Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-16 | CVE-2024-45071 | Cross-site Scripting vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to stored cross-site scripting. | 4.8 |
| 2024-10-16 | CVE-2024-45072 | XXE vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 5.5 |
| 2024-10-16 | CVE-2024-4184 | XXE vulnerability in Microfocus Application Automation Tools Improper Restriction of XML External Entity Reference vulnerability in OpenText Application Automation Tools allows DTD Injection.This issue affects OpenText Application Automation Tools: 24.1.0 and below. | 8.0 |
| 2024-10-16 | CVE-2024-4189 | XXE vulnerability in Microfocus Application Automation Tools Improper Restriction of XML External Entity Reference vulnerability in OpenText Application Automation Tools allows DTD Injection.This issue affects OpenText Application Automation Tools: 24.1.0 and below. | 8.0 |
| 2024-10-16 | CVE-2024-4211 | Unspecified vulnerability in Microfocus Application Automation Tools Improper Validation of Specified Quantity in Input vulnerability in OpenText OpenText Application Automation Tools allows Exploiting Incorrectly Configured Access Control Security Levels. Multiple missing permission checks - ALM job config has been discovered in OpenText Application Automation Tools. | 2.4 |
| 2024-10-16 | CVE-2024-4690 | XXE vulnerability in Microfocus Application Automation Tools Improper Restriction of XML External Entity Reference vulnerability in OpenText Application Automation Tools allows DTD Injection.This issue affects OpenText Application Automation Tools: 24.1.0 and below. | 8.0 |
| 2024-10-16 | CVE-2024-4692 | Unspecified vulnerability in Microfocus Application Automation Tools Improper Validation of Specified Quantity in Input vulnerability in OpenText OpenText Application Automation Tools allows Exploiting Incorrectly Configured Access Control Security Levels. Multiple missing permission checks - Service Virtualization config has been discovered in in OpenText Application Automation Tools. | 2.4 |
| 2024-10-16 | CVE-2024-49265 | Cross-site Scripting vulnerability in Booking Banner Creator Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Partnerships at Booking.Com Booking.Com Banner Creator allows Stored XSS.This issue affects Booking.Com Banner Creator: from n/a through 1.4.6. | 5.4 |
| 2024-10-16 | CVE-2024-49268 | Cross-site Scripting vulnerability in Sunburntkamel Disconnected Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in sunburntkamel disconnected allows Reflected XSS.This issue affects disconnected: from n/a through 1.3.0. | 6.1 |
| 2024-10-16 | CVE-2024-9893 | The Nextend Social Login Pro plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 3.1.14. | 9.8 |