Export limit exceeded: 339475 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (339475 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-27272 | 3 Ibm, Linux, Microsoft | 3 Aspera Console, Linux Kernel, Windows | 2025-08-17 | 3.1 Low |
| IBM Aspera Console 3.4.0 through 3.4.4 allows passwords to be reused when a new user logs into the system. | ||||
| CVE-2023-35894 | 1 Ibm | 2 Control Center, Sterling Control Center | 2025-08-17 | 5.4 Medium |
| IBM Control Center 6.2.1 through 6.3.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. | ||||
| CVE-2023-43035 | 3 Ibm, Linux, Microsoft | 6 Aix, Control Center, Linux On Ibm Z and 3 more | 2025-08-17 | 4 Medium |
| IBM Sterling Control Center 6.2.1, 6.3.1, and 6.4.0 allows web pages to be stored locally which can be read by another user on the system. | ||||
| CVE-2023-43039 | 3 Ibm, Linux, Microsoft | 3 Openpages With Watson, Linux Kernel, Windows | 2025-08-17 | 6.1 Medium |
| IBM OpenPages with Watson 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session | ||||
| CVE-2023-43037 | 1 Ibm | 1 Maximo Application Suite | 2025-08-16 | 6.5 Medium |
| IBM Maximo Application Suite 8.11 and 9.0 could allow an authenticated user to perform unauthorized actions due to improper input validation. | ||||
| CVE-2023-43052 | 1 Ibm | 1 Control Center | 2025-08-16 | 5.3 Medium |
| IBM Control Center 6.2.1 through 6.3.1 is vulnerable to an external service interaction attack, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to induce the application to perform server-side DNS lookups or HTTP requests to arbitrary domain names. By submitting suitable payloads, an attacker can cause the application server to attack other systems that it can interact with. | ||||
| CVE-2023-33861 | 2 Ibm, Linux | 2 Security Qradar Edr, Linux Kernel | 2025-08-16 | 6.5 Medium |
| IBM Security ReaQta EDR 3.12 could allow an attacker to spoof a trusted entity by interfering with the communication path between the host and client. | ||||
| CVE-2023-33844 | 1 Ibm | 1 Security Verify Governance | 2025-08-16 | 5.4 Medium |
| IBM Security Verify Governance 10.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | ||||
| CVE-2024-38341 | 1 Ibm | 1 Sterling Secure Proxy | 2025-08-16 | 5.9 Medium |
| IBM Sterling Secure Proxy 6.0.0.0 through 6.0.3.1, 6.1.0.0 through 6.1.0.0, and 6.2.0.0 through 6.2.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | ||||
| CVE-2025-55135 | 1 Agora Foundation | 1 Agora | 2025-08-16 | 6.4 Medium |
| In Agora Foundation Agora fall23-Alpha1 before 690ce56, there is XSS via a profile picture to server/controller/userController.js. Formats other than PNG, JPEG, and WEBP are permitted by server/routes/userRoutes.js; this includes SVG. | ||||
| CVE-2025-43986 | 1 Kuwfi | 1 Gc111 | 2025-08-16 | 9.8 Critical |
| An issue was discovered on KuWFi GC111 GC111-GL-LM321_V3.0_20191211 devices. The TELNET service is enabled by default and exposed over the WAN interface without authentication. | ||||
| CVE-2025-54679 | 2 Vertim, Wordpress | 2 Neon Channel Product Customizer Free, Wordpress | 2025-08-16 | 7.5 High |
| Missing Authorization vulnerability in vertim Neon Channel Product Customizer Free allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Neon Channel Product Customizer Free: from n/a through 2.0. | ||||
| CVE-2025-24766 | 2 Wordpress, Wp-royal-themes | 2 Wordpress, News Magazine X | 2025-08-16 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WP Royal Themes News Magazine X allows PHP Local File Inclusion. This issue affects News Magazine X: from n/a through 1.2.37. | ||||
| CVE-2025-54704 | 3 Elementor, Hashthemes, Wordpress | 3 Elementor, Easy Elementor Addons, Wordpress | 2025-08-16 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in hashthemes Easy Elementor Addons allows DOM-Based XSS. This issue affects Easy Elementor Addons: from n/a through 2.2.6. | ||||
| CVE-2025-30635 | 2 Themeatelier, Wordpress | 2 Idonate, Wordpress | 2025-08-16 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeAtelier IDonatePro allows PHP Local File Inclusion. This issue affects IDonatePro: from n/a through 2.1.9. | ||||
| CVE-2025-30639 | 2 Themeatelier, Wordpress | 2 Idonate, Wordpress | 2025-08-16 | 7.5 High |
| Missing Authorization vulnerability in ThemeAtelier IDonatePro allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects IDonatePro: from n/a through 2.1.9. | ||||
| CVE-2025-54691 | 2 Stylemix, Wordpress | 2 Motors, Wordpress | 2025-08-16 | 5.3 Medium |
| Authorization Bypass Through User-Controlled Key vulnerability in Stylemix Motors allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Motors: from n/a through 1.4.80. | ||||
| CVE-2025-54699 | 2 Masteriyo, Wordpress | 2 Masteriyo, Wordpress | 2025-08-16 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in masteriyo Masteriyo - LMS allows Stored XSS. This issue affects Masteriyo - LMS: from n/a through 1.18.3. | ||||
| CVE-2025-52775 | 2 Ronik Unlimitedwp, Wordpress | 2 Project Cost Calculator, Wordpress | 2025-08-16 | 7.1 High |
| Missing Authorization vulnerability in Ronik@UnlimitedWP Project Cost Calculator allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Project Cost Calculator: from n/a through 1.0.0. | ||||
| CVE-2025-48861 | 1 Bosch | 1 Ctrlx Os | 2025-08-16 | 5.3 Medium |
| A vulnerability in the Task API endpoint of the ctrlX OS setup mechanism allowed a remote, unauthenticated attacker to access and extract internal application data, including potential debug logs and the version of installed apps. | ||||