Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2025-01-25 CVE-2024-35111 Information Exposure Through an Error Message vulnerability in IBM Control Center 6.2.1.0/6.3.1.0
IBM Control Center 6.2.1 and 6.3.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser.
network
low complexity
ibm CWE-209
4.3
2025-01-25 CVE-2024-35112 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in IBM Control Center 6.2.1.0/6.3.1.0
IBM Control Center 6.2.1 and 6.3.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser.
network
low complexity
ibm CWE-80
4.3
2025-01-25 CVE-2024-35113 Information Exposure Through Directory Listing vulnerability in IBM Control Center 6.2.1.0/6.3.1.0
IBM Control Center 6.2.1 and 6.3.1 could allow an authenticated user to obtain sensitive information exposed through a directory listing.
network
low complexity
ibm CWE-548
6.5
2025-01-25 CVE-2024-35114 Response Discrepancy Information Exposure vulnerability in IBM Control Center 6.2.1.0/6.3.1.0
IBM Control Center 6.2.1 and 6.3.1 could allow a remote attacker to enumerate usernames due to an observable discrepancy between login attempts.
network
low complexity
ibm CWE-204
5.3
2025-01-25 CVE-2024-35134 IBM Analytics Content Hub 2.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser.
network
low complexity
CWE-209
5.3
2025-01-25 CVE-2024-39750 IBM Analytics Content Hub 2.0 is vulnerable to a buffer overflow due to improper return length checking.
network
low complexity
CWE-119
8.8
2025-01-25 CVE-2024-13562 Unspecified vulnerability in Importwp Import WP
The Import WP – Export and Import CSV and XML files to WordPress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.14.5 via the uploads directory.
network
low complexity
importwp
7.5
2025-01-25 CVE-2025-0350 Cross-site Scripting vulnerability in Elegantthemes Carousel Maker for Divi
The Divi Carousel Maker – Image, Logo, Testimonial, Post Carousel & More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Carousel and Logo Carousel in all versions up to, and including, 2.0.4 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
elegantthemes CWE-79
5.4
2025-01-25 CVE-2024-13449 Missing Authorization vulnerability in Ibsofts Boom Fest
The Boom Fest plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'bf_admin_action' function in all versions up to, and including, 2.2.1.
network
low complexity
ibsofts CWE-862
4.3
2025-01-25 CVE-2024-13450 Server-Side Request Forgery (SSRF) vulnerability in Bitapps Contact Form Builder
The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.17.4 via the Webhooks integration.
network
low complexity
bitapps CWE-918
6.5