Show filters
2,285 Total Results
Displaying 41-50 of 2,285
Sort by:
Attacker Value
Unknown
CVE-2025-26568
Disclosure Date: February 13, 2025 (last updated February 27, 2025)
Cross-Site Request Forgery (CSRF) vulnerability in jensmueller Easy Amazon Product Information allows Stored XSS. This issue affects Easy Amazon Product Information: from n/a through 4.0.1.
0
Attacker Value
Unknown
CVE-2024-11831
Disclosure Date: February 10, 2025 (last updated February 27, 2025)
A flaw was found in npm-serialize-javascript. The vulnerability occurs because the serialize-javascript module does not properly sanitize certain inputs, such as regex or other JavaScript object types, allowing an attacker to inject malicious code. This code could be executed when deserialized by a web browser, causing Cross-site scripting (XSS) attacks. This issue is critical in environments where serialized data is sent to web clients, potentially compromising the security of the website or web application using this package.
0
Attacker Value
Unknown
CVE-2024-52365
Disclosure Date: February 05, 2025 (last updated February 27, 2025)
IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2
is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
0
Attacker Value
Unknown
CVE-2024-52364
Disclosure Date: February 05, 2025 (last updated February 27, 2025)
IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
0
Attacker Value
Unknown
CVE-2024-49348
Disclosure Date: February 05, 2025 (last updated February 27, 2025)
IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2
allows restricting access to organizational data to valid contexts. The fact that tasks of type comment can be reassigned via API implicitly grants access to user queries in an unexpected context.
0
Attacker Value
Unknown
CVE-2024-12620
Disclosure Date: February 01, 2025 (last updated February 25, 2025)
The AnimateGL Animations for WordPress – Elementor & Gutenberg Blocks Animations plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'agl_json' AJAX action in all versions up to, and including, 1.4.23. This makes it possible for unauthenticated attackers to update the plugin's settings.
0
Attacker Value
Unknown
CVE-2025-23367
Disclosure Date: January 30, 2025 (last updated February 27, 2025)
A flaw was found in the Wildfly Server Role Based Access Control (RBAC) provider. When authorization to control management operations is secured using the Role Based Access Control provider, a user without the required privileges can suspend or resume the server. A user with a Monitor or Auditor role is supposed to have only read access permissions and should not be able to suspend the server.
The vulnerability is caused by the Suspend and Resume handlers not performing authorization checks to validate whether the current user has the required permissions to proceed with the action.
0
Attacker Value
Unknown
CVE-2024-31906
Disclosure Date: January 26, 2025 (last updated February 27, 2025)
IBM Automation Decision Services 23.0.2 allows web pages to be stored locally which can be read by another user on the system.
0
Attacker Value
Unknown
CVE-2024-40706
Disclosure Date: January 24, 2025 (last updated March 12, 2025)
IBM InfoSphere Information Server 11.7 could allow a remote user to obtain sensitive version information that could aid in further attacks against the system.
0
Attacker Value
Unknown
CVE-2024-51457
Disclosure Date: January 22, 2025 (last updated February 27, 2025)
IBM Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.19 and 23.0.0 through 23.0.19 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
0