Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2024-12-18 CVE-2024-25042 Cross-site Scripting vulnerability in IBM Cognos Analytics
IBM Cognos Analytics 11.2.0 through 11.2.4 and 12.0.0 through 12.0.3 is potentially vulnerable to Cross Site Scripting (XSS).
network
low complexity
ibm CWE-79
6.1
6.1
2024-12-18 CVE-2024-41752 Cross-site Scripting vulnerability in IBM Cognos Analytics
IBM Cognos Analytics 11.2.0 through 11.2.4 and 12.0.0 through 12.0.3 is vulnerable to HTML injection.
network
low complexity
ibm CWE-79
6.1
6.1
2024-12-18 CVE-2024-45082 Open Redirect vulnerability in IBM Cognos Analytics
IBM Cognos Analytics 11.2.0 through 11.2.4 and 12.0.0 through 12.0.3 could allow a remote attacker to conduct phishing attacks, using an open redirect attack.
low complexity
ibm CWE-601
5.2
5.2
2024-12-18 CVE-2023-50956 IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.9 could allow a privileged user to obtain highly sensitive user credentials from secret keys that are stored in clear text.
local
low complexity
CWE-256
4.4
4.4
2024-12-18 CVE-2024-47119 IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.9 does not properly validate a certificate which could allow an attacker to spoof a trusted entity by interfering in the communication path between the host and client.
network
high complexity
CWE-295
5.9
5.9
2024-12-18 CVE-2024-52361 IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.9  stores user credentials in plain text which can be read by an authenticated user with access to the pod.
low complexity
CWE-256
5.7
5.7
2024-12-18 CVE-2024-11291 Information Exposure vulnerability in Cozmoslabs Membership & Content Restriction - Paid Member Subscriptions
The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.13.4 via the WordPress core search feature.
network
low complexity
cozmoslabs CWE-200
5.3
5.3
2024-12-18 CVE-2024-11912 The Travel Booking WordPress Theme theme for WordPress is vulnerable to blind time-based SQL Injection via the ‘order_id’ parameter in all versions up to, and including, 3.1.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.
network
low complexity
CWE-89
7.5
7.5
2024-12-18 CVE-2024-11926 The Travel Booking WordPress Theme theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the '__stPartnerCreateServiceRental', 'st_delete_order_item', '_st_partner_approve_booking', 'save_order_item', and '__userDenyEachInfo' functions in all versions up to, and including, 3.1.6.
network
low complexity
CWE-862
6.5
6.5
2024-12-18 CVE-2024-47104 IBM i 7.4 and 7.5 is vulnerable to an authenticated user gaining elevated privilege to a physical file.
network
high complexity
CWE-732
6.8
6.8