Security Bulletin: Upgraded higher version of cometD in Maximo IT 9.1

Summary Upgraded heigher version of cometD in Maximo IT 9.1 Vulnerability Details CVEID:CVE-2022-24721 DESCRIPTION: CometD is a scalable comet implementation for web messaging. In any version prior to 5.0.11, 6.0.6, and 7.0.6, internal usage of Oort and Seti channels is improperly authorized, so...

CVE-2024-24721

An issue was discovered on Innovaphone PBX before 14r1 devices. The password form, used to authenticate, allows a Brute Force Attack through which an attacker may be able to access the administration panel...

CVE-2025-24721

creationtimestamp| type| source ---|---|--- 2025-01-24 22:32:11+00:00| seen| https://infosec.exchange/users/cve/statuses/113885703744959604...

CVE-2025-24721 WordPress Easy YouTube Gallery plugin <= 1.0.4 - Stored Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Aleksandar Urošević Easy YouTube Gallery allows Stored XSS. This issue affects Easy YouTube Gallery: from n/a through 1.0.4...

CVE-2025-24721

CVE-2025-24721 concerns the WordPress plugin Easy YouTube Gallery . The connected sources confirm a Stored XSS vulnerability caused by improper input neutralization during web page generation, affecting versions up to 1.0.4. The vulnerability is authenticated (per the Wordfence listing) and there...

CVE-2024-24721

creationtimestamp| type| source ---|---|--- 2024-02-27 01:26:42+00:00| seen| https://t.me/ctinow/193894 2024-02-27 01:31:45+00:00| seen| https://t.me/ctinow/193898...

CVE-2024-24721

An issue was discovered on Innovaphone PBX before 14r1 devices. The password form, used to authenticate, allows a Brute Force Attack through which an attacker may be able to access the administration panel...

CVE-2024-24721

The CVE concerns Innovaphone PBX before version 14r1, where the authentication password form is vulnerable to brute-force attacks, potentially allowing an attacker to access the administration panel. The available documents confirm the affected product and the basic exploit vector but do not prov...

CVE-2023-24721

creationtimestamp| type| source ---|---|--- 2023-04-11 02:22:55+00:00| seen| https://t.me/cibsecurity/61813 2025-02-14 10:03:09+00:00| seen| Telegram/6VnHVm2Z4xIPSkBFvcJ7NzQlIZ7QtIoQnTctqGabA-x517ym...

CVE-2023-24721

Technical details about CVE-2023-24721 (affected software, root cause, impact, fixes) are not publicly available in the provided documents. Monitor for updates from vendors and security advisories.

org.cometd:cometd-demo (>=6.0.0 <=6.0.19), org.cometd:cometd-documentation (>=6.0.1 <=6.0.19) potentially affected by CVE-2022-24721 via org.cometd.java:cometd-java-oort (>=6.0.0 <=6.0.5)

org.cometd.java:cometd-java-oort MAVEN version =6.0.0, =6.0.0, =6.0.1, =6.0.19 Source cves: CVE-2022-24721 Source advisory: OSV:GHSA-RJMQ-6V55-4RJV...

org.cometd:cometd-demo (>=1.0.0 <=5.0.10), org.cometd:cometd-documentation (=5.0.10) potentially affected by CVE-2022-24721 via org.cometd.java:cometd-java-oort (>=1.0.beta10 <=5.0.10)

org.cometd.java:cometd-java-oort MAVEN version =1.0.beta10, =1.0.0, =5.0.10 - org.cometd:cometd-documentation =5.0.10 Source cves: CVE-2022-24721 Source advisory: OSV:GHSA-RJMQ-6V55-4RJV...

org.cometd:cometd-demo (>=7.0.0 <=7.0.19), org.cometd:cometd-documentation (>=7.0.1 <=7.0.19) potentially affected by CVE-2022-24721 via org.cometd.java:cometd-java-oort (>=7.0.0 <=7.0.5)

org.cometd.java:cometd-java-oort MAVEN version =7.0.0, =7.0.0, =7.0.1, =7.0.19 Source cves: CVE-2022-24721 Source advisory: OSV:GHSA-RJMQ-6V55-4RJV...

CVE-2022-24721 Incorrect Authorization in org.cometd.oort

CometD is a scalable comet implementation for web messaging. In any version prior to 5.0.11, 6.0.6, and 7.0.6, internal usage of Oort and Seti channels is improperly authorized, so any remote user could subscribe and publish to those channels. By subscribing to those channels, a remote user may b...

CVE-2022-24721 Incorrect Authorization in org.cometd.oort

CometD is a scalable comet implementation for web messaging. In any version prior to 5.0.11, 6.0.6, and 7.0.6, internal usage of Oort and Seti channels is improperly authorized, so any remote user could subscribe and publish to those channels. By subscribing to those channels, a remote user may b...

CVE-2022-24721

The CVE-2022-24721 issue affects CometD’s Oort/Seti channels. In all versions prior to 5.0.11, 6.0.6, and 7.0.6, internal authorization is improper, allowing remote users to subscribe to or publish on these channels. Subscribing can enable viewing cluster-internal traffic; publishing can allow cr...

CVE-2021-24721 Loco Translate < 2.5.4 - Authenticated PHP Code Injection

The Loco Translate WordPress plugin before 2.5.4 mishandles data inputs which get saved to a file, which can be renamed to an extension ending in .php, resulting in authenticated "translator" users being able to inject PHP code into files ending with .php in web accessible locations...

CVE-2021-24721

CVE-2021-24721 affects the WordPress plugin Loco Translate prior to version 2.5.4 . The vulnerability arises because data inputs saved by the plugin can be renamed to a file ending in “.php,” allowing an authenticated translator user to inject PHP code into web‑accessible PHP files. Impact is tha...

CVE-2020-24721

The CVE-2020-24721 entry refers to the GAEN (Google/Apple Exposure Notifications) protocol used in Android/iOS COVID-19 apps. The issue is described as coercion of a user into proving or disproving an exposure notification due to the persistent state of a private framework. Connected sources (NVD...