Latest medium severity Vulnerabilities

CVE-2024-28759
A crafted network packet may cause a buffer overrun in Wind River VxWorks 7 through 23.09.
CVE-2024-24908
Dell PowerProtect DM5500 version 5.15.0.0 and prior contain an Arbitrary File Delete via Path Traversal vulnerability. A remote attacker with high privileges could potentially exploit this vulnerabili...
CVE-2024-32886
Vitess vulnerable to infinite memory consumption and vtgate crash
go/github.com/vitessio/vitess<17.0.7
go/github.com/vitessio/vitess>=18.0.0<18.0.5
go/github.com/vitessio/vitess>=19.0.0<19.0.4
CVE-2024-4652
Campcodes Complete Web-Based School Management System show_teacher2.php cross site scripting
CVE-2024-4651
Campcodes Complete Web-Based School Management System student_attendance_history1.php cross site scripting
CVE-2024-33573
WordPress EPROLO Dropshipping plugin <= 1.7.1 - Broken Access Control vulnerability
CVE-2024-33574
WordPress Vitepos plugin <= 3.0.1 - Broken Access Control vulnerability
CVE-2024-4650
Campcodes Complete Web-Based School Management System student_due_payment.php cross site scripting
CVE-2024-4649
Campcodes Complete Web-Based School Management System student_exam_mark_insert_form1.php cross site scripting
CVE-2024-24833
WordPress Happy Addons for Elementor plugin <= 3.10.1 - Broken Access Control on Post Clone vulnerability
CVE-2024-31270
WordPress ARForms Form Builder plugin <= 1.6.1 - Broken Access Control vulnerability
CVE-2024-30459
WordPress AI WP Writer plugin <= 3.6.5 - Broken Access Control vulnerability
CVE-2024-4233
Broken Access Control vulnerability in multiple WordPress plugins by Tyche Softwares
CVE-2024-1438
WordPress Rolo Slider plugin <= 1.0.9 - Broken Access Control vulnerability
CVE-2024-4648
Campcodes Complete Web-Based School Management System student_exam_mark_update_form.php cross site scripting
CVE-2024-4647
Campcodes Complete Web-Based School Management System student_first_payment.php cross site scripting
CVE-2024-4646
Campcodes Complete Web-Based School Management System student_payment_details.php cross site scripting
CVE-2024-4645
SourceCodester Prison Management System changepassword.php cross site scripting
CVE-2022-40218
WordPress TH Advance Product Search plugin <= 1.1.4 - Unauthenticated Plugin Settings Change vulnerability
CVE-2024-34414
WordPress Raindrops theme <= 1.600 - Cross Site Scripting (XSS) vulnerability
CVE-2024-34546
WordPress Sticky Social Link plugin <= 1.0.0 - Cross Site Scripting (XSS) vulnerability
CVE-2024-34547
WordPress Magical Addons For Elementor plugin <= 1.1.34 - Cross Site Scripting (XSS) vulnerability
CVE-2024-4644
SourceCodester Prison Management System changepassword.php cross site scripting
CVE-2024-34548
WordPress All-in-One Addons for Elementor – WidgetKit plugin <= 2.4.8 - Cross Site Scripting (XSS) vulnerability
CVE-2024-34553
WordPress Stockholm Core plugin <= 2.4.1 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2024-34558
WordPress WOLF plugin <= 1.0.8.2 - Cross Site Scripting (XSS) vulnerability
CVE-2024-34560
WordPress gee Search Plus plugin <= 1.4.4 - Cross Site Scripting (XSS) vulnerability
CVE-2024-34561
WordPress Real3D Flipbook PDF Viewer Lite plugin <= 3.71 - Cross Site Scripting (XSS) vulnerability
CVE-2024-34562
WordPress Move Addons for Elementor plugin <= 1.3.0 - Cross Site Scripting (XSS) vulnerability
CVE-2024-34563
WordPress Gold Addons for Elementor plugin <= 1.2.9 - Cross Site Scripting (XSS) vulnerability
CVE-2024-34564
WordPress Counter Up plugin <= 2.2.1 - Cross Site Scripting (XSS) vulnerability
CVE-2024-34565
WordPress Debug Info plugin <= 1.3.10 - Cross Site Scripting (XSS) vulnerability
CVE-2024-34566
WordPress Content Blocks (Custom Post Widget) plugin <= 3.3.0 - Cross Site Scripting (XSS) vulnerability
CVE-2024-34568
WordPress LetterPress Newsletter plugin <= 1.2.1 - Cross Site Scripting (XSS) vulnerability
CVE-2024-3507
Cross-Site Scripting Vulnerability in Lunar
CVE-2024-34569
WordPress Zotpress plugin <= 7.3.9 - Cross Site Scripting (XSS) vulnerability
CVE-2024-34570
WordPress Xpro Elementor Addons plugin <= 1.4.3 - Cross Site Scripting (XSS) vulnerability
CVE-2024-34571
WordPress Himalayas theme <= 1.3.0 - Cross Site Scripting (XSS) vulnerability
CVE-2024-4135
The WP Latest Posts plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 5.0.7. This is due to the plugin allowing users to execute an action that ...
CVE-2024-4281
The Link Library plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'link-library' shortcode in all versions up to, and including, 7.6.11 due to insufficient input sani...
CVE-2024-34572
WordPress Fancy Elementor Flipbox plugin <= 2.4.2 - Cross Site Scripting (XSS) vulnerability
CVE-2024-34573
WordPress Pootle Pagebuilder plugin <= 5.7.1 - Cross Site Scripting (XSS) vulnerability
CVE-2024-34574
WordPress Table Maker plugin <= 1.9.1 - Cross Site Scripting (XSS) vulnerability
CVE-2023-41651
WordPress Multi-column Tag Map plugin <= 17.0.26 - Broken Access Control vulnerability
CVE-2024-3494
The Mesmerize Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mesmerize_contact_form' shortcode in all versions up to, and including, 1.6.148 due to insuf...
CVE-2024-22266
VMware Avi Load Balancer updates address multiple vulnerabilities
CVE-2024-22264
VMware Avi Load Balancer updates address multiple vulnerabilities
CVE-2024-4393
The Social Connect plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.2. This is due to insufficient verification on the OpenID server being supplied durin...
CVE-2024-4162
KW Watcher Vulnerability ALlows Malicious Read Access to Memory
CVE-2024-2860
The PostgreSQL implementation in Brocade SANnav versions before 2.3.0a is vulnerable to an incorrect local authentication flaw. An attacker accessing the VM where the Brocade SANnav is installed can g...

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203