Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-01-14 | CVE-2024-52963 | Out-of-bounds Write vulnerability in Fortinet Fortios A out-of-bounds write in Fortinet FortiOS versions 7.6.0, 7.4.0 through 7.4.6, 7.2.0 through 7.2.10, 7.0.0 through 7.0.16, 6.4.0 through 6.4.15 allows attacker to trigger a denial of service via specially crafted packets. | 5.9 |
| 2025-01-14 | CVE-2024-52967 | Cross-site Scripting vulnerability in Fortinet Fortiportal An improper neutralization of script-related html tags in a web page (basic xss) in Fortinet FortiPortal 6.0.0 through 6.0.14 allows attacker to execute unauthorized code or commands via html injection. | 4.8 |
| 2025-01-14 | CVE-2024-52969 | SQL Injection vulnerability in Fortinet Fortisiem An Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability [CWE-89] in FortiSIEM ersion 7.1.7 and below, version 7.1.0, version 7.0.3 and below, version 6.7.9 and below, 6.7.8, version 6.6.5 and below, version 6.5.3 and below, version 6.4.4 and below Update/Create Case feature may allow an authenticated attacker to extract database information via crafted requests. | 6.5 |
| 2025-01-14 | CVE-2024-56497 | OS Command Injection vulnerability in Fortinet Fortimail and Fortirecorder An improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiMail versions 7.2.0 through 7.2.4 and 7.0.0 through 7.0.6 and 6.4.0 through 6.4.7, FortiRecorder versions 7.0.0 and 6.4.0 through 6.4.4 allows attacker to execute unauthorized code or commands via the CLI. | 6.7 |
| 2025-01-14 | CVE-2024-12240 | The Page Builder by SiteOrigin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the row label parameter in all versions up to, and including, 2.31.0 due to insufficient input sanitization and output escaping. | 6.4 |
| 2025-01-14 | CVE-2024-45385 | A vulnerability has been identified in Industrial Edge Management OS (IEM-OS) (All versions). | 4.7 |
| 2025-01-14 | CVE-2024-11734 | A denial of service vulnerability was found in Keycloak that could allow an administrative user with the right to change realm settings to disrupt the service. | 6.5 |
| 2025-01-14 | CVE-2024-11736 | A vulnerability was found in Keycloak. | 4.9 |
| 2025-01-14 | CVE-2024-13156 | The HTML5 Video Player – mp4 Video Player Plugin and Block plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the ‘heading’ parameter in all versions up to, and including, 2.5.35 due to insufficient input sanitization and output escaping. | 6.4 |
| 2025-01-14 | CVE-2025-0393 | The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7.1006. | 6.1 |