v9.5.0 allows attackers to view sensitive information, including PII, regardless of access level. | 6.5 |
| 2024-08-27 | CVE-2024-8199 | Missing Authorization vulnerability in Smashballoon Reviews Feed The Reviews Feed – Add Testimonials and Customer Reviews From Google Reviews, Yelp, TripAdvisor, and More plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'update_api_key' function in all versions up to, and including, 1.1.2. | 4.3 |
| 2024-08-27 | CVE-2024-8200 | Cross-Site Request Forgery (CSRF) vulnerability in Smashballoon Reviews Feed The Reviews Feed – Add Testimonials and Customer Reviews From Google Reviews, Yelp, TripAdvisor, and More plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.2. | 4.3 |
| 2024-08-27 | CVE-2024-7941 | Open Redirect vulnerability in Hitachienergy Microscada X Sys600 An HTTP parameter may contain a URL value and could cause the web application to redirect the request to the specified URL. By modifying the URL value to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials. | 6.1 |
| 2024-08-27 | CVE-2024-8207 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Mongodb In certain highly specific configurations of the host system and MongoDB server binary installation on Linux Operating Systems, it may be possible for a unintended actor with host-level access to cause the MongoDB Server binary to load unintended actor-controlled shared libraries when the server binary is started, potentially resulting in the unintended actor gaining full control over the MongoDB server process. | 6.7 |
| 2024-08-27 | CVE-2024-7791 | The 140+ Widgets | Xpro Addons For Elementor – FREE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘arrow’ parameter within the Post Grid widget in all versions up to, and including, 1.4.4.3 due to insufficient input sanitization and output escaping. network low complexity | 6.4 |
| 2024-08-27 | CVE-2024-8197 | The Visual Sound plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.03. network low complexity | 4.3 |