Search

Search Results (365269 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-3630 3 Ibm, Linux, Microsoft 5 Aix, Sterling B2b Integrator, Sterling File Gateway and 2 more 2025-08-24 6.4 Medium
IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.6, 6.2.0.0 through 6.2.0.4, IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6, and 6.2.0.0 through 6.2.0.4 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVE-2025-27367 3 Ibm, Linux, Microsoft 3 Openpages With Watson, Linux Kernel, Windows 2025-08-24 5.3 Medium
IBM OpenPages with Watson 8.3 and 9.0 is vulnerable to improper input validation due to bypassing of client-side validation for the data types and requiredness of fields for GRC Objects when an authenticated user sends a specially crafted payload to the server allowing for data to be saved without storing the required fields.
CVE-2025-27369 3 Ibm, Linux, Microsoft 3 Openpages With Watson, Linux Kernel, Windows 2025-08-24 4.3 Medium
IBM OpenPages with Watson 8.3 and 9.0 is vulnerable to information disclosure of sensitive information due to a weaker than expected security for certain REST end points used for the administration of OpenPages. An authenticated user is able to obtain certain information about system configuration and internal state which is only intended for administrators of the system.
CVE-2025-2793 3 Ibm, Linux, Microsoft 5 Aix, Sterling B2b Integrator, Sterling File Gateway and 2 more 2025-08-24 5.4 Medium
IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.6, 6.2.0.0 through 6.2.0.4, IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6, and 6.2.0.0 through 6.2.0.4 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVE-2025-2827 3 Ibm, Linux, Microsoft 4 Aix, Sterling File Gateway, Linux Kernel and 1 more 2025-08-24 4.3 Medium
IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6, and 6.2.0.0 through 6.2.0.4 could disclose sensitive installation directory information to an authenticated user that could be used in further attacks against the system.
CVE-2024-49783 3 Ibm, Linux, Microsoft 3 Openpages With Watson, Linux Kernel, Windows 2025-08-24 5.3 Medium
IBM OpenPages with Watson 8.3 and 9.0 could provide weaker than expected security in storage of encrypted data. If an authenticated remote attacker with access to the database or a local attacker with access to server files could extract the encrypted data, they could exploit this vulnerability to use additional cryptographic methods to possibly extract the encrypted data.
CVE-2024-49784 3 Ibm, Linux, Microsoft 3 Openpages With Watson, Linux Kernel, Windows 2025-08-24 5.3 Medium
IBM OpenPages with Watson 8.3 and 9.0 could provide weaker than expected security in storage of encrypted data with AES encryption and CBC mode. If an authenticated remote attacker with access to the database or a local attacker with access to server files could extract the encrypted data values they could exploit this weaker algorithm to use additional cryptographic methods to possibly extract the encrypted data.
CVE-2024-56468 1 Ibm 1 Infosphere Data Replication 2025-08-24 7.5 High
IBM InfoSphere Data Replication VSAM for z/OS Remote Source 11.4 could allow a remote user to cause a denial of service by sending an invalid HTTP request to the log reading service.
CVE-2025-1112 3 Ibm, Linux, Microsoft 3 Openpages With Watson, Linux Kernel, Windows 2025-08-24 4.3 Medium
IBM OpenPages with Watson 8.3 and 9.0 could allow an authenticated user to obtain sensitive information that should only be available to privileged users.
CVE-2025-2670 1 Ibm 2 Openpages, Openpages With Watson 2025-08-24 4.3 Medium
IBM OpenPages 9.0 is vulnerable to information disclosure of sensitive information due to a weaker than expected security for certain REST end points related to workflow feature of OpenPages. An authenticated user is able to obtain certain information about Workflow related configuration and internal state.
CVE-2025-36090 1 Ibm 1 Analytics Content Hub 2025-08-24 4.3 Medium
IBM Analytics Content Hub 2.0, 2.1, 2.2, and 2.3 could allow a remote attacker to obtain information about the application framework which could be used in reconnaissance to gather information for future attacks from a detailed technical error message.
CVE-2024-37524 1 Ibm 1 Analytics Content Hub 2025-08-24 5.3 Medium
IBM Analytics Content Hub 2.0, 2.1, 2.2, and 2.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser.
CVE-2025-9304 2 Oretnom23, Sourcecodester 2 Online Bank Management System, Online Bank Management System 2025-08-23 7.3 High
A weakness has been identified in SourceCodester Online Bank Management System 1.0. Impacted is an unknown function of the file /bank/show.php. Executing manipulation of the argument ID can lead to sql injection. The attack may be performed from a remote location. The exploit has been made available to the public and could be exploited.
CVE-2025-9302 1 Phpgurukul 1 User Management System 2025-08-23 7.3 High
A vulnerability was identified in PHPGurukul User Management System 1.0. This vulnerability affects unknown code of the file /signup.php. Such manipulation of the argument emailid leads to sql injection. The attack can be executed remotely. The exploit is publicly available and might be used.
CVE-2025-9305 2 Oretnom23, Sourcecodester 2 Online Bank Management System, Online Bank Management System 2025-08-23 7.3 High
A security vulnerability has been detected in SourceCodester Online Bank Management System 1.0. The affected element is an unknown function of the file /bank/mnotice.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used.
CVE-2025-9307 1 Phpgurukul 1 Online Course Registration 2025-08-23 7.3 High
A flaw has been found in PHPGurukul Online Course Registration 3.1. This affects an unknown function of the file /admin/session.php. This manipulation of the argument sesssion causes sql injection. The attack can be initiated remotely. The exploit has been published and may be used.
CVE-2025-55742 2 Unopim, Webkul 2 Unopim, Unopim 2025-08-23 8 High
UnoPim is an open-source Product Information Management (PIM) system built on the Laravel framework. Before 0.2.1, UnoPim contains a stored cross-site scripting vulnerability via SVG MIME/sanitizer bypass in the /admin/settings/users/create endpoint. This vulnerability is fixed in 0.2.1.
CVE-2025-55744 2 Unopim, Webkul 2 Unopim, Unopim 2025-08-23 4.3 Medium
UnoPim is an open-source Product Information Management (PIM) system built on the Laravel framework. Before 0.2.1, some of the endpoints of the application is vulnerable to Cross site Request forgery (CSRF). This vulnerability is fixed in 0.2.1.
CVE-2025-55743 2 Unopim, Webkul 2 Unopim, Unopim 2025-08-23 8.8 High
UnoPim is an open-source Product Information Management (PIM) system built on the Laravel framework. Before 0.2.1, the image upload at the user creation feature performs only client side file type validation. A user can capture the request by uploading an image, capture the request through a Proxy like Burp suite. Make changes to the file extension and content. The vulnerability is fixed in 0.2.1.
CVE-2025-55745 1 Unopim 1 Unopim 2025-08-23 N/A
UnoPim is an open-source Product Information Management (PIM) system built on the Laravel framework. Versions 0.3.0 and prior are vulnerable to CSV injection, also known as formula injection, in the Quick Export feature. This vulnerability allows attackers to inject malicious content into exported CSV files. When the CSV file is opened in spreadsheet applications such as Microsoft Excel, the malicious input may be interpreted as a formula or command, potentially resulting in the execution of arbitrary code on the victim's device. Successful exploitation can lead to remote code execution, including the establishment of a reverse shell. Users are advised to upgrade to version 0.3.1 or later.