| 2024-12-20 | CVE-2024-28767 | | IBM Security Directory Integrator 7.2.0 through 7.2.0.13 and 10.0.0 through 10.0.3 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. | 6.8 |
| 2024-12-18 | CVE-2024-45082 | | IBM Cognos Analytics 11.2.0 through 11.2.4 and 12.0.0 through 12.0.3 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. | 6.8 |
| 2024-12-18 | CVE-2024-47104 | | IBM i 7.4 and 7.5 is vulnerable to an authenticated user gaining elevated privilege to a physical file. | 6.8 |
| 2024-12-21 | CVE-2024-12558 | | The WP BASE Booking of Appointments, Services and Events plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the export_db function in all versions up to, and including, 4.9.2. | 6.5 |
| 2024-12-21 | CVE-2024-12635 | | The WP Docs plugin for WordPress is vulnerable to time-based SQL Injection via the 'dir_id' parameter in all versions up to, and including, 2.2.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 6.5 |
| 2024-12-20 | CVE-2024-56353 | Jetbrains | Improper Cross-boundary Removal of Sensitive Data vulnerability in Jetbrains Teamcity In JetBrains TeamCity before 2024.12 backup file exposed user credentials and session cookies | 6.5 |
| 2024-12-19 | CVE-2024-10548 | | The WP Project Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.15 via the Project Task List ('/wp-json/pm/v2/projects/1/task-lists') REST API endpoint. | 6.5 |
| 2024-12-18 | CVE-2024-51470 | | IBM MQ 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, 9.4 CD, IBM MQ Appliance 9.3 LTS, 9.3 CD, 9.4 LTS, and IBM MQ for HPE NonStop 8.1.0 through 8.1.0.25 could allow an authenticated user to cause a denial-of-service due to messages with improperly set values. | 6.5 |
| 2024-12-18 | CVE-2024-11926 | | The Travel Booking WordPress Theme theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the '__stPartnerCreateServiceRental', 'st_delete_order_item', '_st_partner_approve_booking', 'save_order_item', and '__userDenyEachInfo' functions in all versions up to, and including, 3.1.6. | 6.5 |
| 2024-12-18 | CVE-2024-12698 | | An incomplete fix for ose-olm-catalogd-container was issued for the Rapid Reset Vulnerability (CVE-2023-39325/CVE-2023-44487) where only unauthenticated streams were protected, not streams created by authenticated sources. | 6.5 |
| 2024-12-17 | CVE-2024-9819 | | Authorization Bypass Through User-Controlled Key vulnerability in NextGeography NG Analyser allows Functionality Misuse.This issue affects NG Analyser: before 2.2.711. | 6.5 |
| 2024-12-17 | CVE-2024-8475 | | Authentication Bypass by Assumed-Immutable Data vulnerability in Digital Operation Services WiFiBurada allows Manipulating User-Controlled Variables.This issue affects WiFiBurada: before 1.0.5. | 6.5 |
| 2024-12-16 | CVE-2024-12645 | | The topm-client from Chunghwa Telecom has an Arbitrary File Read vulnerability. | 6.5 |
| 2024-12-21 | CVE-2024-10453 | | The Elementor Website Builder – More than Just a Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Typography Settings in all versions up to, and including, 3.25.9 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 |
| 2024-12-21 | CVE-2024-12591 | | The MagicPost plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wb_share_social shortcode in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 |
| 2024-12-21 | CVE-2024-12588 | | The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Staff widget in all versions up to, and including, 2.16.4 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 |
| 2024-12-21 | CVE-2024-9545 | | The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's aux_contact_box and aux_gmaps shortcodes in all versions up to, and including, 2.16.4 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 |
| 2024-12-21 | CVE-2024-11196 | | The Multi-column Tag Map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's mctagmap shortcode in all versions up to, and including, 17.0.33 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 |
| 2024-12-21 | CVE-2024-11938 | | The One Click Upsell Funnel for WooCommerce – Funnel Builder for WordPress, Create WooCommerce Upsell, Post-Purchase Upsell & Cross Sell Offers that Boost Sales & Increase Profits with Sales Funnel Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wps_wocuf_pro_yes shortcode in all versions up to, and including, 3.4.9 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 |
| 2024-12-21 | CVE-2024-12697 | | The real.Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 5.1.1 due to insufficient input sanitization and output escaping. | 6.4 |
