|
2171
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several user meta parameters in al…
|
CWE-79
Cross-site Scripting
|
CVE-2024-12738
|
2025-01-7 22:15 |
2025-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2172
|
- |
|
-
|
-
|
Exposure of Environmental Variables and arbitrary INI file values to an Unauthorized Actor vulnerability in The Document Foundation LibreOffice.
URLs could be constructed which expanded environme…
|
-
|
CVE-2024-12426
|
2025-01-7 22:15 |
2025-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2173
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2.5 d…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2024-12131
|
2025-01-7 22:15 |
2025-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2174
|
5.3 |
MEDIUM
Network
-
|
-
|
IBM Concert Software 1.0.0, 1.0.1, 1.0.2, 1.0.2.1, and 1.0.3
could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This i…
|
CWE-209
Information Exposure Through an Error Message
|
CVE-2024-52893
|
2025-01-7 21:15 |
2025-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
2175
|
5.4 |
MEDIUM
Network
|
-
|
-
|
IBM Concert Software 1.0.0, 1.0.1, 1.0.2, 1.0.2.1, and 1.0.3
could allow an authenticated user to inject malicious information or obtain information from log files due to improper log neutralizatio…
|
CWE-117
Improper Output Neutralization for Logs
|
CVE-2024-52891
|
2025-01-7 21:15 |
2025-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2176
|
5.3 |
MEDIUM
Network
-
|
-
|
IBM Concert Software 1.0.0, 1.0.1, 1.0.2, 1.0.2.1, and 1.0.3 could disclose sensitive system information to an unauthorized actor that could be used in further attacks against the system.
|
CWE-497
Exposure of Sensitive System Information to an Unauthorized Control Sphere
|
CVE-2024-52367
|
2025-01-7 21:15 |
2025-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
2177
|
5.9 |
MEDIUM
Network
|
-
|
-
|
IBM Concert Software 1.0.0, 1.0.1, 1.0.2, 1.0.2.1, and 1.0.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An…
|
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
|
CVE-2024-52366
|
2025-01-7 21:15 |
2025-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2178
|
5.3 |
MEDIUM
Network
-
|
-
|
The RSVP and Event Management plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several AJAX functions like bulk_delete_attendees() and bulk_delete_questi…
|
CWE-862
Missing Authorization
|
CVE-2024-12711
|
2025-01-7 21:15 |
2025-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
2179
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The BWD Elementor Addons plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.3.18 in widgets/bwdeb-content-switcher.php. This makes it possibl…
|
CWE-200
Information Exposure
|
CVE-2024-12532
|
2025-01-7 21:15 |
2025-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2180
|
- |
|
-
|
-
|
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in The Document Foundation LibreOffice allows Absolute Path Traversal.
An attacker can write to arbitr…
|
-
|
CVE-2024-12425
|
2025-01-7 21:15 |
2025-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
