v.26.4.2314

Medium Severity Vulnerabilities

Found 8734 vulnerabilities at Medium severity.

Vulnerability Name

CVE

CWE

Severity

AbanteCart Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2024-50801)

CVE-2024-50801

CWE-138

Medium

AbanteCart Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2024-50802)

CVE-2024-50802

CWE-138

Medium

Chamilo Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-51142)

CVE-2024-51142

CWE-707

Medium

Ampache Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2024-51488)

CVE-2024-51488

CWE-352

Medium

Ampache Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2024-51489)

CVE-2024-51489

CWE-352

Medium

Craft CMS Files or Directories Accessible to External Parties Vulnerability (CVE-2024-52292)

CVE-2024-52292

CWE-552

Medium

Apache Tomcat Inadequate Encryption Strength Vulnerability (CVE-2024-52317)

CVE-2024-52317

CWE-326

Medium

Apache Tomcat Inadequate Encryption Strength Vulnerability (CVE-2024-52318)

CVE-2024-52318

CWE-326

Medium

Piwigo Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-52701)

CVE-2024-52701

CWE-707

Medium

MyBB Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-52702)

CVE-2024-52702

CWE-707

Medium

Apache Tomcat Uncontrolled Resource Consumption Vulnerability (CVE-2024-54677)

CVE-2024-54677

CWE-400

Medium

Drupal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-55635)

CVE-2024-55635

CWE-707

Medium

XWikiplatform Missing Authorization Vulnerability (CVE-2024-55876)

CVE-2024-55876

CWE-862

Medium

TYPO3 Insertion of Sensitive Information into Log File Vulnerability (CVE-2024-55891)

CVE-2024-55891

CWE-532

Medium

TYPO3 URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2024-55892)

CVE-2024-55892

CWE-601

Medium

TYPO3 Exposed Dangerous Method or Function Vulnerability (CVE-2024-55893)

CVE-2024-55893

CWE-749

Medium

TYPO3 Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2024-55894)

CVE-2024-55894

CWE-352

Medium

TYPO3 Exposed Dangerous Method or Function Vulnerability (CVE-2024-55920)

CVE-2024-55920

CWE-749

Medium

TYPO3 Exposed Dangerous Method or Function Vulnerability (CVE-2024-55922)

CVE-2024-55922

CWE-749

Medium

TYPO3 Exposed Dangerous Method or Function Vulnerability (CVE-2024-55923)

CVE-2024-55923

CWE-749

Medium

TYPO3 Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2024-55945)

CVE-2024-55945

CWE-352

Medium

Apache Traffic Server CVE-2024-56195 Vulnerability (CVE-2024-56195)

CVE-2024-56195

-

Medium

Apache Traffic Server CVE-2024-56196 Vulnerability (CVE-2024-56196)

CVE-2024-56196

-

Medium

Apache Traffic Server CVE-2024-56202 Vulnerability (CVE-2024-56202)

CVE-2024-56202

-

Medium

Next.js Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2024-56332)

CVE-2024-56332

CWE-770

Medium

Roundcube Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) Vulnerability (CVE-2024-57004)

CVE-2024-57004

CWE-707

Medium

PHP Insufficient Verification of Data Authenticity Vulnerability (CVE-2024-5458)

CVE-2024-5458

CWE-345

Medium

Nexus Repository Manager Use of Hard-coded Credentials Vulnerability (CVE-2024-5764)

CVE-2024-5764

CWE-798

Medium

MongoDb Missing Authorization Vulnerability (CVE-2024-6375)

CVE-2024-6375

CWE-862

Medium

MongoDb CVE-2024-6384 Vulnerability (CVE-2024-6384)

CVE-2024-6384

-

Medium

Pega Infinity Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-6700)

CVE-2024-6700

CWE-707

Medium

Pega Infinity Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-6701)

CVE-2024-6701

CWE-707

Medium

Pega Infinity Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-6702)

CVE-2024-6702

CWE-707

Medium

Jetty Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2024-6762)

CVE-2024-6762

CWE-770

Medium

Jetty Other Vulnerability (CVE-2024-6763)

CVE-2024-6763

-

Medium

Payara URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2024-7312)

CVE-2024-7312

CWE-601

Medium

ProjectSend Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2024-7658)

CVE-2024-7658

CWE-639

Medium

Jetty Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2024-8184)

CVE-2024-8184

CWE-770

Medium

MongoDb Externally Controlled Reference to a Resource in Another Sphere Vulnerability (CVE-2024-8207)