| 2024-12-20 | CVE-2024-11411 | | The Spotlightr plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'spotlightr-v' shortcode in all versions up to, and including, 0.1.9 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 |
| 2024-12-20 | CVE-2024-11774 | | The Outdooractive Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'list2go' shortcode in all versions up to, and including, 1.5 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 |
| 2024-12-20 | CVE-2024-11775 | | The Particle Background plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'particleground' shortcode in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 |
| 2024-12-20 | CVE-2024-11783 | | The Financial Calculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'finance_calculator' shortcode in all versions up to, and including, 2.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 |
| 2024-12-20 | CVE-2024-11784 | | The Sell Tickets Online – TicketSource Ticket Shop for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ticketshop' shortcode in all versions up to, and including, 3.0.2 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 |
| 2024-12-20 | CVE-2024-11878 | | The Category Post Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'category-post-slider' shortcode in all versions up to, and including, 1.4 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 |
| 2024-12-20 | CVE-2024-11893 | | The Spoki – Chat Buttons and WooCommerce Notifications plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'spoki_button' shortcode in all versions up to, and including, 2.15.14 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 |
| 2024-12-20 | CVE-2024-12506 | | The NACC WordPress Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'nacc' shortcode in all versions up to, and including, 4.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 |
| 2024-12-20 | CVE-2024-12509 | | The Embed Twine plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'embed_twine' shortcode in all versions up to, and including, 0.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 |
| 2024-12-20 | CVE-2024-9619 | | The WP SHAPES plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. | 6.4 |
| 2024-12-20 | CVE-2024-11776 | | The PCRecruiter Extensions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'PCRecruiter' shortcode in all versions up to, and including, 1.4.10 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 |
| 2024-12-18 | CVE-2024-12449 | | The Video Share VOD – Turnkey Video Site Builder Script plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'videowhisper_player_html' shortcode in all versions up to, and including, 2.6.30 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 |
| 2024-12-18 | CVE-2024-11439 | | The ScanCircle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'scancircle' shortcode in all versions up to, and including, 2.9.2 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 |
| 2024-12-18 | CVE-2024-11748 | | The Taeggie Feed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'taeggie-feed' shortcode in all versions up to, and including, 0.1.9 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 |
| 2024-12-18 | CVE-2024-11881 | | The Easy Waveform Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'easywaveformplayer' shortcode in all versions up to, and including, 1.2.0 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 |
| 2024-12-18 | CVE-2024-12500 | | The Philantro – Donations and Donor Management plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes like 'donate' in all versions up to, and including, 5.2 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 |
| 2024-12-18 | CVE-2024-12513 | | The Contests by Rewards Fuel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'RF_CONTEST' shortcode in all versions up to, and including, 2.0.65 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 |
| 2024-12-17 | CVE-2024-11900 | | The Portfolio – Filterable Masonry Portfolio Gallery for Professionals plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'portfolio-pro' shortcode in all versions up to, and including, 1.2.2 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 |
| 2024-12-17 | CVE-2024-11902 | | The Slope Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'slope-reservations' shortcode in all versions up to, and including, 4.2.11 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 |
| 2024-12-17 | CVE-2024-11905 | | The Animated Counters plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'animatedcounte' shortcode in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 |
