Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2025-01-07 CVE-2024-45100 IBM Security ReaQta 3.12 could allow a privileged user to cause a denial of service by sending multiple administration requests due to improper allocation of resources.
network
low complexity
CWE-770
4.9
4.9
2025-01-07 CVE-2024-45640 IBM Security ReaQta 3.12 returns sensitive information in an HTTP response that could be used in further attacks against the system.
network
low complexity
CWE-497
5.3
5.3
2025-01-07 CVE-2024-12033 Missing Authorization vulnerability in Artbees Jupiter X Core
The Jupiter X Core plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the sync_libraries() function in all versions up to, and including, 4.8.5.
network
low complexity
artbees CWE-862
4.3
4.3
2025-01-07 CVE-2024-12316 Missing Authorization vulnerability in Artbees Jupiter X Core
The Jupiter X Core plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the export_popup_action() function in all versions up to, and including, 4.8.5.
network
low complexity
artbees CWE-862
5.3
5.3
2025-01-07 CVE-2024-12532 The BWD Elementor Addons plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.3.18 in widgets/bwdeb-content-switcher.php.
network
low complexity
CWE-200
4.3
4.3
2025-01-07 CVE-2024-12711 The RSVP and Event Management plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several AJAX functions like bulk_delete_attendees() and bulk_delete_questions() in all versions up to, and including, 2.7.13.
network
low complexity
CWE-862
5.3
5.3
2025-01-07 CVE-2024-52366 IBM Concert Software 1.0.0, 1.0.1, 1.0.2, 1.0.2.1, and 1.0.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security.
network
high complexity
CWE-327
5.9
5.9
2025-01-07 CVE-2024-52367 IBM Concert Software 1.0.0, 1.0.1, 1.0.2, 1.0.2.1, and 1.0.3 could disclose sensitive system information to an unauthorized actor that could be used in further attacks against the system.
network
low complexity
CWE-497
5.3
5.3
2025-01-07 CVE-2024-52891 IBM Concert Software 1.0.0, 1.0.1, 1.0.2, 1.0.2.1, and 1.0.3 could allow an authenticated user to inject malicious information or obtain information from log files due to improper log neutralization.
network
low complexity
CWE-117
5.4
5.4
2025-01-07 CVE-2024-52893 IBM Concert Software 1.0.0, 1.0.1, 1.0.2, 1.0.2.1, and 1.0.3  could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser.
network
low complexity
CWE-209
5.3
5.3