Export limit exceeded: 366276 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (366276 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-55895 3 Ibm, Linux, Microsoft 4 Aix, Infosphere Information Server, Linux Kernel and 1 more 2025-09-01 2.7 Low
IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.
CVE-2025-0154 2 Ibm, Linux 3 Aix, Txseries For Multiplatforms, Linux Kernel 2025-09-01 5.3 Medium
IBM TXSeries for Multiplatforms 9.1 and 11.1 could disclose sensitive information to a remote attacker due to improper neutralization of HTTP headers.
CVE-2024-56474 2 Ibm, Linux 3 Aix, Txseries For Multiplatforms, Linux Kernel 2025-09-01 4.3 Medium
IBM TXSeries for Multiplatforms 9.1 and 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
CVE-2024-56476 2 Ibm, Linux 3 Aix, Txseries For Multiplatforms, Linux Kernel 2025-09-01 5.3 Medium
IBM TXSeries for Multiplatforms 9.1 and 11.1 could allow an attacker to enumerate usernames due to an observable login attempt response discrepancy.
CVE-2024-56475 2 Ibm, Linux 3 Aix, Txseries For Multiplatforms, Linux Kernel 2025-09-01 5.4 Medium
IBM TXSeries for Multiplatforms 9.1 and 11.1 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVE-2025-25023 1 Ibm 1 Security Guardium 2025-09-01 4.9 Medium
IBM Security Guardium 11.4 and 12.1 could allow a privileged user to read any file on the system due to incorrect privilege assignment.
CVE-2024-51461 1 Ibm 1 Qradar Wincollect 2025-09-01 4.3 Medium
IBM QRadar WinCollect Agent 10.0 through 10.1.13 could allow a remote attacker to cause a denial of service by interrupting an HTTP request that could consume memory resources.
CVE-2024-49825 1 Ibm 2 Robotic Process Automation, Robotic Process Automation For Cloud Pak 2025-09-01 6.3 Medium
IBM Robotic Process Automation and Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.20 and 23.0.0 through 23.0.20 does not invalidate session after a logout which could allow an authenticated user to impersonate another user on the system.
CVE-2024-49808 3 Ibm, Linux, Microsoft 4 Aix, Sterling Connect Direct Web Services, Linux Kernel and 1 more 2025-09-01 6.3 Medium
IBM Sterling Connect:Direct Web Services 6.1.0, 6.2.0, and 6.3.0 could allow an authenticated user to spoof the identity of another user due to improper authorization which could allow the user to bypass access restrictions.
CVE-2024-45651 3 Ibm, Linux, Microsoft 4 Aix, Sterling Connect Direct Web Services, Linux Kernel and 1 more 2025-09-01 6.3 Medium
IBM Sterling Connect:Direct Web Services 6.1.0, 6.2.0, and 6.3.0 does not invalidate session after a browser closure which could allow an authenticated user to impersonate another user on the system.
CVE-2025-2987 1 Ibm 1 Maximo Asset Management 2025-09-01 3.8 Low
IBM Maximo Asset Management 7.6.1.3 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.
CVE-2025-27907 5 Hp, Ibm, Linux and 2 more 8 Hp-ux, Aix, I and 5 more 2025-09-01 4.1 Medium
IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.
CVE-2024-22351 3 Ibm, Linux, Microsoft 4 Aix, Infosphere Information Server, Linux Kernel and 1 more 2025-09-01 6.3 Medium
IBM InfoSphere Information 11.7 Server does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system.
CVE-2025-3218 1 Ibm 1 I 2025-09-01 5.4 Medium
IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 is vulnerable to authentication and authorization attacks due to incorrect validation processing in IBM i Netserver. A malicious actor could use the weaknesses, in conjunction with brute force authentication attacks or to bypass authority restrictions, to access the server.
CVE-2025-1993 1 Ibm 3 App Connect Enterprise Certified Container, App Connect Enterprise Certified Containers Operands, App Connect Operator 2025-08-31 5.1 Medium
IBM App Connect Enterprise Certified Container 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, 12.3, 12.4, 12.5, 12.6, 12.7, 12.8, 12.9, and 12.10 DesignerAuthoring instances store their flows in a database that is protected by weaker than expected cryptographic algorithms that could be decrypted by a local user.
CVE-2025-6992 2025-08-30 N/A
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2024-6633 1 Fortra 1 Filecatalyst Workflow 2025-08-29 9.8 Critical
The default credentials for the setup HSQL database (HSQLDB) for FileCatalyst Workflow are published in a vendor knowledgebase article. Misuse of these credentials could lead to a compromise of confidentiality, integrity, or availability of the software. The HSQLDB is only included to facilitate installation, has been deprecated, and is not intended for production use per vendor guides. However, users who have not configured FileCatalyst Workflow to use an alternative database per recommendations are vulnerable to attack from any source that can reach the HSQLDB.
CVE-2024-43684 1 Microchip 2 Timeprovider 4100, Timeprovider 4100 Firmware 2025-08-29 8.8 High
Cross-Site Request Forgery (CSRF) vulnerability in Microchip TimeProvider 4100 allows Cross Site Request Forgery, Cross-Site Scripting (XSS).This issue affects TimeProvider 4100: from 1.0.
CVE-2025-5819 1 Gitlab 1 Gitlab 2025-08-29 5 Medium
An issue has been discovered in GitLab CE/EE affecting all versions from 15.7 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that could have allowed authenticated users with developer access to obtain ID tokens for protected branches under certain circumstances.
CVE-2024-13580 1 Xavivars 1 Xv Random Quotes 2025-08-29 4.3 Medium
The XV Random Quotes WordPress plugin through 1.40 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin reset them via a CSRF attack