Search

Search Results (365349 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-45651 3 Ibm, Linux, Microsoft 4 Aix, Sterling Connect Direct Web Services, Linux Kernel and 1 more 2025-09-01 6.3 Medium
IBM Sterling Connect:Direct Web Services 6.1.0, 6.2.0, and 6.3.0 does not invalidate session after a browser closure which could allow an authenticated user to impersonate another user on the system.
CVE-2025-2987 1 Ibm 1 Maximo Asset Management 2025-09-01 3.8 Low
IBM Maximo Asset Management 7.6.1.3 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.
CVE-2025-27907 5 Hp, Ibm, Linux and 2 more 8 Hp-ux, Aix, I and 5 more 2025-09-01 4.1 Medium
IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.
CVE-2024-22351 3 Ibm, Linux, Microsoft 4 Aix, Infosphere Information Server, Linux Kernel and 1 more 2025-09-01 6.3 Medium
IBM InfoSphere Information 11.7 Server does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system.
CVE-2025-3218 1 Ibm 1 I 2025-09-01 5.4 Medium
IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 is vulnerable to authentication and authorization attacks due to incorrect validation processing in IBM i Netserver. A malicious actor could use the weaknesses, in conjunction with brute force authentication attacks or to bypass authority restrictions, to access the server.
CVE-2025-1993 1 Ibm 3 App Connect Enterprise Certified Container, App Connect Enterprise Certified Containers Operands, App Connect Operator 2025-08-31 5.1 Medium
IBM App Connect Enterprise Certified Container 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, 12.3, 12.4, 12.5, 12.6, 12.7, 12.8, 12.9, and 12.10 DesignerAuthoring instances store their flows in a database that is protected by weaker than expected cryptographic algorithms that could be decrypted by a local user.
CVE-2025-6992 2025-08-30 N/A
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2024-6633 1 Fortra 1 Filecatalyst Workflow 2025-08-29 9.8 Critical
The default credentials for the setup HSQL database (HSQLDB) for FileCatalyst Workflow are published in a vendor knowledgebase article. Misuse of these credentials could lead to a compromise of confidentiality, integrity, or availability of the software. The HSQLDB is only included to facilitate installation, has been deprecated, and is not intended for production use per vendor guides. However, users who have not configured FileCatalyst Workflow to use an alternative database per recommendations are vulnerable to attack from any source that can reach the HSQLDB.
CVE-2024-43684 1 Microchip 2 Timeprovider 4100, Timeprovider 4100 Firmware 2025-08-29 8.8 High
Cross-Site Request Forgery (CSRF) vulnerability in Microchip TimeProvider 4100 allows Cross Site Request Forgery, Cross-Site Scripting (XSS).This issue affects TimeProvider 4100: from 1.0.
CVE-2025-5819 1 Gitlab 1 Gitlab 2025-08-29 5 Medium
An issue has been discovered in GitLab CE/EE affecting all versions from 15.7 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that could have allowed authenticated users with developer access to obtain ID tokens for protected branches under certain circumstances.
CVE-2024-13580 1 Xavivars 1 Xv Random Quotes 2025-08-29 4.3 Medium
The XV Random Quotes WordPress plugin through 1.40 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin reset them via a CSRF attack
CVE-2024-13574 1 Xavivars 1 Xv Random Quotes 2025-08-29 7.1 High
The XV Random Quotes WordPress plugin through 1.40 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
CVE-2023-30258 1 Magnussolution 1 Magnusbilling 2025-08-29 9.8 Critical
Command Injection vulnerability in MagnusSolution magnusbilling 6.x and 7.x allows remote attackers to run arbitrary commands via unauthenticated HTTP request.
CVE-2018-18307 1 Alchemy-cms 1 Alchemy Cms 2025-08-29 N/A
A Stored XSS vulnerability has been discovered in version 4.1.0 of AlchemyCMS via the /admin/pictures image field. NOTE: the vendor's position is that this is not a valid report: "The researcher used an authorized cookie to perform the request to a password-protected route. Without that session cookie, the request would have been rejected as unauthorized."
CVE-2017-2624 2 Debian, X.org 2 Debian Linux, X Server 2025-08-29 N/A
It was found that xorg-x11-server before 1.19.0 including uses memcmp() to check the received MIT cookie against a series of valid cookies. If the cookie is correct, it is allowed to attach to the Xorg session. Since most memcmp() implementations return after an invalid byte is seen, this causes a time difference between a valid and invalid byte, which could allow an efficient brute force attack.
CVE-2017-12187 2 Debian, X.org 2 Debian Linux, X Server 2025-08-29 N/A
xorg-x11-server before 1.19.5 was missing length validation in RENDER extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.
CVE-2017-12186 2 Debian, X.org 2 Debian Linux, X Server 2025-08-29 N/A
xorg-x11-server before 1.19.5 was missing length validation in X-Resource extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.
CVE-2017-12185 2 Debian, X.org 2 Debian Linux, X Server 2025-08-29 N/A
xorg-x11-server before 1.19.5 was missing length validation in MIT-SCREEN-SAVER extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.
CVE-2017-12184 2 Debian, X.org 2 Debian Linux, X Server 2025-08-29 N/A
xorg-x11-server before 1.19.5 was missing length validation in XINERAMA extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.
CVE-2017-12183 2 Debian, X.org 2 Debian Linux, X Server 2025-08-29 N/A
xorg-x11-server before 1.19.5 was missing length validation in XFIXES extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.