CVE-2024-32785

Cross-Site Request Forgery CSRF vulnerability in Webangon The Pack Elementor addons allows Cross-Site Scripting XSS.This issue affects The Pack Elementor addons: from n/a through 2.0.8.3...

CVE-2024-50453

Relative Path Traversal vulnerability in webangon The Pack Elementor addons the-pack-addon allows PHP Local File Inclusion.This issue affects The Pack Elementor addons: from n/a through = 2.0.9...

CVE-2024-50465

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WP SEO – Calin Vingan Premium SEO Pack allows SQL Injection.This issue affects Premium SEO Pack: from n/a through 1.6.001...

Security Bulletin: IBM B2B Advanced Communications is vulnerable to issues due to Java SDK (CVE-2022-40609)

Summary IBM B2B Advanced Communications has addressed vulnerabilities in Java SDK shipped with product. Vulnerability Details CVEID:CVE-2022-40609 DESCRIPTION: IBM SDK, Java Technology Edition 7.1.5.18 and 8.0.8.0 could allow a remote attacker to execute arbitrary code on the system, caused by an...

CVE-2024-33568

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal', Deserialization of Untrusted Data vulnerability in BdThemes Element Pack Pro allows Path Traversal, Object Injection.This issue affects Element Pack Pro: from n/a before 7.19.3...

SUSE-SU-2025:20054-1 Security update for kubevirt

This update for kubevirt fixes the following issues: - Update to version 1.3.1 Release notes https://github.com/kubevirt/kubevirt/releases/tag/v1.3.1 Release notes https://github.com/kubevirt/kubevirt/releases/tag/v1.3.0 - Fix DV error report via VM printable status - Fix permission error in...

Security Bulletin: IBM Financial Transaction Manager for SWIFT Services for Multiplatforms is vulnerable to cross-site scripting.

Summary IBM Financial Transaction Manager for SWIFT Services for Multiplatforms is vulnerable to cross-site scripting CVE-2024-49349. Vulnerability Details CVEID:CVE-2024-49349 DESCRIPTION: IBM Financial Transaction Manager for SWIFT Services is vulnerable to cross-site scripting. This...

The vulnerability of the content_security_policy function in the Action Pack interpreter for Ruby allows attackers to perform cross-site scripting (XSS) attacks.

The vulnerability of the contentsecuritypolicy function in the Action Pack interpreter for Ruby is related to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability could allow a malicious actor, operating remotely, to perform cross-site scripting attacks...

Security Bulletin: IBM MQ is vulnerable to a denial of service (CVE-2024-40680)

Summary IBM MQ has addressed a denial of service vulnerability. Vulnerability Details CVEID:CVE-2024-40680 DESCRIPTION: IBM MQ could allow a local user to cause a denial of service due to improper memory allocation causing a segmentation fault. CVSS Base score: 6.2 CVSS Temporal Score: See:...

Security Bulletin: IBM Maximo Application Suite - AI Broker Component component uses spring-webflux-6.1.13.jar which is vulnerable to this CVE-2024-38819

Summary Security Bulletin: IBM Maximo Application Suite - AI Broker Component component uses spring-webflux-6.1.13.jar which is vulnerable to this CVE-2024-38819. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-38819 DESCRIPTION...

Security Bulletin: IBM Maximo Application Suite - AI Broker Component uses jsonpath-plus-9.0.0.tgz which is vulnerable to this CVE-2024-21534

Summary Security Bulletin: IBM Maximo Application Suite - AI Broker Component uses jsonpath-plus-9.0.0.tgz which is vulnerable to this CVE-2024-21534. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-21534 DESCRIPTION: Versions o...

Security Bulletin: IBM Maximo Application Suite uses grpc-js-1.8.21.tgz which is vulnerable to CVE-2024-37168

Summary IBM Maximo Application Suite uses grpc-js-1.8.21.tgz which is vulnerable to CVE-2024-37168. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-37168 DESCRIPTION: gRPC on Node.js is vulnerable to a denial of service, caused ...

Security Bulletin: IBM Maximo Application Suite IoT Component uses setuptools-68.0.0-py3-none-any.whl which is vulnerable to CVE-2024-6345

Summary IBM Maximo Application Suite IoT Component uses setuptools-68.0.0-py3-none-any.whl which is vulnerable to CVE-2024-6345. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-6345 DESCRIPTION: pypa/setuptools could allow a...

Security Bulletin: IBM MQ Console is affected by a denial of service vulnerability (CVE-2024-51471)

Summary IBM MQ has addressed a denial of service vulnerability in the IBM MQ console Vulnerability Details CVEID:CVE-2024-51471 DESCRIPTION: IBM MQ web console could allow an authenticated user to cause a denial-of-service when trace is enabled due to information being written into memory outside...

Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM WebSphere Hybrid Edition, is vulnerable to a denial of service (CVE-2024-45085)

Summary IBM WebSphere Application Server, which is bundled with IBM WebSphere Hybrid Edition, is vulnerable to a denial of service when a JSF application configured with Sun Reference Implementation 1.2 is deployed. Vulnerability Details Refer to the security bulletins listed in the...

Security Bulletin: IBM Master Data Management is vulnerable to stored cross-site scripting from vulnerability found in IBM WebSphere Application Server (CVE-2024-45073)

Summary IBM Master Data Management Server 11.6, 12.0, and 14.0 are vulnerable from IBM WebSphere Application Server with vulnerability in stored cross-site scripting. IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged...

Security Bulletin: IBM Maximo Application Suite - AI Broker Component uses spring-security-web-6.3.3.jar which is vulnerable to this CVE-2024-38821

Summary Security Bulletin: IBM Maximo Application Suite - AI Broker Component uses spring-security-web-6.3.3.jar which is vulnerable to this CVE-2024-38821. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-38821 DESCRIPTION: VMwa...

Security Bulletin: IBM Maximo Application Suite - AI Broker Component component uses werkzeug-3.0.3-py3-none-any.whl which is vulnerable to this CVE-2024-49766 and CVE-2024-49767

Summary Security Bulletin: IBM Maximo Application Suite - AI Broker Component component uses werkzeug-3.0.3-py3-none-any.whl which is vulnerable to this CVE-2024-49766 and CVE-2024-49767. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details...

Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM Cloud Pak for Applications, is vulnerable to cross-site scripting (CVE-2024-45087)

Summary IBM WebSphere Application Server, which is bundled with IBM Cloud Pak for Applications, is vulnerable to cross-site scripting in the administrative console. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affecte...

Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM WebSphere Hybrid Edition, is vulnerable to stored cross-site scripting (CVE-2024-45071)

Summary IBM WebSphere Application Server, which is bundled with IBM WebSphere Hybrid Edition, is vulnerable to stored cross-site scripting in the administrative console. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions...