Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2024-11-22 CVE-2024-41779 IBM Engineering Systems Design Rhapsody - Model Manager 7.0.2 and 7.0.3 could allow a remote attacker to bypass security restrictions, caused by a race condition.
network
low complexity
CWE-367
critical
9.8
2024-11-22 CVE-2024-41781 IBM PowerVM Platform KeyStore (IBM PowerVM Hypervisor FW950.00 through FW950.90, FW1030.00 through FW1030.60, FW1050.00 through FW1050.20, and FW1060.00 through FW1060.10 functionality can be compromised if an attacker gains service access to the HMC.
high complexity
CWE-497
5.1
2024-11-22 CVE-2024-7837 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Firmanet Software ERP allows SQL Injection.This issue affects ERP: through 22.11.2024. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
network
low complexity
CWE-89
8.2
2024-11-22 CVE-2024-7882 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Special Minds Design and Software e-Commerce allows SQL Injection.This issue affects e-Commerce: through 22.11.2024. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
network
low complexity
CWE-89
6.5
2024-11-22 CVE-2024-10034 The Gallery Blocks with Lightbox.
network
low complexity
CWE-79
5.5
2024-11-22 CVE-2024-10666 The Easy Twitter Feed – Twitter feeds plugin for WP plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.6 via the [etf] shortcode.
network
low complexity
CWE-639
4.3
2024-11-22 CVE-2024-11104 The Sky Addons for Elementor (Free Templates Library, Live Copy, Animations, Post Grid, Post Carousel, Particles, Sliders, Chart, Blogs) plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the save_options() function in all versions up to, and including, 2.6.2.
network
low complexity
CWE-862
8.1
2024-11-22 CVE-2024-11225 The Premium Packages – Sell Digital Products Securely plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 5.9.3.
network
low complexity
CWE-79
6.1
2024-11-22 CVE-2024-11355 The Ultimate YouTube Video & Shorts Player With Vimeo plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the get_setting() function in all versions up to, and including, 3.3.
network
low complexity
CWE-862
4.3
2024-11-22 CVE-2024-11381 The Control horas plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ch_registro' shortcode in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
CWE-79
6.4