Show filters
2,286 Total Results
Displaying 131-140 of 2,286
Sort by:
Attacker Value
Unknown

CVE-2024-39778

Disclosure Date: August 14, 2024 (last updated February 26, 2025)
When a stateless virtual server is configured on BIG-IP system with a High-Speed Bridge (HSB), undisclosed requests can cause TMM to terminate.   Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Attacker Value
Unknown

CVE-2024-43126

Disclosure Date: August 12, 2024 (last updated February 26, 2025)
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Sender Sender – Newsletter, SMS and Email Marketing Automation for WooCommerce allows Reflected XSS.This issue affects Sender – Newsletter, SMS and Email Marketing Automation for WooCommerce: from n/a through 2.6.14.
0
Attacker Value
Unknown

CVE-2024-5801

Disclosure Date: August 12, 2024 (last updated February 26, 2025)
Enabled IP Forwarding feature in B&R Automation Runtime versions before 6.0.2 may allow remote attack-ers to compromise network security by routing IP-based packets through the host, potentially by-passing firewall, router, or NAC filtering.
0
Attacker Value
Unknown

CVE-2024-5800

Disclosure Date: August 12, 2024 (last updated February 26, 2025)
Diffie-Hellman groups with insufficient strength are used in the SSL/TLS stack of B&R Automation Runtime versions before 6.0.2, allowing a network attacker to decrypt the SSL/TLS communication.
0
Attacker Value
Unknown

CVE-2024-39751

Disclosure Date: August 06, 2024 (last updated February 26, 2025)
IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 297429
Attacker Value
Unknown

CVE-2024-41226

Disclosure Date: August 06, 2024 (last updated February 26, 2025)
A CSV injection vulnerability in Automation Anywhere Automation 360 version 21094 allows attackers to execute arbitrary code via a crafted payload. NOTE: Automation Anywhere disputes this report, arguing the attacker executes everything from the client side and does not attack the Control Room. The payload is being injected in the http Response from the client-side, so the owner of the Response and payload is the end user in this case. They contend that the server's security controls have no impact or role to play in this situation and therefore this is not a valid vulnerability.
Attacker Value
Unknown

CVE-2024-38321

Disclosure Date: August 03, 2024 (last updated February 26, 2025)
IBM Business Automation Workflow 22.0.2, 23.0.1, 23.0.2, and 24.0.0 stores potentially sensitive information in log files under certain situations that could be read by an authenticated user. IBM X-Force ID: 284868.
Attacker Value
Unknown

CVE-2024-37856

Disclosure Date: July 29, 2024 (last updated February 26, 2025)
Cross Site Scripting vulnerability in Lost and Found Information System 1.0 allows a remote attacker to escalate privileges via the first, last, middle name fields in the User Profile page.
Attacker Value
Unknown

CVE-2024-6922

Disclosure Date: July 26, 2024 (last updated February 26, 2025)
Automation Anywhere Automation 360 v21-v32 is vulnerable to Server-Side Request Forgery in a web API component. An attacker with unauthenticated access to the Automation 360 Control Room HTTPS service (port 443) or HTTP service (port 80) can trigger arbitrary web requests from the server.
0
Attacker Value
Unknown

CVE-2024-40689

Disclosure Date: July 26, 2024 (last updated February 26, 2025)
IBM InfoSphere Information Server 11.7 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database. IBM X-Force ID: 297719.