Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2025-01-08 CVE-2024-56436 Unspecified vulnerability in Huawei Harmonyos 5.0.0
Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation of this vulnerability may affect service confidentiality.
network
low complexity
huawei
7.5
7.5
2025-01-08 CVE-2024-40679 Information Exposure Through Log Files vulnerability in IBM DB2 11.5
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to an information disclosure vulnerability as sensitive information may be included in a log file under specific conditions.
local
low complexity
ibm CWE-532
5.5
5.5
2025-01-08 CVE-2024-50603 OS Command Injection vulnerability in Aviatrix Controller
An issue was discovered in Aviatrix Controller before 7.1.4191 and 7.2.x before 7.2.4996.
network
low complexity
aviatrix CWE-78
critical
 9.8
9.8
2025-01-07 CVE-2021-20455 IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller 11.1.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser.
network
high complexity
CWE-209
3.7
3.7
2025-01-07 CVE-2022-22363 IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller 11.1.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser.
network
low complexity
CWE-209
4.3
4.3
2025-01-07 CVE-2024-25037 IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller 11.1.0 could allow a remote attacker to obtain sensitive information when a stack trace is returned in the browser.
network
low complexity
CWE-209
4.3
4.3
2025-01-07 CVE-2024-28778 IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller 11.1.0 is vulnerable to exposure of Artifactory API keys.
network
low complexity
CWE-798
6.5
6.5
2025-01-07 CVE-2024-40702 IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller 11.1.0 could allow an unauthorized user to obtain valid tokens to gain access to protected resources due to improper certificate validation.
network
low complexity
CWE-295
8.2
8.2
2025-01-07 CVE-2024-12131 The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2.5 due to missing validation on a user controlled key.
network
low complexity
CWE-639
4.3
4.3
2025-01-07 CVE-2024-12738 The User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several user meta parameters in all versions up to, and including, 3.12.9 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.1
6.1