Skip to main content
CVE-2024-1243 HIGH POC PATCH This Week

CVE-2024-1243 is an improper input validation vulnerability in Wazuh agent for Windows (versions prior to 4.8.0) that allows attackers with control over the Wazuh server or possession of agent keys to redirect agents to malicious UNC paths, resulting in NetNTLMv2 hash leakage. The leaked hash can be relayed for remote code execution or abused for privilege escalation to SYSTEM level via AD CS certificate forging. This vulnerability represents a critical supply-chain/credential-leakage risk for Windows environments using Wazuh, though exploitation requires elevated privileges (high PR requirement) and knowledge of agent keys or server compromise.

Microsoft RCE Wazuh Windows
NVD GitHub
CVSS 3.1
7.2
EPSS
0.5%
CVE-2025-41662 HIGH This Week

Rejected reason: CVE-2025-41662 is considered redundant or unnecessary and thus should be withdrawn. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
8.8
EPSS
8.0%
CVE-2025-32711 CRITICAL POC Act Now

CVE-2025-32711 is an AI command injection vulnerability in Microsoft 365 Copilot that enables unauthenticated network-based attacks to disclose sensitive information without user interaction. The vulnerability affects M365 Copilot deployments and allows attackers to inject malicious commands that bypass normal authorization controls. With a critical CVSS score of 9.3 and no authentication requirement, this poses an immediate risk to organizations using Copilot features; exploitation status and POC availability require confirmation through Microsoft security advisories.

Command Injection Microsoft Information Disclosure 365 Copilot
NVD GitHub
CVSS 3.1
9.3
EPSS
3.4%
CVE-2025-41663 CRITICAL Act Now

Critical command injection vulnerability in u-link Management API that allows unauthenticated remote attackers positioned as man-in-the-middle (MITM) to inject arbitrary commands into WWH server responses, which are then executed with elevated privileges. The vulnerability requires clients to use insecure proxy configurations to exploit, resulting in complete system compromise (CVSS 9.8). While no public POC or KEV listing is available at publication, the attack vector is network-based with low complexity, making this a significant priority for organizations using u-link with proxy infrastructure.

Command Injection RCE Privilege Escalation Authentication Bypass
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-40914 CRITICAL PATCH Act Now

Perl CryptX before version 0.087 contains an embedded version of the libtommath library vulnerable to integer overflow (CVE-2023-36328), enabling remote code execution with no authentication required. This affects all users of vulnerable CryptX versions; attackers can exploit the integer overflow to achieve complete system compromise including confidentiality, integrity, and availability breaches. The vulnerability carries a critical CVSS 9.8 score with network-accessible attack vector and no user interaction requirements.

Integer Overflow Suse
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-40912 CRITICAL PATCH Act Now

A security vulnerability in CryptX (CVSS 9.8). Critical severity with potential for significant impact on affected systems. Vendor patch is available.

Information Disclosure
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-49710 CRITICAL PATCH Act Now

An integer overflow vulnerability exists in the OrderedHashTable component of Firefox's JavaScript engine, allowing remote attackers to achieve arbitrary code execution without requiring user interaction or elevated privileges. This critical flaw affects Firefox versions prior to 139.0.4 and carries a maximum CVSS score of 9.8, indicating severe real-world risk with network-based attack vectors requiring no user interaction.

Mozilla Integer Overflow Buffer Overflow
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-49709 CRITICAL PATCH Act Now

Critical memory corruption vulnerability in Firefox canvas operations that allows unauthenticated remote attackers to achieve arbitrary code execution with no user interaction required. Firefox versions prior to 139.0.4 are affected. The vulnerability has a near-perfect CVSS score of 9.8 due to network accessibility, low attack complexity, and complete compromise of confidentiality, integrity, and availability.

Mozilla Memory Corruption Buffer Overflow
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2024-1244 CRITICAL Act Now

A remote code execution vulnerability in the OSSEC HIDS agent for Windows (CVSS 9.5) that allows an attacker. Critical severity with potential for significant impact on affected systems.

Microsoft RCE Windows
NVD
CVSS 4.0
9.5
EPSS
0.5%
CVE-2025-30085 CRITICAL Act Now

A remote code execution vulnerability (CVSS 9.2). Critical severity with potential for significant impact on affected systems.

