Show filters
2,285 Total Results
Displaying 71-80 of 2,285
Sort by:
Attacker Value
Unknown
CVE-2022-33954
Disclosure Date: December 19, 2024 (last updated February 27, 2025)
IBM Robotic Process Automation 21.0.1, 21.0.2, and 21.0.3 could allow a user with psychical access to the system to obtain sensitive information due to insufficiently protected credentials.
0
Attacker Value
Unknown
CVE-2021-29827
Disclosure Date: December 19, 2024 (last updated March 13, 2025)
IBM InfoSphere Information Server 11.7 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim.
0
Attacker Value
Unknown
CVE-2024-12340
Disclosure Date: December 18, 2024 (last updated February 27, 2025)
The Animation Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.1.6 via the 'render' function in widgets/content-slider.php and widgets/tabs.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft Elementor template data.
0
Attacker Value
Unknown
CVE-2024-38499
Disclosure Date: December 17, 2024 (last updated February 27, 2025)
CA Client Automation (ITCM) allows non-admin/non-root users to encrypt a string using CAF CLI and SD_ACMD CLI. This would allow the non admin user to access the critical encryption keys which further causes the exploitation of stored credentials. This fix doesn't allow a non-admin/non-root user to execute "caf encrypt"/"sd_acmd encrypt" commands.
0
Attacker Value
Unknown
CVE-2024-49775
Disclosure Date: December 16, 2024 (last updated March 11, 2025)
A vulnerability has been identified in Opcenter Execution Foundation (All versions), Opcenter Intelligence (All versions), Opcenter Quality (All versions), Opcenter RDL (All versions), SIMATIC PCS neo V4.0 (All versions), SIMATIC PCS neo V4.1 (All versions < V4.1 Update 3), SIMATIC PCS neo V5.0 (All versions < V5.0 Update 1), SINEC NMS (All versions if operated in conjunction with UMC < V2.15), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions), Totally Integrated Automation Portal (TIA Portal) V19 (All versions). Affected products contain a heap-based buffer overflow vulnerability in the integrated UMC component.
This could allow an unauthenticated remote attacker to execute arbitrary code.
0
Attacker Value
Unknown
CVE-2024-52901
Disclosure Date: December 12, 2024 (last updated February 27, 2025)
IBM InfoSphere Information Server 11.7 could allow an authenticated user to GUI to not load or stop working due to improper input validation.
0
Attacker Value
Unknown
CVE-2024-4109
Disclosure Date: December 12, 2024 (last updated January 17, 2025)
Rejected reason: Red Hat Product Security has determined that this CVE is not a security vulnerability.
0
Attacker Value
Unknown
CVE-2024-12397
Disclosure Date: December 12, 2024 (last updated February 27, 2025)
A flaw was found in Quarkus-HTTP, which incorrectly parses cookies with
certain value-delimiting characters in incoming requests. This issue could
allow an attacker to construct a cookie value to exfiltrate HttpOnly cookie
values or spoof arbitrary additional cookie values, leading to unauthorized
data access or modification. The main threat from this flaw impacts data
confidentiality and integrity.
0
Attacker Value
Unknown
CVE-2024-11181
Disclosure Date: December 12, 2024 (last updated February 27, 2025)
The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 9.9.9.3 via the 'wp_reusable_render' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from password protected, private, or draft posts that they should not have access to.
0
Attacker Value
Unknown
CVE-2024-9845
Disclosure Date: December 11, 2024 (last updated February 27, 2025)
Under specific circumstances, insecure permissions in Ivanti Automation before version 2024.4.0.1 allows a local authenticated attacker to achieve local privilege escalation.
0