Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2024-11-01 CVE-2024-41741 IBM TXSeries for Multiplatforms 10.1 could allow an attacker to determine valid usernames due to an observable timing discrepancy which could be used in further attacks against the system.
network
low complexity
CWE-208
5.3
2024-11-01 CVE-2024-41744 IBM CICS TX Standard 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
network
low complexity
6.5
2024-11-01 CVE-2024-41745 IBM CICS TX Standard is vulnerable to cross-site scripting.
network
low complexity
CWE-79
6.1
2024-11-01 CVE-2024-10367 The Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and including, 3.0.4 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.4
2024-11-01 CVE-2024-10232 The Group Chat & Video Chat by AtomChat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's atomchat shortcode in all versions up to, and including, 1.1.5 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
CWE-79
6.4
2024-11-01 CVE-2024-10651 IDExpert from CHANGING Information Technology does not properly validate a specific parameter in the administrator interface, allowing remote attackers with administrator privileges to exploit this vulnerability to read arbitrary system files.
network
low complexity
CWE-36
4.9
2024-11-01 CVE-2024-10652 IDExpert from CHANGING Information Technology does not properly validate a parameter for a specific functionality, allowing unauthenticated remote attackers to inject JavsScript code and perform Reflected Cross-site scripting attacks.
network
low complexity
CWE-79
6.1
2024-11-01 CVE-2024-10653 IDExpert from CHANGING Information Technology does not properly validate a specific parameter in the administrator interface, allowing remote attackers with administrative privileges to inject and execute OS commands on the server.
network
low complexity
CWE-78
critical
10.0
2024-11-01 CVE-2024-7424 The Multiple Page Generator Plugin – MPG plugin for WordPress is vulnerable to unauthorized modification of and access to data due to a missing capability check on several functions in all versions up to, and including, 4.0.1.
network
low complexity
CWE-284
5.4
2024-11-01 CVE-2024-9655 The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Icon widget in all versions up to, and including, 6.6.2 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
CWE-79
6.4