| 2024-12-17 | CVE-2024-11906 | | The TPG Get Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tpg_get_posts' shortcode in all versions up to, and including, 3.6.5 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 |
| 2024-12-16 | CVE-2024-12443 | | The CRM Perks – WordPress HelpDesk Integration – Zendesk, Freshdesk, HelpScout plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'crm-perks-tickets' shortcode in all versions up to, and including, 1.1.6 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 |
| 2024-12-20 | CVE-2024-12832 | Arista | SQL Injection vulnerability in Arista NG Firewall 17.1.1 Arista NG Firewall ReportEntry SQL Injection Arbitrary File Read and Write Vulnerability. | 6.3 |
| 2024-12-19 | CVE-2024-52897 | | IBM MQ Appliance 9.3 LTS, 9.3 CD, and 9.4 LTS web console could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned. | 6.2 |
| 2024-12-19 | CVE-2024-52896 | | IBM MQ Appliance 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD web console could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned. | 6.2 |
| 2024-12-21 | CVE-2024-11688 | | The LaTeX2HTML plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'ver' or 'date' parameter in all versions up to, and including, 2.5.5 due to insufficient input sanitization and output escaping. | 6.1 |
| 2024-12-21 | CVE-2024-12408 | | The WP on AWS plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via $_POST data in all versions up to, and including, 5.2.1 due to insufficient input sanitization and output escaping. | 6.1 |
| 2024-12-21 | CVE-2024-11808 | | The Pingmeter Uptime Monitoring plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the '_wpnonce' parameter in all versions up to, and including, 1.0.3 due to insufficient input sanitization and output escaping. | 6.1 |
| 2024-12-21 | CVE-2024-11287 | | The Ebook Store plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 5.8001. | 6.1 |
| 2024-12-21 | CVE-2024-11682 | | The G Web Pro Store Locator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'q' parameter in all versions up to, and including, 2.1 due to insufficient input sanitization and output escaping. | 6.1 |
| 2024-12-21 | CVE-2024-11975 | | The Reactflow Visitor Recording and Heatmaps plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.10. | 6.1 |
| 2024-12-21 | CVE-2024-12262 | | The Ebook Store plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'step' parameter in all versions up to, and including, 5.8001 due to insufficient input sanitization and output escaping. | 6.1 |
| 2024-12-20 | CVE-2024-11811 | | The Feedify – Web Push Notifications plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'platform', 'phone', 'email', and 'store_url' parameters. | 6.1 |
| 2024-12-20 | CVE-2024-11331 | | The ??????? ??????? ??????? ???? ???? plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.1.3. | 6.1 |
| 2024-12-20 | CVE-2024-11806 | | The PKT1 Centro de envios plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'success' and 'error' parameters in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping. | 6.1 |
| 2024-12-20 | CVE-2024-11812 | | The Wtyczka SeoPilot dla WP plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.3.091. | 6.1 |
| 2024-12-18 | CVE-2024-12454 | | The Affiliate Program Suite — SliceWP Affiliates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.23. | 6.1 |
| 2024-12-18 | CVE-2024-11254 | | The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the disqus_name parameter in all versions up to, and including, 1.1.1 due to insufficient input validation. | 6.1 |
| 2024-12-17 | CVE-2024-12395 | | The WooCommerce Additional Fees On Checkout (Free) plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘number’ parameter in all versions up to, and including, 1.4.7 due to insufficient input sanitization and output escaping. | 6.1 |
| 2024-12-17 | CVE-2024-12127 | | The Learning Management System, eLearning, Course Builder, WordPress LMS Plugin – Sikshya LMS plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘page’ parameter in all versions up to, and including, 0.0.21 due to insufficient input sanitization and output escaping. | 6.1 |
| 2024-12-17 | CVE-2024-12469 | | The WP BASE Booking of Appointments, Services and Events plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘status’ parameter in all versions up to, and including, 4.9.1 due to insufficient input sanitization and output escaping. | 6.1 |
| 2024-12-17 | CVE-2024-12219 | | The Stop Registration Spam plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.23. | 6.1 |
| 2024-12-17 | CVE-2024-12220 | | The SMS for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.8.1. | 6.1 |
