Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-27 | CVE-2024-6789 | Path Traversal vulnerability in M-Files Server A path traversal issue in API endpoint in M-Files Server before version 24.8.13981.0 and LTS 24.2.13421.15 SR2 and LTS 23.8.12892.0 SR6 allows authenticated user to read files | 6.5 |
| 2024-08-27 | CVE-2024-41175 | Allocation of Resources Without Limits or Throttling vulnerability in Beckhoff IPC Diagnostics Package and Twincat/Bsd The IPC-Diagnostics package included in TwinCAT/BSD is vulnerable to a local denial-of-service attack by a low privileged attacker. | 5.5 |
| 2024-08-27 | CVE-2024-6804 | Cross-site Scripting vulnerability in Jegtheme JEG Elementor KIT The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.6.7 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-08-27 | CVE-2024-7304 | Cross-site Scripting vulnerability in Wpmanageninja Ninja Tables The Ninja Tables – Easiest Data Table Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 5.0.12 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-08-27 | CVE-2024-6688 | The Oxygen Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the oxy_save_css_from_admin AJAX action in all versions up to, and including, 4.8.3. network low complexity | 4.3 |
| 2024-08-26 | CVE-2024-43214 | Missing Authorization vulnerability in Mycred Missing Authorization vulnerability in myCred.This issue affects myCred: from n/a through 2.7.2. | 5.3 |
| 2024-08-26 | CVE-2024-43251 | Unspecified vulnerability in Bitapps BIT Form Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Bit Apps Bit Form Pro.This issue affects Bit Form Pro: from n/a through 2.6.4. | 6.5 |
| 2024-08-26 | CVE-2024-43255 | Cross-Site Request Forgery (CSRF) vulnerability in Stormhillmedia Mybook Table Bookstore Cross-Site Request Forgery (CSRF) vulnerability in Stormhill Media MyBookTable Bookstore allows Cross-Site Scripting (XSS).This issue affects MyBookTable Bookstore: from n/a through 3.3.9. | 6.1 |
| 2024-08-26 | CVE-2024-43257 | Unspecified vulnerability in Nouthemes Leopard Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Nouthemes Leopard - WordPress offload media.This issue affects Leopard - WordPress offload media: from n/a through 2.0.36. | 6.5 |
| 2024-08-26 | CVE-2024-43269 | Cross-Site Request Forgery (CSRF) vulnerability in Wpbackitup Backup and Restore Wordpress Cross-Site Request Forgery (CSRF) vulnerability in WPBackItUp Backup and Restore WordPress.This issue affects Backup and Restore WordPress: from n/a through 1.50. | 4.3 |