RCE Joomla PHP Privilege Escalation
NVD
CVSS 4.0
9.2
EPSS
0.8%
CVE-2025-5395 HIGH This Week

The WordPress Automatic Plugin (all versions up to 3.115.0) contains an arbitrary file upload vulnerability in core.php due to insufficient file type validation, allowing authenticated attackers with Author-level or higher privileges to upload malicious files and potentially achieve remote code execution. This is a high-severity vulnerability (CVSS 8.8) affecting a widely-deployed WordPress plugin; real-world exploitation requires valid WordPress credentials at Author level or above, but successful exploitation enables complete server compromise.

WordPress RCE PHP Privilege Escalation
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2025-4315 HIGH PATCH This Week

CubeWP - All-in-One Dynamic Content Framework plugin for WordPress versions up to 1.1.23 contains a privilege escalation vulnerability that allows authenticated attackers with Subscriber-level access to elevate their privileges to administrator through arbitrary user meta manipulation. The vulnerability exploits improper access controls on the update_user_meta() function, enabling account takeover and full site compromise. No active exploitation in the wild has been confirmed at this time, but the low attack complexity and high impact make this a critical remediation priority.

WordPress Privilege Escalation PHP Cubewp
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-41661 HIGH This Week

Critical CSRF vulnerability affecting network devices that allows unauthenticated remote attackers to execute arbitrary commands with root privileges by exploiting missing CSRF protections. The vulnerability requires minimal user interaction and presents an exceptionally high real-world risk due to its network-accessible attack vector, root-level command execution capability, and lack of authentication requirements. Active exploitation status and proof-of-concept availability should be confirmed through CISA KEV and exploit databases, as this combination of factors (no auth + remote + root RCE) typically indicates urgent patch deployment.

CSRF RCE Privilege Escalation Authentication Bypass
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-48446 HIGH PATCH This Week

CVE-2025-48446 is an Incorrect Authorization vulnerability (CWE-863) in the Drupal Commerce Alphabank Redirect module that allows unauthenticated attackers to misuse functionality through a network-based attack requiring user interaction. The vulnerability affects Commerce Alphabank Redirect versions prior to 1.0.3, with a CVSS score of 8.8 indicating high severity across confidentiality, integrity, and availability impacts. No public indicators of active exploitation or proof-of-concept code are currently documented, but the high CVSS score and authorization bypass nature warrant immediate patching.

Authentication Bypass Drupal PHP Commerce Alphabank Redirect
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-48445 HIGH PATCH This Week

CVE-2025-48445 is an Incorrect Authorization vulnerability (CWE-863) in Drupal Commerce Eurobank (Redirect) payment module versions before 2.1.1 that allows unauthenticated attackers to misuse functionality through a network-based attack requiring user interaction. With a CVSS score of 8.8 and high impact across confidentiality, integrity, and availability, this vulnerability affects payment processing workflows in Drupal e-commerce installations. The vulnerability requires user interaction (UI:R) but no authentication (PR:N), making it exploitable by attackers who can socially engineer victims or intercept redirect flows in payment processing.

Authentication Bypass Drupal PHP
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-5958 HIGH PATCH This Week

Use-after-free vulnerability in Google Chrome's Media component that allows remote attackers to corrupt heap memory and achieve arbitrary code execution through a crafted HTML page. All Chrome versions prior to 137.0.7151.103 are affected. The vulnerability requires user interaction (clicking/viewing the malicious page) but can lead to complete system compromise with high impact on confidentiality, integrity, and availability.

Use After Free Memory Corruption Google RCE Chrome +1
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-5959 HIGH PATCH This Week

Type confusion vulnerability in Google Chrome's V8 JavaScript engine that enables remote code execution within the Chrome sandbox prior to version 137.0.7151.103. An attacker can exploit this via a crafted HTML page by tricking a user into visiting a malicious website, achieving arbitrary code execution with high severity impact (CVSS 8.8). The vulnerability's network-based attack vector, low complexity, and requirement only for user interaction make it a practical exploitation target.

RCE Memory Corruption Google Chrome Suse
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-32465 HIGH This Week

RSTickets! component for Joomla versions 1.9.12 through 3.3.0 contains a stored cross-site scripting (XSS) vulnerability that allows authenticated attackers to inject malicious scripts into the application, which are then executed in the browsers of other users who view the affected content. With a CVSS score of 8.5 and requiring low privilege level plus user interaction, this vulnerability poses a significant risk to Joomla installations using vulnerable RSTickets! versions, particularly in multi-user environments where attackers can escalate privileges or steal administrative credentials.

XSS Joomla PHP
NVD
CVSS 4.0
8.5
EPSS
0.1%
CVE-2025-32717 HIGH This Week

A buffer overflow vulnerability in Heap-based buffer overflow in Microsoft Office Word (CVSS 8.4) that allows an unauthorized attacker. High severity vulnerability requiring prompt remediation.

