|
2691
|
9.0 |
CRITICAL
Network
|
-
|
-
|
IBM Cognos Analytics 11.2.0 through 11.2.4 FP4 and
12.0.0 through 12.0.4
is vulnerable to an Expression Language (EL) Injection vulnerability. A remote attacker could exploit this vulnerability to…
|
CWE-917
Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
|
CVE-2024-51466
|
2024-12-20 23:15 |
2024-12-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2692
|
8.0 |
HIGH
Network
|
-
|
-
|
IBM Cognos Analytics 11.2.0 through 11.2.4 FP4 and
12.0.0 through 12.0.4
could be vulnerable to malicious file upload by not validating the content of the file uploaded to the web interface. Att…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2024-40695
|
2024-12-20 23:15 |
2024-12-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2693
|
6.8 |
MEDIUM
Adjacent
|
-
|
-
|
IBM Security Directory Integrator 7.2.0 through 7.2.0.13 and 10.0.0 through 10.0.3 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially craft…
|
CWE-78
OS Command
|
CVE-2024-28767
|
2024-12-20 23:15 |
2024-12-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2694
|
- |
|
-
|
-
|
Authentication Bypass Using an Alternate Path or Channel vulnerability in WofficeIO Woffice allows Authentication Bypass.This issue affects Woffice: from n/a through 5.4.14.
|
-
|
CVE-2024-43234
|
2024-12-20 22:15 |
2024-12-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2695
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The WP SHAPES plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output esca…
|
CWE-79
Cross-site Scripting
|
CVE-2024-9619
|
2024-12-20 16:15 |
2024-12-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2696
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Maintenance & Coming Soon Redirect Animation plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wploti_add_whitelisted_roles_option'…
|
CWE-284
Improper Access Control
|
CVE-2024-9503
|
2024-12-20 16:15 |
2024-12-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2697
|
9.8 |
CRITICAL
Network
-
|
-
|
The Store Locator for WordPress with Google Maps – LotsOfLocales plugin for WordPress is vulnerable to Local File Inclusion in version 3.98.9 via the 'sl_engine' parameter. This makes it possible for…
|
CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
|
CVE-2024-12571
|
2024-12-20 16:15 |
2024-12-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
2698
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Embed Twine plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'embed_twine' shortcode in all versions up to, and including, 0.1.0 due to insufficient input saniti…
|
CWE-79
Cross-site Scripting
|
CVE-2024-12509
|
2024-12-20 16:15 |
2024-12-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2699
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The NACC WordPress Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'nacc' shortcode in all versions up to, and including, 4.1.0 due to insufficient input san…
|
CWE-79
Cross-site Scripting
|
CVE-2024-12506
|
2024-12-20 16:15 |
2024-12-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2700
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Spoki – Chat Buttons and WooCommerce Notifications plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'spoki_button' shortcode in all versions up to, and including…
|
CWE-79
Cross-site Scripting
|
CVE-2024-11893
|
2024-12-20 16:15 |
2024-12-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
