Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-12-19 | CVE-2024-11740 | Code Injection vulnerability in Wpdownloadmanager Download Manager The The Download Manager plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.3.03. | 7.3 |
| 2024-12-19 | CVE-2024-11768 | Unspecified vulnerability in Wpdownloadmanager Download Manager The Download Manager plugin for WordPress is vulnerable to unauthorized download of password-protected content due to improper password validation on the checkFilePassword function in all versions up to, and including, 3.3.03. | 5.3 |
| 2024-12-19 | CVE-2023-30443 | Allocation of Resources Without Limits or Throttling vulnerability in IBM DB2 10.5/11.1/11.5 IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query. | 6.5 |
| 2024-12-19 | CVE-2024-10548 | Unspecified vulnerability in Wedevs WP Project Manager The WP Project Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.15 via the Project Task List ('/wp-json/pm/v2/projects/1/task-lists') REST API endpoint. | 6.5 |
| 2024-12-19 | CVE-2024-12121 | The Broken Link Checker | Finder plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 2.5.0 via the 'moblc_check_link' function. | 5.4 |
| 2024-12-19 | CVE-2024-35141 | Unspecified vulnerability in IBM Security Verify Access Docker IBM Security Verify Access Docker 10.0.0 through 10.0.6 could allow a local user to escalate their privileges due to execution of unnecessary privileges. | 7.8 |
| 2024-12-19 | CVE-2024-51532 | Argument Injection or Modification vulnerability in Dell Powerstoreos Dell PowerStore contains an Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability. | 7.1 |
| 2024-12-19 | CVE-2021-39081 | IBM Cognos Analytics Mobile for Android 1.1.14 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 5.9 |
| 2024-12-19 | CVE-2022-33954 | IBM Robotic Process Automation 21.0.1, 21.0.2, and 21.0.3 could allow a user with psychical access to the system to obtain sensitive information due to insufficiently protected credentials. low complexity CWE-522 | 4.6 |
| 2024-12-19 | CVE-2021-20553 | IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 is vulnerable to cross-site scripting. | 5.4 |