8.6
CVE-2024-25047 - IBM Cognos Analytics log injection
IBM Cognos Analytics 11.2.0 through 11.2.4 and 12.0.0 through 12.0.2 is vulnerable to injection attacks in application logging by not sanitizing user provided data. This could lead to further attacks against the system. IBM X-Force ID: 282956.
7.5
CVE-2024-4140 -
An excessive memory use issue (CWE-770) exists in Email-MIME, before version 1.954, which can cause denial of service when parsing multipart MIME messages. The patch set (from 2020 and 2024) limits excessive depth and the total number of parts.
8.1
CVE-2024-34394 - libxmljs2 namespaces type confusion RCE
libxmljs2 is vulnerable to a type confusion vulnerability when parsing a specially crafted XML while invoking the namespaces() function (which invokes XmlNode::get_local_namespaces()) on a grand-child of a node that refers to an entity. This vulnerability can lead to denial of service and remote coβ¦
8.1
CVE-2024-34393 - libxmljs2 attrs type confusion RCE
libxmljs2 is vulnerable to a type confusion vulnerability when parsing a specially crafted XML while invoking a function on the result of attrs() that was called on a parsed node. This vulnerability might lead to denial of service (on both 32-bit systems and 64-bit systems), data leak, infinite looβ¦
8.1
CVE-2024-34392 - libxmljs namespaces type confusion RCE
libxmljs is vulnerable to a type confusion vulnerability when parsing a specially crafted XML while invoking the namespaces() function (which invokes _wrap__xmlNode_nsDef_get()) on a grand-child of a node that refers to an entity. This vulnerability can lead to denial of service and remote code exeβ¦
8.1
CVE-2024-34391 - libxmljs attrs type confusion RCE
libxmljs is vulnerable to a type confusion vulnerability when parsing a specially crafted XML while invoking a function on the result of attrs() that was called on a parsed node. This vulnerability might lead to denial of service (on both 32-bit systems and 64-bit systems), data leak, infinite loopβ¦
7.4
CVE-2024-4216 - XSS vulnerability in /settings/store API response json payload in pgAdmin 4
pgAdmin <= 8.5 is affected by XSS vulnerability in /settings/store API response json payload. This vulnerability allows attackers to execute malicious script at the client end.
7.4
CVE-2024-4215 - The Multi Factor Authentication bypass vulnerability in pgAdmin 4
pgAdmin <= 8.5 is affected by a multi-factor authentication bypass vulnerability. This vulnerability allows an attacker with knowledge of a legitimate accountβs username and password may authenticate to the application and perform sensitive actions within the application, such as managing files andβ¦
6.1
CVE-2024-3681 - Interactive World Maps <= 2.4.14 - Reflected Cross-Site Scripting
The Interactive World Maps plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the search (s) parameter in all versions up to, and including, 2.4.14 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrβ¦
6.1
CVE-2024-3473 - Header Footer Code Manager Pro <= 1.0.16 - Reflected Cross-Site Scripting via message
The Header Footer Code Manager Pro plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the message parameter in all versions up to, and including, 1.0.16 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject aβ¦