Security Vulnerabilities - CVEs Published In December 2024
Unrestricted file upload via security bypass in Convert Forms component for Joomla in versions before 4.4.8.
CVSS Score
9.8
EPSS Score
0.004
Published
2024-12-04
Reflected Cross site scripting vulnerability in Convert Forms component for Joomla in versions before 4.4.8.
CVSS Score
5.4
EPSS Score
0.001
Published
2024-12-04
IBM App Connect Enterprise Certified Container 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, and 12.3 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request.
CVSS Score
8.8
EPSS Score
0.002
Published
2024-12-04
In JetBrains YouTrack before 2024.3.51866 system takeover was possible through path traversal in plugin sandbox
CVSS Score
8.0
EPSS Score
0.002
Published
2024-12-04
In JetBrains YouTrack before 2024.3.51866 improper access control allowed listing of project names during app import without authentication
CVSS Score
3.7
EPSS Score
0.0
Published
2024-12-04
In JetBrains YouTrack before 2024.3.52635 multiple merge functions were vulnerable to prototype pollution attack
CVSS Score
4.2
EPSS Score
0.0
Published
2024-12-04
In JetBrains YouTrack before 2024.3.52635 potential ReDoS was possible due to vulnerable RegExp in Ruby syntax detector
CVSS Score
4.3
EPSS Score
0.0
Published
2024-12-04
In JetBrains YouTrack before 2024.3.52635 potential spoofing attack was possible via lack of Punycode encoding
CVSS Score
3.5
EPSS Score
0.0
Published
2024-12-04
The WPBITS Addons For Elementor Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.
CVSS Score
6.4
EPSS Score
0.0
Published
2024-12-04
In JetBrains YouTrack before 2024.3.51866 unauthenticated database backup download was possible via vulnerable query parameter
CVSS Score
3.1
EPSS Score
0.0
Published
2024-12-04