Show filters
2,285 Total Results
Displaying 41-50 of 2,285
Sort by:
Attacker Value
Unknown

CVE-2025-26568

Disclosure Date: February 13, 2025 (last updated February 27, 2025)
Cross-Site Request Forgery (CSRF) vulnerability in jensmueller Easy Amazon Product Information allows Stored XSS. This issue affects Easy Amazon Product Information: from n/a through 4.0.1.
0
Attacker Value
Unknown

CVE-2024-11831

Disclosure Date: February 10, 2025 (last updated February 27, 2025)
A flaw was found in npm-serialize-javascript. The vulnerability occurs because the serialize-javascript module does not properly sanitize certain inputs, such as regex or other JavaScript object types, allowing an attacker to inject malicious code. This code could be executed when deserialized by a web browser, causing Cross-site scripting (XSS) attacks. This issue is critical in environments where serialized data is sent to web clients, potentially compromising the security of the website or web application using this package.
0
Attacker Value
Unknown

CVE-2024-52365

Disclosure Date: February 05, 2025 (last updated February 27, 2025)
IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
0
Attacker Value
Unknown

CVE-2024-52364

Disclosure Date: February 05, 2025 (last updated February 27, 2025)
IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
0
Attacker Value
Unknown

CVE-2024-49348

Disclosure Date: February 05, 2025 (last updated February 27, 2025)
IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 allows restricting access to organizational data to valid contexts. The fact that tasks of type comment can be reassigned via API implicitly grants access to user queries in an unexpected context.
0
Attacker Value
Unknown

CVE-2024-12620

Disclosure Date: February 01, 2025 (last updated February 25, 2025)
The AnimateGL Animations for WordPress – Elementor & Gutenberg Blocks Animations plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'agl_json' AJAX action in all versions up to, and including, 1.4.23. This makes it possible for unauthenticated attackers to update the plugin's settings.
Attacker Value
Unknown

CVE-2025-23367

Disclosure Date: January 30, 2025 (last updated February 27, 2025)
A flaw was found in the Wildfly Server Role Based Access Control (RBAC) provider. When authorization to control management operations is secured using the Role Based Access Control provider, a user without the required privileges can suspend or resume the server. A user with a Monitor or Auditor role is supposed to have only read access permissions and should not be able to suspend the server. The vulnerability is caused by the Suspend and Resume handlers not performing authorization checks to validate whether the current user has the required permissions to proceed with the action.
0
Attacker Value
Unknown

CVE-2024-31906

Disclosure Date: January 26, 2025 (last updated February 27, 2025)
IBM Automation Decision Services 23.0.2 allows web pages to be stored locally which can be read by another user on the system.
Attacker Value
Unknown

CVE-2024-40706

Disclosure Date: January 24, 2025 (last updated March 12, 2025)
IBM InfoSphere Information Server 11.7 could allow a remote user to obtain sensitive version information that could aid in further attacks against the system.
Attacker Value
Unknown

CVE-2024-51457

Disclosure Date: January 22, 2025 (last updated February 27, 2025)
IBM Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.19 and 23.0.0 through 23.0.19 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
0