| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Cross-Site Request Forgery (CSRF) vulnerability in OOPSpam OOPSpam Anti-Spam plugin <= 1.1.44 versions. |
| Cross-Site Request Forgery (CSRF) vulnerability in WP Zone Potent Donations for WooCommerce plugin <= 1.1.9 versions. |
| Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows unauthorized read access to a DAG through the URL. It is recommended to upgrade to a version that is not affected |
| IBM Aspera Faspex 5.0.5 could allow a remote attacked to bypass IP restrictions due to improper access controls. IBM X-Force ID: 259649. |
| IBM FileNet Content Manager 5.5.8, 5.5.10, and 5.5.11 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 259384. |
| IBM Robotic Process Automation 21.0.0 through 21.0.7.6 and 23.0.0 through 23.0.6 is vulnerable to client side validation bypass which could allow invalid changes or values in some fields. IBM X-Force ID: 259380. |
| IBM Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.4 and 23.0.0 through 23.0.5 is vulnerable to disclosing server version information which may be used to determine software vulnerabilities at the operating system level. IBM X-Force ID: 259368. |
| IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information due to an insecure security configuration in InfoSphere Data Flow Designer. IBM X-Force ID: 259352. |
| IBM Spectrum Protect Client and IBM Storage Protect for Virtual Environments 8.1.0.0 through 8.1.19.0 could allow a local user to execute arbitrary code on the system using a specially crafted file, caused by a DLL hijacking flaw. IBM X-Force ID: 259246. |
| IBM Content Navigator 3.0.13 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 259247. |
| IBM Informix JDBC Driver 4.10 and 4.50 is susceptible to remote code execution attack via JNDI injection when passing an unchecked argument to a certain API. IBM X-Force ID: 259116. |
| IBM Security Guardium 10.6, 11.3, 11.4, and 11.5 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 258824. |
| IBM Financial Transaction Manager for SWIFT Services 3.2.4 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 258786. |
| IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security, caused by the improper encoding in a local configuration file. IBM X-Force ID: 258637. |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache MINA.
In SFTP servers implemented using Apache MINA SSHD that use a RootedFileSystem, logged users may be able to discover "exists/does not exist" information about items outside the rooted tree via paths including parent navigation ("..") beyond the root, or involving symlinks.
This issue affects Apache MINA: from 1.0 before 2.10. Users are recommended to upgrade to 2.10
|
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in EventPrime plugin <= 3.0.5 versions. |
| Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Team Heateor Super Socializer plugin <= 7.13.52 versions. |
| Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce WooCommerce Brands plugin <= 1.6.49 versions. |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Vadym K. Extra User Details plugin <= 0.5 versions. |
| SAP NetWeaver Application Server ABAP and ABAP Platform - version KRNL64NUC, 7.22, KRNL64NUC 7.22EXT, KRNL64UC 7.22, KRNL64UC 7.22EXT, KRNL64UC 7.53, KERNEL 7.22, KERNEL, 7.53, KERNEL 7.77, KERNEL 7.81, KERNEL 7.85, KERNEL 7.89, KERNEL 7.54, KERNEL 7.92, KERNEL 7.93, under some conditions, performs improper authentication checks for functionalities that require user identity. An attacker can perform malicious actions over the network, extending the scope of impact, causing a limited impact on confidentiality, integrity and availability. |