Microsoft Buffer Overflow Windows RCE 365 Apps
NVD
CVSS 3.1
8.4
EPSS
0.3%
CVE-2025-6001 HIGH PATCH This Week

Cross-Site Request Forgery (CSRF) vulnerability in VirtueMart's product image upload function that allows attackers to bypass CSRF token protection and perform unrestricted file uploads to the media manager. This high-severity vulnerability (CVSS 8.3) requires user interaction but poses significant risk to e-commerce platforms using affected VirtueMart versions, potentially enabling remote code execution through malicious file uploads. The vulnerability is network-accessible, requires no special privileges, and impacts confidentiality, integrity, and availability of affected systems.

CSRF File Upload
NVD
CVSS 3.1
8.3
EPSS
0.1%
CVE-2025-29756 HIGH PATCH This Week

CVE-2025-29756 is a security vulnerability (CVSS 8.3). High severity vulnerability requiring prompt remediation.

Information Disclosure
NVD
CVSS 4.0
8.3
EPSS
0.1%
CVE-2025-49091 HIGH PATCH This Week

Remote code execution vulnerability in KDE Konsole before version 25.04.2 that exploits improper fallback behavior in URL scheme handler processing. When a user clicks on ssh://, telnet://, or rlogin:// URLs, Konsole attempts to execute the corresponding binary; if unavailable, it dangerously falls back to /bin/bash with the URL as an argument, allowing arbitrary command execution. The vulnerability requires user interaction (clicking a malicious link) but affects all Konsole users, potentially at scale through phishing or drive-by attacks.

RCE Red Hat Suse
NVD
CVSS 3.1
8.2
EPSS
0.2%
CVE-2025-49146 HIGH PATCH This Week

The PostgreSQL JDBC driver (pgjdbc) versions 42.7.4 through 42.7.6 contain an authentication bypass vulnerability where channel binding validation is incorrectly disabled, allowing man-in-the-middle attackers to intercept connections that administrators configured to require channel binding protection. Affected users running pgjdbc with channel binding set to 'required' (a non-default but security-conscious configuration) are vulnerable to credential interception and session hijacking despite believing their connections are protected. The vulnerability is fixed in version 42.7.7.

PostgreSQL Authentication Bypass Java Postgresql Jdbc Driver Red Hat +1
NVD GitHub
CVSS 3.1
8.2
EPSS
0.0%
CVE-2025-4922 HIGH PATCH This Week

CVE-2025-4922 is a security vulnerability (CVSS 8.1). High severity vulnerability requiring prompt remediation.

Information Disclosure Nomad Suse
NVD GitHub
CVSS 3.1
8.1
EPSS
0.0%
CVE-2024-7457 HIGH This Week

Privilege escalation vulnerability in the ws.stash.app.mac.daemon.helper tool on macOS that allows unprivileged local users to invoke privileged operations via XPC by exploiting improper authorization validation. The helper incorrectly uses its own root context to validate authorization rather than the client's, enabling attackers to modify system-wide network proxy settings (SOCKS, HTTP, HTTPS) and perform man-in-the-middle attacks. With a CVSS score of 7.8 and low attack complexity, this vulnerability presents significant risk to macOS systems running affected versions of the Stash application.

Apple macOS Privilege Escalation
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-4275 HIGH PATCH This Week

Critical Secure Boot bypass vulnerability in UEFI firmware affecting systems with improper digital signature verification in the NVRAM variable validation process. Attackers with local access and low privileges can create malicious non-authenticated NVRAM variables to bypass signature verification mechanisms, enabling execution of arbitrary signed UEFI code and circumventing Secure Boot protections. This vulnerability requires local access and non-trivial complexity but impacts core boot security; real-world exploitation likelihood and active KEV status are critical factors pending vendor disclosure.

RCE Privilege Escalation Authentication Bypass
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-5687 HIGH This Week

Local privilege escalation vulnerability in Mozilla VPN for macOS that allows an authenticated local user to escalate privileges from normal user to root. This affects Mozilla VPN versions below 2.28.0 on macOS exclusively. An attacker with local access can exploit this without user interaction to gain complete system control, making it a critical risk for multi-user systems or compromised local accounts.

