Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-28 | CVE-2024-6449 | Unspecified vulnerability in Hyperview Geoportal Toolkit HyperView Geoportal Toolkit in versions lower than 8.5.0 does not restrict cross-domain requests when fetching remote content pointed by one of GET request parameters. An unauthenticated remote attacker can prepare links, which upon opening will load scripts from a remote location controlled by the attacker and execute them in the user space. By manipulating this parameter it is also possible to enumerate some of the devices in Local Area Network in which the server resides. | 6.5 |
| 2024-08-28 | CVE-2024-6450 | Cross-site Scripting vulnerability in Hyperview Geoportal Toolkit HyperView Geoportal Toolkit in versions lower than 8.5.0 is vulnerable to Reflected Cross-Site Scripting (XSS). | 6.1 |
| 2024-08-28 | CVE-2024-7447 | Missing Authorization vulnerability in Funnelforms Free The Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'fnsf_af2_handel_file_upload' function in all versions up to, and including, 3.7.3.2. | 5.3 |
| 2024-08-28 | CVE-2024-7269 | Cross-site Scripting vulnerability in Connx ESP HR Management 4.4.0 Improper Neutralization of Input During Web Page Generation vulnerability in "Update of Personal Details" form in ConnX ESP HR Management allows Stored XSS attack. An attacker might inject a script to be run in user's browser. After multiple attempts to contact the vendor we did not receive any answer. | 5.4 |
| 2024-08-28 | CVE-2024-44943 | Unspecified vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: mm: gup: stop abusing try_grab_folio A kernel warning was reported when pinning folio in CMA memory when launching SEV virtual machine. | 5.5 |
| 2024-08-28 | CVE-2021-22509 | Cleartext Storage of Sensitive Information vulnerability in Microfocus Netiq Advanced Authentication A vulnerability identified in storing and reusing information in Advance Authentication. | 6.5 |
| 2024-08-28 | CVE-2021-22529 | Unspecified vulnerability in Microfocus Netiq Advanced Authentication A vulnerability identified in NetIQ Advance Authentication that leaks sensitive server information. | 5.5 |
| 2024-08-28 | CVE-2024-4554 | Cross-site Scripting vulnerability in Microfocus Netiq Access Manager 5.0.2 Improper Input Validation vulnerability in OpenText NetIQ Access Manager leads to Cross-Site Scripting (XSS) attack. This issue affects NetIQ Access Manager before 5.0.4.1 and 5.1. | 5.4 |
| 2024-08-28 | CVE-2024-6312 | Path Traversal vulnerability in Funnelforms Free The Funnelforms Free plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 3.7.3.2 via the 'af2DeleteFontFile' function. | 6.5 |
| 2024-08-28 | CVE-2024-39771 | Improper Certificate Validation vulnerability in Safie Qbic Cloud Cc-2/2L Firmware and Safie ONE Firmware QBiC CLOUD CC-2L v1.1.30 and earlier and Safie One v1.8.2 and earlier do not properly validate certificates, which may allow a network-adjacent unauthenticated attacker to obtain and/or alter communications of the affected product via a man-in-the-middle attack. | 6.8 |