5.7
CVE-2024-52361 - IBM Storage Defender - Resiliency Service information disclosure
IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.9 Β stores user credentials in plain text which can be read by an authenticated user with access to the pod.
4.4
CVE-2023-50956 - IBM Storage Defender - Resiliency Service information disclosure
IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.9 could allow a privileged user to obtain highly sensitive user credentials from secret keys that are stored in clear text.
5.9
CVE-2024-47119 - IBM Storage Defender - Resiliency Service improper certificate validation
IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.9 does not properly validate a certificate which could allow an attacker to spoof a trusted entity by interfering in the communication path between the host and client.
9.3
CVE-2024-12371 - Rockwell Automation PowerMonitorβ’ 1000 Remote Code Execution
A device takeover vulnerability exists in the Rockwell Automation Power Monitor 1000. This vulnerability allows configuration of a new Policyholder user without any authentication via API. Policyholder user is the most privileged user that can perform edit operations, creating admin users and perfoβ¦
5.3
CVE-2024-56128 - Apache Kafka: SCRAM authentication vulnerable to replay attacks when used without encryption
Incorrect Implementation of Authentication Algorithm in Apache Kafka's SCRAM implementation. Issue Summary: Apache Kafka's implementation of the Salted Challenge Response Authentication Mechanism (SCRAM) did not fully adhere to the requirements of RFC 5802 [1]. Specifically, as per RFC 5802, the sβ¦
7.2
CVE-2024-48889 -
An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] in FortiManager version 7.6.0, version 7.4.4 and below, version 7.2.7 and below, version 7.0.12 and below, version 6.4.14 and below and FortiManager Cloud version 7.4.4 and below, veβ¦
9.6
CVE-2023-34990 -
A relative path traversal in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specially crafted web requests.
4.9
CVE-2024-50570 -
A Cleartext Storage of Sensitive Information vulnerability [CWE-312] in FortiClientWindows 7.4.0 through 7.4.1, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13 and FortiClientLinux 7.4.0 through 7.4.2, 7.2.0 through 7.2.7, 7.0.0 through 7.0.13 may permit a local authenticated user to retrieve VPN passworβ¦
6.5
CVE-2024-52485 - WordPress WP Menu Image plugin <= 2.2 - Broken Access Control vulnerability
Missing Authorization vulnerability in Yudiz Solutions Ltd. WP Menu Image wp-menu-image allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Menu Image: from n/a through <= 2.2.
6.5
CVE-2024-55997 - WordPress Order Delivery & Pickup Location Date Time plugin <= 1.1.0 - Settings Change vulnerability
Missing Authorization vulnerability in webchunky Order Delivery & Pickup Location Date Time order-delivery-pickup-location-date-time-free-version allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Order Delivery & Pickup Location Date Time: from n/a through <β¦