| 2024-12-17 | CVE-2024-12239 | | The PowerPack Lite for Beaver Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the navigate parameter in all versions up to, and including, 1.3.0.5 due to insufficient input sanitization and output escaping. | 6.1 |
| 2024-12-21 | CVE-2024-11722 | | The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to SQL Injection via the 'orderby' parameter in all versions up to, and including, 3.25.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 5.9 |
| 2024-12-19 | CVE-2021-39081 | | IBM Cognos Analytics Mobile for Android 1.1.14 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 5.9 |
| 2024-12-18 | CVE-2024-47119 | | IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.9 does not properly validate a certificate which could allow an attacker to spoof a trusted entity by interfering in the communication path between the host and client. | 5.9 |
| 2024-12-16 | CVE-2024-12667 | Invoiceplane | Insufficient Session Expiration vulnerability in Invoiceplane A vulnerability was found in InvoicePlane up to 1.6.1 and classified as problematic. | 5.9 |
| 2024-12-18 | CVE-2024-52361 | | IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.9 stores user credentials in plain text which can be read by an authenticated user with access to the pod. | 5.7 |
| 2024-12-17 | CVE-2024-10973 | | A vulnerability was found in Keycloak. | 5.7 |
| 2024-12-20 | CVE-2024-44211 | Apple | Link Following vulnerability in Apple Macos 15.0 This issue was addressed with improved validation of symlinks. | 5.5 |
| 2024-12-19 | CVE-2022-44515 | | Acrobat Reader DC version 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. | 5.5 |
| 2024-12-19 | CVE-2022-44516 | | Acrobat Reader DC version 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. | 5.5 |
| 2024-12-19 | CVE-2022-44517 | | Acrobat Reader DC version 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. | 5.5 |
| 2024-12-19 | CVE-2022-44519 | | Acrobat Reader DC version 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability that could lead to disclosure of sensitive memory. | 5.5 |
| 2024-12-19 | CVE-2023-21586 | | Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 (and earlier) and 20.005.30418 (and earlier) are affected by a NULL Pointer Dereference vulnerability. | 5.5 |
| 2024-12-16 | CVE-2024-12662 | Iobit | NULL Pointer Dereference vulnerability in Iobit Advanced Systemcare Ultimate 11.0.1.58/14.2.0.220 A vulnerability classified as problematic has been found in IObit Advanced SystemCare Utimate up to 17.0.0. | 5.5 |
| 2024-12-16 | CVE-2024-12658 | Iobit | NULL Pointer Dereference vulnerability in Iobit Advanced Systemcare Ultimate 11.0.1.58/14.2.0.220 A vulnerability was found in IObit Advanced SystemCare Utimate up to 17.0.0 and classified as problematic. | 5.5 |
| 2024-12-16 | CVE-2024-12659 | Iobit | NULL Pointer Dereference vulnerability in Iobit Advanced Systemcare Ultimate 11.0.1.58/14.2.0.220 A vulnerability was found in IObit Advanced SystemCare Utimate up to 17.0.0. | 5.5 |
| 2024-12-16 | CVE-2024-12660 | Iobit | NULL Pointer Dereference vulnerability in Iobit Advanced Systemcare Ultimate 11.0.1.58/14.2.0.220 A vulnerability was found in IObit Advanced SystemCare Utimate up to 17.0.0. | 5.5 |
| 2024-12-16 | CVE-2024-12655 | Fabulatech | NULL Pointer Dereference vulnerability in Fabulatech USB Over Network 6.0.6.1 A vulnerability, which was classified as problematic, has been found in FabulaTech USB over Network 6.0.6.1. | 5.5 |
| 2024-12-16 | CVE-2024-12656 | Fabulatech | NULL Pointer Dereference vulnerability in Fabulatech USB Over Network 6.0.6.1 A vulnerability, which was classified as problematic, was found in FabulaTech USB over Network 6.0.6.1. | 5.5 |
| 2024-12-16 | CVE-2024-12657 | Iobit | NULL Pointer Dereference vulnerability in Iobit Advanced Systemcare Ultimate 11.0.1.58/14.2.0.220 A vulnerability has been found in IObit Advanced SystemCare Utimate up to 17.0.0 and classified as problematic. | 5.5 |
| 2024-12-16 | CVE-2024-12653 | Fabulatech | NULL Pointer Dereference vulnerability in Fabulatech USB Over Network 6.0.6.1 A vulnerability classified as problematic has been found in FabulaTech USB over Network 6.0.6.1. | 5.5 |
| 2024-12-16 | CVE-2024-12654 | Fabulatech | NULL Pointer Dereference vulnerability in Fabulatech USB Over Network 6.0.6.1 A vulnerability classified as problematic was found in FabulaTech USB over Network 6.0.6.1. | 5.5 |
| 2024-12-21 | CVE-2024-51463 | | IBM i 7.3, 7.4, and 7.5 is vulnerable to server-side request forgery (SSRF). | 5.4 |
| 2024-12-20 | CVE-2024-56352 | Jetbrains | Cross-site Scripting vulnerability in Jetbrains Teamcity In JetBrains TeamCity before 2024.12 stored XSS was possible via image name on the agent details page | 5.4 |