Mozilla Privilege Escalation Apple
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-9062 HIGH This Week

Local privilege escalation vulnerability in Archify's privileged helper tool (com.oct4pie.archifyhelper) that fails to validate client code signatures, entitlements, or signing flags over XPC. Any local process can invoke the helper to execute arbitrary file operations (deletion, permission changes) with root privileges. With a CVSS score of 7.8 and CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, this vulnerability requires local access and low privileges but enables complete system compromise; KEV status, EPSS score, patch availability, and POC status are not provided in available intelligence sources.

Apple Privilege Escalation macOS
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-4799 HIGH PATCH This Week

WP-DownloadManager plugin for WordPress versions up to 1.68.10 contains an arbitrary file deletion vulnerability (CVE-2025-4799) that allows authenticated administrators to delete any file on the server without directory restrictions. When paired with CVE-2025-4798, attackers can delete critical files like wp-config.php, leading to remote code execution. The vulnerability requires high-privilege administrative access, resulting in a CVSS 7.2 score with high confidentiality, integrity, and availability impact.

WordPress PHP RCE Wp Downloadmanager
NVD
CVSS 3.1
7.2
EPSS
2.9%
CVE-2025-25032 HIGH This Week

A remote code execution vulnerability (CVSS 7.5) that allows an authenticated user. High severity vulnerability requiring prompt remediation.

Denial Of Service IBM Cognos Analytics
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-22874 HIGH PATCH This Week

Certificate policy validation bypass in cryptographic verification routines where specifying ExtKeyUsageAny in VerifyOptions.KeyUsages inadvertently disables policy validation checks. This affects applications performing X.509 certificate chain verification, particularly those validating certificates containing policy constraint graphs (an uncommon but security-critical scenario). An attacker can present a malicious certificate chain that would normally be rejected due to policy violations, potentially enabling unauthorized certificate acceptance and compromising trust validation in PKI-dependent systems.

Golang Authentication Bypass Red Hat Suse
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-3302 HIGH This Week

The Xagio SEO plugin for WordPress contains a Stored Cross-Site Scripting (XSS) vulnerability in versions up to 7.1.0.16 that allows unauthenticated attackers to inject malicious scripts via the HTTP_REFERER parameter. When users access pages containing injected payloads, the scripts execute in their browsers, potentially enabling session hijacking, credential theft, or malware distribution. The vulnerability was only partially patched in version 7.1.0.0, indicating that complete mitigation requires upgrading to a version beyond 7.1.0.16.

WordPress XSS PHP
NVD
CVSS 3.1
7.2
EPSS
0.9%
CVE-2025-6002 HIGH PATCH This Week

A remote code execution vulnerability (CVSS 7.2). High severity vulnerability requiring prompt remediation.

RCE
NVD
CVSS 3.1
7.2
EPSS
0.6%
CVE-2025-49148 HIGH PATCH This Week

DLL hijacking vulnerability in ClipShare Server for Windows (versions prior to 3.8.5) that allows local, non-privileged users to achieve arbitrary code execution and potential privilege escalation by placing malicious DLLs in the application directory. The vulnerability exploits Windows' default DLL search order, where the application directory is searched before system paths, and poses a reliable privilege escalation risk when ClipShare is run by elevated users. This is a local attack requiring write access to the installation directory.

Microsoft RCE Privilege Escalation Windows
NVD GitHub
CVSS 3.1
7.3
EPSS
0.0%
CVE-2025-48447 HIGH PATCH This Week

A cross-site scripting vulnerability (CVSS 7.1). High severity vulnerability requiring prompt remediation.

XSS Drupal PHP Lightgallery
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-40915 HIGH PATCH This Week

Mojolicious::Plugin::CSRF version 1.03 generates CSRF tokens using weak entropy sources (process ID, current time, and a single rand() call hashed with MD5), allowing attackers to predict or brute-force valid CSRF tokens and bypass CSRF protections. This affects Perl web applications using this specific plugin version. The vulnerability is not currently listed in CISA KEV, but the weak randomness makes token prediction feasible without requiring user interaction or high attack complexity.

CSRF Information Disclosure Suse
NVD
CVSS 3.1
7.0
EPSS
0.1%
CVE-2025-26412 MEDIUM This Month

CVE-2025-26412 is a security vulnerability (CVSS 6.8) that allows an attacker. Remediation should follow standard vulnerability management procedures.

Information Disclosure
NVD
CVSS 3.1
6.8
EPSS
0.0%
CVE-2025-4673 MEDIUM PATCH This Month

Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information.

