Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2025-01-18 CVE-2024-49354 IBM Concert 1.0.0, 1.0.1, and 1.0.2 is vulnerable to sensitive information disclosure through specially crafted API Calls.
network
low complexity
CWE-213
5.3
5.3
2025-01-18 CVE-2024-49824 IBM Robotic Process Automation 21.0.0 through 21.0.7.18 and 23.0.0 through 23.0.18 and IBM Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.18 and 23.0.0 through 23.0.18 could allow an authenticated user to perform unauthorized actions as a privileged user due to improper validation of client-side security enforcement.
network
low complexity
CWE-602
6.5
6.5
2025-01-18 CVE-2024-49338 IBM App Connect Enterprise 12.0.1.0 through 12.0.7.0and 13.0.1.0 under certain configurations could allow a privileged user to obtain JMS credentials.
network
high complexity
 4.4
4.4
2025-01-18 CVE-2024-51448 IBM Robotic Process Automation 21.0.0 through 21.0.7.17 and 23.0.0 through 23.0.18 could allow a local user to escalate their privileges.
local
low complexity
CWE-277
6.7
6.7
2025-01-18 CVE-2025-0558 A vulnerability classified as critical was found in TDuckCloud tduck-platform up to 4.0.
network
low complexity
CWE-74
6.3
6.3
2025-01-18 CVE-2025-0557 A vulnerability classified as problematic has been found in Hyland Alfresco Community Edition and Alfresco Enterprise Edition up to 6.2.2.
network
low complexity
CWE-94
4.3
4.3
2025-01-18 CVE-2024-13392 The Rate Star Review Vote – AJAX Reviews, Votes, Star Ratings plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'videowhisper_reviews' shortcode in all versions up to, and including, 1.6.3 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
CWE-79
6.4
6.4
2025-01-18 CVE-2024-12385 The WP Abstracts plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.7.2.
network
low complexity
CWE-352
6.1
6.1
2025-01-18 CVE-2024-12696 The Picture Gallery – Frontend Image Uploads, AJAX Photo List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's videowhisper_picture_upload_guest shortcode in all versions up to, and including, 1.5.22 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
CWE-79
6.4
6.4
2025-01-18 CVE-2024-13317 The ShipWorks Connector for Woocommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.2.5.
network
low complexity
CWE-352
4.3
4.3