Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-01-25 | CVE-2024-35111 | Information Exposure Through an Error Message vulnerability in IBM Control Center 6.2.1.0/6.3.1.0 IBM Control Center 6.2.1 and 6.3.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. | 4.3 |
| 2025-01-25 | CVE-2024-35112 | Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in IBM Control Center 6.2.1.0/6.3.1.0 IBM Control Center 6.2.1 and 6.3.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. | 4.3 |
| 2025-01-25 | CVE-2024-35113 | Information Exposure Through Directory Listing vulnerability in IBM Control Center 6.2.1.0/6.3.1.0 IBM Control Center 6.2.1 and 6.3.1 could allow an authenticated user to obtain sensitive information exposed through a directory listing. | 6.5 |
| 2025-01-25 | CVE-2024-35114 | Response Discrepancy Information Exposure vulnerability in IBM Control Center 6.2.1.0/6.3.1.0 IBM Control Center 6.2.1 and 6.3.1 could allow a remote attacker to enumerate usernames due to an observable discrepancy between login attempts. | 5.3 |
| 2025-01-25 | CVE-2024-35134 | IBM Analytics Content Hub 2.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. | 5.3 |
| 2025-01-25 | CVE-2024-39750 | IBM Analytics Content Hub 2.0 is vulnerable to a buffer overflow due to improper return length checking. | 8.8 |
| 2025-01-25 | CVE-2024-13562 | Unspecified vulnerability in Importwp Import WP The Import WP – Export and Import CSV and XML files to WordPress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.14.5 via the uploads directory. | 7.5 |
| 2025-01-25 | CVE-2025-0350 | Cross-site Scripting vulnerability in Elegantthemes Carousel Maker for Divi The Divi Carousel Maker – Image, Logo, Testimonial, Post Carousel & More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Carousel and Logo Carousel in all versions up to, and including, 2.0.4 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2025-01-25 | CVE-2024-13449 | Missing Authorization vulnerability in Ibsofts Boom Fest The Boom Fest plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'bf_admin_action' function in all versions up to, and including, 2.2.1. | 4.3 |
| 2025-01-25 | CVE-2024-13450 | Server-Side Request Forgery (SSRF) vulnerability in Bitapps Contact Form Builder The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.17.4 via the Webhooks integration. | 6.5 |