Search

Search Results (364887 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-47324 1 Qualcomm 3 Qca7005, Qca7005 Firmware, Snapdragon 2025-08-18 7.5 High
Information disclosure while accessing and modifying the PIB file of a remote device via powerline.
CVE-2024-45674 1 Ibm 4 Security Verify Bridge, Security Verify Bridge Directory Sync, Security Verify Gateway For Radius and 1 more 2025-08-18 3.3 Low
IBM Security Verify Bridge Directory Sync 1.0.1 through 1.0.12, IBM Security Verify Gateway for Windows Login 1.0.1 through 1.0.10, and IBM Security Verify Gateway for Radius 1.0.1 through 1.0.11 stores potentially sensitive information in log files that could be read by a local user.
CVE-2025-25206 1 Elabftw 1 Elabftw 2025-08-18 8.3 High
eLabFTW is an open source electronic lab notebook for research labs. Prior to version 5.1.15, an incorrect input validation could allow an authenticated user to read sensitive information, including login token or other content stored in the database. This could lead to privilege escalation if cookies are enabled (default setting). Users must upgrade to eLabFTW version 5.1.15 to receive a fix. No known workarounds are available.
CVE-2025-26603 2 Netapp, Vim 2 Hci Compute Node, Vim 2025-08-18 4.2 Medium
Vim is a greatly improved version of the good old UNIX editor Vi. Vim allows to redirect screen messages using the `:redir` ex command to register, variables and files. It also allows to show the contents of registers using the `:registers` or `:display` ex command. When redirecting the output of `:display` to a register, Vim will free the register content before storing the new content in the register. Now when redirecting the `:display` command to a register that is being displayed, Vim will free the content while shortly afterwards trying to access it, which leads to a use-after-free. Vim pre 9.1.1115 checks in the ex_display() function, that it does not try to redirect to a register while displaying this register at the same time. However this check is not complete, and so Vim does not check the `+` and `*` registers (which typically donate the X11/clipboard registers, and when a clipboard connection is not possible will fall back to use register 0 instead. In Patch 9.1.1115 Vim will therefore skip outputting to register zero when trying to redirect to the clipboard registers `*` or `+`. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CVE-2025-20051 1 Mattermost 2 Mattermost, Mattermost Server 2025-08-18 9.9 Critical
Mattermost versions 10.4.x <= 10.4.1, 9.11.x <= 9.11.7, 10.3.x <= 10.3.2, 10.2.x <= 10.2.2 fail to properly validate input when patching and duplicating a board, which allows a user to read any arbitrary file on the system via duplicating a specially crafted block in Boards.
CVE-2025-0160 1 Ibm 1 Storage Virtualize 2025-08-18 8.1 High
IBM FlashSystem (IBM Storage Virtualize (8.5.0.0 through 8.5.0.13, 8.5.1.0, 8.5.2.0 through 8.5.2.3, 8.5.3.0 through 8.5.3.1, 8.5.4.0, 8.6.0.0 through 8.6.0.5, 8.6.1.0, 8.6.2.0 through 8.6.2.1, 8.6.3.0, 8.7.0.0 through 8.7.0.2, 8.7.1.0, 8.7.2.0 through 8.7.2.1) could allow a remote attacker with access to the system to execute arbitrary Java code due to improper restrictions in the RPCAdapter service.
CVE-2025-27423 2 Netapp, Vim 2 Hci Compute Node, Vim 2025-08-18 7.1 High
Vim is an open source, command line text editor. Vim is distributed with the tar.vim plugin, that allows easy editing and viewing of (compressed or uncompressed) tar files. Starting with 9.1.0858, the tar.vim plugin uses the ":read" ex command line to append below the cursor position, however the is not sanitized and is taken literally from the tar archive. This allows to execute shell commands via special crafted tar archives. Whether this really happens, depends on the shell being used ('shell' option, which is set using $SHELL). The issue has been fixed as of Vim patch v9.1.1164
CVE-2025-26484 1 Dell 1 Cloudlink 2025-08-18 5.5 Medium
Dell CloudLink, versions 8.0 through 8.1.1, contains an Improper Restriction of XML External Entity Reference vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Denial of service.
CVE-2024-27256 1 Ibm 2 Mq Operator, Supplied Mq Advanced Container Images 2025-08-18 5.9 Medium
IBM MQ Container 3.0.0, 3.0.1, 3.1.0 through 3.1.3 CD, 2.0.0 LTS through 2.0.22 LTS and 2.4.0 through 2.4.8, 2.3.0 through 2.3.3, 2.2.0 through 2.2.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
CVE-2024-56477 1 Ibm 1 Power Hardware Management Console 2025-08-18 6.5 Medium
IBM Power Hardware Management Console V10.3.1050.0 could allow an authenticated user to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system.
CVE-2024-55904 1 Ibm 2 Devops Deploy, Urbancode Deploy 2025-08-18 7.2 High
IBM DevOps Deploy 8.0 through 8.0.1.4, 8.1 through 8.1.0.0 / IBM UrbanCode Deploy 7.0 through 7.0.5.25, 7.1 through 7.1.2.21, 7.2 through 7.2.3.14, and 7.3 through 7.3.2.9 could allow a remote privileged authenticated attacker to execute arbitrary commands on the system by sending specially crafted input containing special elements.
CVE-2025-1240 1 Winzip 1 Winzip 2025-08-18 8.8 High
WinZip 7Z File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of WinZip. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of 7Z files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24986.
CVE-2025-36613 1 Dell 2 Supportassist For Business Pcs, Supportassist For Home Pcs 2025-08-18 2.8 Low
SupportAssist for Home PCs versions 4.6.3 and prior and SupportAssist for Business PCs versions 4.5.3 and prior, contain(s) an Incorrect Privilege Assignment vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to unauthorized access.
CVE-2024-37526 1 Ibm 2 Data Virtualization On Cloud Pak For Data, Watson Query With Cloud Pak For Data 2025-08-18 6.5 Medium
IBM Watson Query on Cloud Pak for Data (IBM Data Virtualization 1.8, 2.0, 2.1, 2.2, and 3.0.0) could allow an authenticated user to obtain sensitive information from objects published using Watson Query due to an improper data protection mechanism.
CVE-2024-38320 6 Apple, Hp, Ibm and 3 more 10 Macos, Hp-ux, Aix and 7 more 2025-08-18 5.9 Medium
IBM Storage Protect for Virtual Environments: Data Protection for VMware and Storage Protect Backup-Archive Client 8.1.0.0 through 8.1.23.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
CVE-2025-33142 5 Hp, Ibm, Linux and 2 more 8 Hp-ux, Aix, I and 5 more 2025-08-18 5.3 Medium
IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security for TLS connections.
CVE-2023-46187 1 Ibm 2 Infosphere Master Data Management, Infosphere Master Data Management Server 2025-08-18 5.4 Medium
IBM InfoSphere Master Data Management 11.6, 12.0, and 14.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVE-2023-38009 3 Apple, Google, Ibm 4 Iphone Os, Android, Cognos Analytics and 1 more 2025-08-18 4.2 Medium
IBM Cognos Mobile Client 1.1 iOS may be vulnerable to information disclosure through man in the middle techniques due to the lack of certificate pinning.
CVE-2024-51457 1 Ibm 2 Robotic Process Automation, Robotic Process Automation For Cloud Pak 2025-08-18 4.4 Medium
IBM Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.19 and 23.0.0 through 23.0.19 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVE-2024-45652 1 Ibm 1 Maximo Asset Management 2025-08-18 6.5 Medium
IBM Maximo MXAPIASSET API 7.6.1.3 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system.