5.3
CVE-2024-45640 - IBM Security QRadar EDR information disclosure
IBM Security ReaQta 3.12 returns sensitive information in an HTTP response that could be used in further attacks against the system.
5.3
CVE-2024-52893 - IBM Concert Software information disclosure
IBM Concert Software 1.0.0, 1.0.1, 1.0.2, 1.0.2.1, and 1.0.3Β could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.
5.9
CVE-2024-52366 - IBM Concert Software information disclosure
IBM Concert Software 1.0.0, 1.0.1, 1.0.2, 1.0.2.1, and 1.0.3Β could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle tβ¦
5.4
CVE-2024-52891 - IBM Concert Software log manipulation
IBM Concert Software 1.0.0, 1.0.1, 1.0.2, 1.0.2.1, and 1.0.3 could allow an authenticated user to inject malicious information or obtain information from log files due to improper log neutralization.
5.3
CVE-2024-52367 - IBM Concert Software information disclosure
IBM Concert Software 1.0.0, 1.0.1, 1.0.2, 1.0.2.1, and 1.0.3 could disclose sensitive system information to an unauthorized actor that could be used in further attacks against the system.
2.4
CVE-2024-12425 - Path traversal leading to arbitrary .ttf file write
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in The Document Foundation LibreOffice allows Absolute Path Traversal. An attacker can write to arbitrary locations, albeit suffixed with ".ttf", by supplying a file in a format that supports embedded fβ¦
6.4
CVE-2024-11826 - Quill Forms | The Best Typeform Alternative | Create Conversational Multi Step Form, Survey, Quiz, β¦
The Quill Forms | The Best Typeform Alternative | Create Conversational Multi Step Form, Survey, Quiz, Cost Estimation or Donation Form on WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'quillforms-popup' shortcode in all versions up to, and including, β¦
5.3
CVE-2024-12711 - RSVP and Event Management <= 2.7.13 - Missing Authorization
The RSVP and Event Management plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several AJAX functions like bulk_delete_attendees() and bulk_delete_questions() in all versions up to, and including, 2.7.13. This makes it possible for unauthenticated attacβ¦
4.3
CVE-2024-12532 - BWD Elementor Addons <= 4.3.18 - Authenticated (Contributor+) Sensitive Information Exposure via Elβ¦
The BWD Elementor Addons plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.3.18 in widgets/bwdeb-content-switcher.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive privateβ¦
4.3
CVE-2024-12033 - Jupiter X Core <= 4.8.5 - Missing Authorization to Authenticated Library Sync
The Jupiter X Core plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the sync_libraries() function in all versions up to, and including, 4.8.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to sync libraries