5.5
CVE-2024-25019 - IBM Cognos Controller file upload
IBM Cognos Controller 11.0.0 and 11.0.1 could be vulnerable to malicious file upload by not validating the type of file uploaded to Journal entry attachments. Attackers can make use of this weakness and upload malicious executable files into the system that can be sent to victims for performing fβ¦
5.9
CVE-2021-29892 - IBM Cognos Controller information disclosure
IBM Cognos Controller 11.0.0 and 11.0.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques.
4.9
CVE-2024-53257 - Vitess allows HTML injection in /debug/querylogz & /debug/env
Vitess is a database clustering system for horizontal scaling of MySQL. The /debug/querylogz and /debug/env pages for vtgate and vttablet do not properly escape user input. The result is that queries executed by Vitess can write HTML into the monitoring page at will. These pages are rendered using β¦
8.1
CVE-2024-53999 - Mobile Security Framework (MobSF) Stored Cross-Site Scripting Vulnerability in "Diff or Compare" Fuβ¦
Mobile Security Framework (MobSF) is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. The application allows users to upload files with scripts in the filename parameter. As a result, a malicious user can upload a script file to thβ¦
7.5
CVE-2024-54000 - Mobile Security Framework (MobSF) bypass of SSRF fix
Mobile Security Framework (MobSF) is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. In versions prior to 3.9.7, the requests.get() request in the _check_url method is specified as allow_redirects=True, which allows a server-side β¦
0.0
CVE-2024-12101 -
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage.
7.5
CVE-2024-11391 - Advanced File Manager <= 5.2.10 - Authenticated (Subscriber+) Arbitrary File Upload
The Advanced File Manager plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation via the 'class_fma_connector.php' file in all versions up to, and including, 5.2.10. This makes it possible for authenticated attackers, with Subscriber-level access and above,β¦
6.1
CVE-2024-11200 - Goodlayers Core <= 2.0.7 - Reflected Cross-Site Scripting via 'font-family'
The Goodlayers Core plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the βfont-familyβ parameter in all versions up to, and including, 2.0.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary wβ¦
0.0
CVE-2024-12095 -
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
5.5
CVE-2024-9978 - Liteos_a has an out-of-bounds read vulnerability
in OpenHarmony v4.1.1 and prior versions allow a local attacker cause information leak through out-of-bounds Read.