CVE-2024-8207

CWE-610

Medium

MongoDb Other Vulnerability (CVE-2024-8305)

CVE-2024-8305

-

Medium

AngularJS Other Vulnerability (CVE-2024-8372)

CVE-2024-8372

-

Medium

AngularJS Other Vulnerability (CVE-2024-8373)

CVE-2024-8373

-

Medium

WordPress Ultimate Member Plugin Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-8519)

CVE-2024-8519

CWE-707

Medium

WordPress Ultimate Member Plugin Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2024-8520)

CVE-2024-8520

CWE-352

Medium

PHP Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') Vulnerability (CVE-2024-8925)

CVE-2024-8925

-

Medium

PHP Out-of-bounds Read Vulnerability (CVE-2024-8929)

CVE-2024-8929

CWE-125

Medium

Liferay DXP Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2024-8980)

CVE-2024-8980

CWE-352

Medium

Liferay Portal Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2024-8980)

CVE-2024-8980

CWE-352

Medium

WP Plugin Advanced Custom Fields CVE-2024-9529 Vulnerability (CVE-2024-9529)

CVE-2024-9529

-

Medium

WordPress Ultimate Member Plugin CVE-2025-0318 Vulnerability (CVE-2025-0318)

CVE-2025-0318

-

Medium

MongoDb Incorrect Permission Assignment for Critical Resource Vulnerability (CVE-2025-10059)

CVE-2025-10059

CWE-732

Medium

MongoDb CVE-2025-10061 Vulnerability (CVE-2025-10061)

CVE-2025-10061

-

Medium

DataTables Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2025-11031)

CVE-2025-11031

CWE-22

Medium

Jetty Improper Input Validation Vulnerability (CVE-2025-11143)

CVE-2025-11143

CWE-20

Medium

OpenSSL NULL Pointer Dereference Vulnerability (CVE-2025-11187)

CVE-2025-11187

CWE-476

Medium

MediaWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-11261)

CVE-2025-11261

CWE-707

Medium

MongoDb Use After Free Vulnerability (CVE-2025-11979)

CVE-2025-11979

CWE-416

Medium

Python Inefficient Algorithmic Complexity Vulnerability (CVE-2025-12084)

CVE-2025-12084

CWE-407

Medium

Grafana Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2025-12141)

CVE-2025-12141

CWE-200

Medium

MongoDb Improper Check for Unusual or Exceptional Conditions Vulnerability (CVE-2025-12657)

CVE-2025-12657

CWE-754

Medium

Python Incorrect Type Conversion or Cast Vulnerability (CVE-2025-12781)

CVE-2025-12781

CWE-704

Medium

MongoDb Improper Certificate Validation Vulnerability (CVE-2025-12893)

CVE-2025-12893

CWE-295

Medium

Drupal Improper Check for Unusual or Exceptional Conditions Vulnerability (CVE-2025-13080)

CVE-2025-13080

CWE-754

Medium

Drupal Improperly Controlled Modification of Dynamically-Determined Object Attributes Vulnerability (CVE-2025-13081)

CVE-2025-13081

CWE-915

Medium

Drupal User Interface (UI) Misrepresentation of Critical Information Vulnerability (CVE-2025-13082)

CVE-2025-13082

CWE-451

Medium

MOVEit Transfer Server-Side Request Forgery (SSRF) Vulnerability (CVE-2025-13147)

CVE-2025-13147

CWE-918

Medium

Django Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2025-13372)

CVE-2025-13372

CWE-138

Medium

Lodash Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') Vulnerability (CVE-2025-13465)

CVE-2025-13465

CWE-1321

Medium

Django Observable Timing Discrepancy Vulnerability (CVE-2025-13473)

CVE-2025-13473

CWE-208

Medium

MongoDb Improper Validation of Specified Quantity in Input Vulnerability (CVE-2025-13507)

CVE-2025-13507

CWE-1284

Medium

MongoDb Missing Authorization Vulnerability (CVE-2025-13643)

CVE-2025-13643

CWE-862

Medium

Python Uncontrolled Resource Consumption Vulnerability (CVE-2025-13837)

CVE-2025-13837

CWE-400

Medium

MongoDb Improper Locking Vulnerability (CVE-2025-14345)

CVE-2025-14345

CWE-667

Medium

Opencart Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') Vulnerability (CVE-2025-15116)

CVE-2025-15116

CWE-362

Medium

OpenSSL NULL Pointer Dereference Vulnerability (CVE-2025-15468)

CVE-2025-15468

CWE-476

Medium