| 2024-12-20 | CVE-2024-56355 | Jetbrains | Cross-site Scripting vulnerability in Jetbrains Teamcity In JetBrains TeamCity before 2024.12 missing Content-Type header in RemoteBuildLogController response could lead to XSS | 5.4 |
| 2024-12-19 | CVE-2024-49336 | IBM | Server-Side Request Forgery (SSRF) vulnerability in IBM Security Guardium 11.5 IBM Security Guardium 11.5 is vulnerable to server-side request forgery (SSRF). | 5.4 |
| 2024-12-19 | CVE-2024-12121 | | The Broken Link Checker | Finder plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 2.5.0 via the 'moblc_check_link' function. | 5.4 |
| 2024-12-19 | CVE-2021-20553 | | IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 is vulnerable to cross-site scripting. | 5.4 |
| 2024-12-18 | CVE-2024-25042 | | IBM Cognos Analytics 11.2.0 through 11.2.4 and 12.0.0 through 12.0.3 is potentially vulnerable to Cross Site Scripting (XSS). | 5.4 |
| 2024-12-18 | CVE-2024-41752 | | IBM Cognos Analytics 11.2.0 through 11.2.4 and 12.0.0 through 12.0.3 is vulnerable to HTML injection. | 5.4 |
| 2024-12-18 | CVE-2024-12554 | | The Peter’s Custom Anti-Spam plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.3. | 5.4 |
| 2024-12-16 | CVE-2024-12664 | Ruifang Tech | Cross-site Scripting vulnerability in Ruifang-Tech Rebuild 3.8.5 A vulnerability, which was classified as problematic, has been found in ruifang-tech Rebuild 3.8.5. | 5.4 |
| 2024-12-16 | CVE-2024-12665 | Ruifang Tech | Cross-site Scripting vulnerability in Ruifang-Tech Rebuild 3.8.5 A vulnerability, which was classified as problematic, was found in ruifang-tech Rebuild 3.8.5. | 5.4 |
| 2024-12-20 | CVE-2024-56349 | Jetbrains | Missing Authorization vulnerability in Jetbrains Teamcity In JetBrains TeamCity before 2024.12 improper access control allowed unauthorized users to modify build logs | 5.3 |
| 2024-12-19 | CVE-2024-51471 | | IBM MQ Appliance 9.3 LTS, 9.3 CD, and 9.4 LTS web console could allow an authenticated user to cause a denial-of-service when trace is enabled due to information being written into memory outside of the intended buffer size. | 5.3 |
| 2024-12-19 | CVE-2024-11768 | | The Download Manager plugin for WordPress is vulnerable to unauthorized download of password-protected content due to improper password validation on the checkFilePassword function in all versions up to, and including, 3.3.03. | 5.3 |
| 2024-12-19 | CVE-2023-30443 | | IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query. | 5.3 |
| 2024-12-18 | CVE-2024-11291 | | The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.13.4 via the WordPress core search feature. | 5.3 |
| 2024-12-18 | CVE-2024-11295 | | The Simple Page Access Restriction plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.29 via the WordPress core search feature. | 5.3 |
| 2024-12-18 | CVE-2024-12250 | | The Accept Authorize.NET Payments Using Contact Form 7 plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.2 via the cf7adn-info.php file. | 5.3 |
| 2024-12-17 | CVE-2024-11280 | | The PPWP – Password Protect Pages plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.9.5 via the WordPress core search feature. | 5.3 |
| 2024-12-17 | CVE-2024-12601 | | The Calculated Fields Form plugin for WordPress is vulnerable to Denial of Service in all versions up to, and including, 5.2.63. | 5.3 |
| 2024-12-17 | CVE-2024-11294 | | The Memberful plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.73.9 via the WordPress core search feature. | 5.3 |
| 2024-12-19 | CVE-2021-29827 | | IBM InfoSphere Information Server 11.7 could allow a remote attacker to hijack the clicking action of the victim. | 5.2 |
| 2024-12-20 | CVE-2024-12840 | | A server-side request forgery exists in Satellite. | 5.0 |
| 2024-12-18 | CVE-2022-40732 | | An access violation vulnerability exists in the DirectComposition functionality win32kbase.sys driver version 10.0.22000.593 as part of Windows 11 version 22000.593 and version 10.0.20348.643 as part of Windows Server 2022 version 20348.643. | 5.0 |
| 2024-12-18 | CVE-2022-40733 | | An access violation vulnerability exists in the DirectComposition functionality win32kbase.sys driver version 10.0.22000.593 as part of Windows 11 version 22000.593 and version 10.0.20348.643 as part of Windows Server 2022 version 20348.643. | 5.0 |
| 2024-12-21 | CVE-2024-12875 | | The Easy Digital Downloads – eCommerce Payments and Subscriptions made easy plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.3.2 via the file download functionality. | 4.9 |
