| 2024-12-17 | CVE-2024-49818 | Information Exposure Through an Error Message vulnerability in IBM Security Guardium KEY Lifecycle Manager
IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. | 4.3 |
| 2024-12-17 | CVE-2024-49819 | Cleartext Transmission of Sensitive Information vulnerability in IBM Security Guardium KEY Lifecycle Manager
IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 could allow a remote attacker to obtain sensitive information in cleartext in a communication channel that can be sniffed by unauthorized actors. | 7.5 |
| 2024-12-17 | CVE-2024-49820 | Cleartext Transmission of Sensitive Information vulnerability in IBM Security Guardium KEY Lifecycle Manager
IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. | 3.7 |
| 2024-12-17 | CVE-2024-8972 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mobil365 Informatics Saha365 App allows SQL Injection.This issue affects Saha365 App: before 30.09.2024. network low complexity CWE-89 critical | 9.8 |
| 2024-12-17 | CVE-2024-10356 | The ElementsReady Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.4.8 in inc/Widgets/accordion/output/content.php. | 4.3 |
| 2024-12-17 | CVE-2024-9819 | Authorization Bypass Through User-Controlled Key vulnerability in NextGeography NG Analyser allows Functionality Misuse.This issue affects NG Analyser: before 2.2.711. | 6.5 |
| 2024-12-17 | CVE-2024-11280 | The PPWP – Password Protect Pages plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.9.5 via the WordPress core search feature. | 5.3 |
| 2024-12-17 | CVE-2024-12395 | The WooCommerce Additional Fees On Checkout (Free) plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘number’ parameter in all versions up to, and including, 1.4.7 due to insufficient input sanitization and output escaping. | 6.1 |
| 2024-12-17 | CVE-2024-12601 | The Calculated Fields Form plugin for WordPress is vulnerable to Denial of Service in all versions up to, and including, 5.2.63. | 5.3 |
| 2024-12-17 | CVE-2024-52542 | Link Following vulnerability in Dell Appsync
Dell AppSync, version 4.6.0.x, contain a Symbolic Link (Symlink) Following vulnerability. | 5.5 |