Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-12-18 CVE-2024-25042 IBM Cognos Analytics 11.2.0 through 11.2.4 and 12.0.0 through 12.0.3 is potentially vulnerable to Cross Site Scripting (XSS).
network
low complexity
CWE-79
5.4
5.4
2024-12-18 CVE-2024-41752 IBM Cognos Analytics 11.2.0 through 11.2.4 and 12.0.0 through 12.0.3 is vulnerable to HTML injection.
low complexity
CWE-80
5.4
5.4
2024-12-18 CVE-2024-45082 IBM Cognos Analytics 11.2.0 through 11.2.4 and 12.0.0 through 12.0.3 could allow a remote attacker to conduct phishing attacks, using an open redirect attack.
low complexity
CWE-601
6.8
6.8
2024-12-18 CVE-2023-50956 IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.9 could allow a privileged user to obtain highly sensitive user credentials from secret keys that are stored in clear text.
local
low complexity
CWE-256
4.4
4.4
2024-12-18 CVE-2024-47119 IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.9 does not properly validate a certificate which could allow an attacker to spoof a trusted entity by interfering in the communication path between the host and client.
network
high complexity
CWE-295
5.9
5.9
2024-12-18 CVE-2024-52361 IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.9  stores user credentials in plain text which can be read by an authenticated user with access to the pod.
low complexity
CWE-256
5.7
5.7
2024-12-18 CVE-2024-11291 The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.13.4 via the WordPress core search feature.
network
low complexity
CWE-200
5.3
5.3
2024-12-18 CVE-2024-11926 The Travel Booking WordPress Theme theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the '__stPartnerCreateServiceRental', 'st_delete_order_item', '_st_partner_approve_booking', 'save_order_item', and '__userDenyEachInfo' functions in all versions up to, and including, 3.1.6.
network
low complexity
CWE-862
6.5
6.5
2024-12-18 CVE-2024-47104 IBM i 7.4 and 7.5 is vulnerable to an authenticated user gaining elevated privilege to a physical file.
network
high complexity
CWE-732
6.8
6.8
2024-12-18 CVE-2024-12340 The Animation Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.1.6 via the 'render' function in widgets/content-slider.php and widgets/tabs.php.
network
low complexity
CWE-200
4.3
4.3