Security Vulnerabilities - CVEs Published In 2024
IBM InfoSphere Information Server 11.7 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim.
CVSS Score
5.2
EPSS Score
0.0
Published
2024-12-19
iperf v3.17.1 was discovered to contain a segmentation violation via the iperf_exchange_parameters() function.
CVSS Score
7.5
EPSS Score
0.007
Published
2024-12-18
A reflected Cross-Site Scripting vulnerability in the standard documentation upload functionality in Portabilis i-Educar 2.9 allows attacker to craft malicious urls with arbitrary javascript in the 'titulo_documento' parameter.
CVSS Score
5.4
EPSS Score
0.0
Published
2024-12-18
SeaCMS <=13.0 is vulnerable to command execution in phome.php via the function Ebak_RepPathFiletext().
CVSS Score
9.8
EPSS Score
0.02
Published
2024-12-18
An IDOR vulnerability in CodeAstro's Complaint Management System v1.0 (version with 0 updates) enables an attacker to execute arbitrary code and obtain sensitive information via the delete.php file and modifying the id parameter.
CVSS Score
8.8
EPSS Score
0.002
Published
2024-12-18
A vulnerability in Amiro.CMS before 7.8.4 exists due to the failure to take measures to neutralize special elements. It allows remote attackers to conduct a Cross-Site Scripting (XSS) attack.
CVSS Score
6.1
EPSS Score
0.003
Published
2024-12-18
A Cross-Site Request Forgery vulnerability in Amiro.CMS before 7.8.4 allows remote attackers to create an administrator account.
CVSS Score
8.8
EPSS Score
0.008
Published
2024-12-18
A library injection vulnerability exists in Microsoft OneNote 16.83 for macOS. A specially crafted library can leverage OneNote's access privileges, leading to a permission bypass. A malicious application could inject a library and start the program to trigger this vulnerability and then make use of the vulnerable application's permissions.
CVSS Score
7.1
EPSS Score
0.0
Published
2024-12-18
A library injection vulnerability exists in Microsoft Word 16.83 for macOS. A specially crafted library can leverage Word's access privileges, leading to a permission bypass. A malicious application could inject a library and start the program to trigger this vulnerability and then make use of the vulnerable application's permissions.
CVSS Score
7.1
EPSS Score
0.001
Published
2024-12-18
A library injection vulnerability exists in Microsoft Teams (work or school) 24046.2813.2770.1094 for macOS. A specially crafted library can leverage Teams's access privileges, leading to a permission bypass. A malicious application could inject a library and start the program to trigger this vulnerability and then make use of the vulnerable application's permissions.
CVSS Score
7.1
EPSS Score
0.001
Published
2024-12-18