| 2024-12-20 | CVE-2024-56354 | Jetbrains | Insufficiently Protected Credentials vulnerability in Jetbrains Teamcity In JetBrains TeamCity before 2024.12 password field value were accessible to users with view settings permission | 4.9 |
| 2024-12-17 | CVE-2024-49816 | | IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 stores potentially sensitive information in log files that could be read by a local privileged user. | 4.9 |
| 2024-12-20 | CVE-2024-44223 | Apple | Unspecified vulnerability in Apple Macos 15.0 This issue was addressed through improved state management. | 4.6 |
| 2024-12-20 | CVE-2024-44231 | Apple | Unspecified vulnerability in Apple Macos 15.0 This issue was addressed through improved state management. | 4.6 |
| 2024-12-19 | CVE-2022-33954 | | IBM Robotic Process Automation 21.0.1, 21.0.2, and 21.0.3 could allow a user with psychical access to the system to obtain sensitive information due to insufficiently protected credentials. | 4.6 |
| 2024-12-18 | CVE-2023-50956 | | IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.9 could allow a privileged user to obtain highly sensitive user credentials from secret keys that are stored in clear text. | 4.4 |
| 2024-12-17 | CVE-2024-49817 | | IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 stores user credentials in configuration files which can be read by a local privileged user. | 4.4 |
| 2024-12-22 | CVE-2024-11852 | | The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid, Carousel and Remote Arrows) plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the get_layouts() function in all versions up to, and including, 5.10.12. | 4.3 |
| 2024-12-21 | CVE-2024-10797 | | The Full Screen Menu for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.0.7 via the Full Screen Menu Elementor Widget due to insufficient restrictions on which posts can be included. | 4.3 |
| 2024-12-20 | CVE-2024-56348 | Jetbrains | Incorrect Authorization vulnerability in Jetbrains Teamcity In JetBrains TeamCity before 2024.12 improper access control allowed viewing details of unauthorized agents | 4.3 |
| 2024-12-20 | CVE-2024-56350 | Jetbrains | Incorrect Authorization vulnerability in Jetbrains Teamcity In JetBrains TeamCity before 2024.12 build credentials allowed unauthorized viewing of projects | 4.3 |
| 2024-12-20 | CVE-2024-9503 | | The Maintenance & Coming Soon Redirect Animation plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wploti_add_whitelisted_roles_option', 'wploti_remove_whitelisted_roles_option', 'wploti_add_whitelisted_users_option', 'wploti_remove_whitelisted_users_option', and 'wploti_uploaded_animation_save_option' functions in all versions up to, and including, 2.1.3. | 4.3 |
| 2024-12-19 | CVE-2024-12793 | | A vulnerability, which was classified as problematic, has been found in PbootCMS up to 5.2.3. | 4.3 |
| 2024-12-19 | CVE-2024-12331 | | The File Manager Pro – Filester plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ajax_install_plugin' function in all versions up to, and including, 1.8.6. | 4.3 |
| 2024-12-19 | CVE-2024-12560 | | The Button Block – Get fully customizable & multi-functional buttons plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.1.5 via the 'btn_block_duplicate_post' function. | 4.3 |
| 2024-12-18 | CVE-2024-12340 | | The Animation Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.1.6 via the 'render' function in widgets/content-slider.php and widgets/tabs.php. | 4.3 |
| 2024-12-18 | CVE-2024-12061 | | The Events Addon for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.2.3 via the naevents_elementor_template shortcode due to insufficient restrictions on which posts can be included. | 4.3 |
| 2024-12-18 | CVE-2024-12596 | | The LifterLMS – WP LMS for eLearning, Online Courses, & Quizzes plugin for WordPress is vulnerable to arbitrary post deletion due to a missing capability check on the 'llms_delete_cert' action in all versions up to, and including, 7.8.5. | 4.3 |
| 2024-12-17 | CVE-2024-49818 | | IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. | 4.3 |
| 2024-12-17 | CVE-2024-10356 | | The ElementsReady Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.4.8 in inc/Widgets/accordion/output/content.php. | 4.3 |
| 2024-12-17 | CVE-2024-8429 | | Improper Restriction of Excessive Authentication Attempts vulnerability in Digital Operation Services WiFiBurada allows Use of Known Domain Credentials.This issue affects WiFiBurada: before 1.0.5. | 4.3 |
| 2024-12-17 | CVE-2024-49819 | | IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 could allow a remote attacker to obtain sensitive information in cleartext in a communication channel that can be sniffed by unauthorized actors. | 4.1 |