Information Disclosure Ubuntu Debian Red Hat Suse
NVD
CVSS 3.1
6.8
EPSS
0.0%
CVE-2025-32466 MEDIUM This Month

A SQL injection vulnerability in RSMediaGallery! component 1.7.4 - 2.1.7 for Joomla was discovered. The issue occurs within the dashboard component, where user-supplied input is not properly sanitized before being stored and rendered. An attacker can inject malicious JavaScript code into text fields or other input points, which is subsequently executed in the browser of any user who clicks on the crafted text in the dashboard.

SQLi Joomla
NVD
CVSS 4.0
6.7
EPSS
0.1%
CVE-2025-3473 MEDIUM This Month

CVE-2025-3473 is a security vulnerability (CVSS 6.7) that allows a local privileged user. Remediation should follow standard vulnerability management procedures.

Privilege Escalation IBM Guardium Data Protection
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-4605 MEDIUM PATCH This Month

A maliciously crafted .usdc file, when loaded through Autodesk Maya, can force an uncontrolled memory allocation vulnerability. A malicious actor may leverage this vulnerability to cause a denial-of-service (DoS), or cause data corruption.

Information Disclosure Universal Scene Description Maya
NVD GitHub
CVSS 3.1
6.6
EPSS
0.1%
CVE-2025-5986 MEDIUM PATCH This Month

A crafted HTML email using mailbox:/// links can trigger automatic, unsolicited downloads of .pdf files to the user's desktop or home directory without prompting, even if auto-saving is disabled. This behavior can be abused to fill the disk with garbage data (e.g. using /dev/urandom on Linux) or to leak Windows credentials via SMB links when the email is viewed in HTML mode. While user interaction is required to download the .pdf file, visual obfuscation can conceal the download trigger. Viewing the email in HTML mode is enough to load external content. This vulnerability affects Thunderbird < 128.11.1 and Thunderbird < 139.0.2.

Microsoft Mozilla Information Disclosure
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-48448 MEDIUM PATCH This Month

Allocation of Resources Without Limits or Throttling vulnerability in Drupal Admin Audit Trail allows Excessive Allocation.This issue affects Admin Audit Trail: from 0.0.0 before 1.0.5.

Denial Of Service Admin Audit Trail Drupal
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-4666 MEDIUM This Month

The Zotpress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘nickname’ parameter in all versions up to, and including, 7.3.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2025-5144 MEDIUM PATCH This Month

The The Events Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘data-date-*’ parameters in all versions up to, and including, 6.13.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

WordPress XSS The Events Calendar PHP
NVD GitHub
CVSS 3.1
6.4
EPSS
0.1%
CVE-2025-26383 MEDIUM This Month

A security vulnerability in The (CVSS 6.3). Remediation should follow standard vulnerability management procedures.

Microsoft Information Disclosure Windows
NVD
CVSS 4.0
6.3
EPSS
0.0%
CVE-2024-35295 MEDIUM This Month

A vulnerability has been identified in Perfect Harmony GH180 (All versions >= V8.0 < V8.3.3 with NXGPro+ controller manufactured between April 2020 to April 2025). The maintenance connection of affected devices fails to protect access to the device's control unit configuration. This could allow an attacker with physical access to the maintenance connection's door port to perform arbitrary configuration changes.

Authentication Bypass
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-49150 MEDIUM PATCH This Month

Cursor is a code editor built for programming with AI. Prior to 0.51.0, by default, the setting json.schemaDownload.enable was set to True. This means that by writing a JSON file, an attacker can trigger an arbitrary HTTP GET request that does not require user confirmation. Since the Cursor Agent can edit JSON files, this means a malicious agent, for example, after a prompt injection attack already succeeded, could trigger a GET request to an attacker controlled URL, potentially exfiltrating other data the agent may have access to. This vulnerability is fixed in 0.51.0.

Information Disclosure
NVD GitHub
CVSS 3.1
5.9
EPSS
0.1%
CVE-2025-1055 MEDIUM PATCH This Month

A vulnerability in the K7RKScan.sys driver, part of the K7 Security Anti-Malware suite, allows a local low-privilege user to send crafted IOCTL requests to terminate a wide range of processes running with administrative or system-level privileges, with the exception of those inherently protected by the operating system. This flaw stems from missing access control in the driver's IOCTL handler, enabling unprivileged users to perform privileged actions in kernel space. Successful exploitation can lead to denial of service by disrupting critical services or privileged applications.

Denial Of Service Authentication Bypass
NVD
CVSS 3.1
5.6
EPSS
0.0%
CVE-2025-0917 MEDIUM This Month

IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

XSS IBM Cognos Analytics
NVD
CVSS 3.1
5.5
EPSS
0.0%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy