Skip to main content
CVE-2025-33089 MEDIUM This Month

IBM Concert 1.0.0 through 2.1.0 could allow a remote attacker to obtain sensitive information or perform unauthorized actions due to the use of hard coded user credentials. [CVSS 6.5 MEDIUM]

IBM Concert
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-27901 MEDIUM This Month

Db2 Recovery Expert versions up to 5.5.0 contains a vulnerability that allows attackers to conduct various attacks against the vulnerable system, including cross-site scri (CVSS 6.5).

IBM Linux Windows XSS Db2 Recovery Expert
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-23598 MEDIUM PATCH This Month

HPE Aruba Networking 5G Core API error handling exposes sensitive information including user accounts, roles, and system configuration to unauthenticated remote attackers. Successful exploitation enables attackers to gather intelligence on internal services and workflows, creating a foundation for further attacks targeting unauthorized access and privilege escalation. A patch is available.

Information Disclosure Authentication Bypass Aruba Networking Private 5g Core
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-23597 MEDIUM PATCH This Month

HPE Aruba Networking 5G Core API error handling leaks sensitive information including user accounts, roles, and system configuration to unauthenticated remote attackers. Exposed internal service details can be leveraged to identify attack vectors for privilege escalation and unauthorized access. A patch is available.

Information Disclosure Authentication Bypass Aruba Networking Private 5g Core
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2022-41650 MEDIUM This Month

Missing Authorization vulnerability in Paul Custom Content by Country (by Shield Security) custom-content-by-country.This issue affects Custom Content by Country (by Shield Security): from n/a through 3.1.2. [CVSS 6.5 MEDIUM]

Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-13867 MEDIUM This Month

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.3 could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in data query logic

IBM Linux Windows Denial Of Service Db2
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-8303 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in EKA Software Computer Information Advertising Services Ltd. [CVSS 6.5 MEDIUM]

XSS
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-27904 MEDIUM PATCH This Month

Db2 Recovery Expert versions up to 5.5.0 is affected by cross-site request forgery (csrf) (CVSS 6.5).

IBM Linux Windows CSRF Db2 Recovery Expert
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-36018 MEDIUM This Month

IBM Concert 1.0.0 through 2.1.0 for Z hub component is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. [CVSS 6.5 MEDIUM]

IBM CSRF Concert
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-36377 MEDIUM This Month

IBM Security QRadar EDR 3.12 through 3.12.23 does not invalidate session after a session expiration which could allow an authenticated user to impersonate another user on the system. [CVSS 6.3 MEDIUM]

IBM Qradar Edr
NVD
CVSS 3.1
6.3
EPSS
0.0%
CVE-2025-36376 MEDIUM This Month

Security Qradar Edr versions up to 3.12.23 is affected by insufficient session expiration (CVSS 6.3).

IBM Security Qradar Edr
NVD
CVSS 3.1
6.3
EPSS
0.0%
CVE-2025-27898 MEDIUM PATCH This Month

IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 does not invalidate session after a timeout which could allow an authenticated user to impersonate another user on the system. [CVSS 6.3 MEDIUM]

IBM Db2 Recovery Expert
NVD
CVSS 3.1
6.3
EPSS
0.0%
CVE-2026-2623 LOW POC Monitor

Path traversal in Blossom up to version 1.17.1 file upload functionality allows authenticated remote attackers to access arbitrary files on affected systems. Public exploit code exists for this vulnerability, and no patch is currently available from the vendor despite early notification.

Java Path Traversal File Upload
NVD VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-33135 MEDIUM This Month

IBM Financial Transaction Manager for ACH Services and Check Services for Multi-Platform 3.0.0.0 versions up to 3.0.5.4 is affected by cross-site scripting (xss) (CVSS 6.1).

IBM XSS
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-36019 MEDIUM This Month

IBM Concert 1.0.0 through 2.1.0 for Z hub framework is vulnerable to cross-site scripting. [CVSS 6.1 MEDIUM]

IBM XSS Concert
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2026-2617 LOW POC Monitor

The Beetel 777VR1 router's SSH/Telnet service contains insecure default initialization that allows local network attackers to achieve partial compromise of confidentiality, integrity, and availability. Public exploit code exists for this vulnerability, and the vendor has not released patches despite early notification. Affected devices running firmware version 01.00.09 and earlier require isolation from untrusted local networks until a security update becomes available.

Information Disclosure 777vr1 Firmware
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-7706 MEDIUM This Month

from 3.0.0 to 3.3.1 versions up to 3.5.0. is affected by missing authentication for critical function (CVSS 6.1).

Authentication Bypass
NVD VulDB
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-2622 LOW POC Monitor

A vulnerability was detected in Blossom up to 1.17.1. This vulnerability affects the function content of the file blossom-backend/backend/src/main/java/com/blossom/backend/server/article/draft/ArticleController.java of the component Article Title Handler. [CVSS 3.5 LOW]

Java XSS
NVD VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2025-33101 MEDIUM This Month

Concert versions up to 2.1.0 contains a vulnerability that allows attackers to obtain sensitive information using man in the middle techniques due to improper (CVSS 5.9).

IBM Concert
NVD
CVSS 3.1
5.9
EPSS
0.0%
CVE-2025-36379 MEDIUM This Month

IBM Security QRadar EDR 3.12 through 3.12.23 IBM Security ReaQta uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. [CVSS 5.9 MEDIUM]

Qradar Edr
NVD
CVSS 3.1
5.9
EPSS
0.0%
CVE-2024-43178 MEDIUM This Month

Concert versions up to 2.1.0 is affected by use of a broken or risky cryptographic algorithm (CVSS 5.9).

IBM Concert
NVD
CVSS 3.1
5.9
EPSS
0.0%
CVE-2025-27903 MEDIUM This Month

Db2 Recovery Expert versions up to 5.5.0 is affected by cleartext transmission of sensitive information (CVSS 5.9).

IBM Linux Windows Db2 Recovery Expert
NVD
CVSS 3.1
5.9
EPSS
0.0%
CVE-2026-2629 MEDIUM This Month

A weakness has been identified in jishi node-sonos-http-ap versions up to 3776 is affected by command injection (CVSS 7.3).

Command Injection
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.4%
CVE-2026-2621 MEDIUM This Month

SQL injection in Sciyon Koyuan Thermoelectricity Heat Network Management System 3.0 via the PGUID parameter in AsyncTreeProxy.aspx allows unauthenticated remote attackers to read, modify, and delete database contents. Public exploit code exists for this vulnerability and no patch is currently available from the vendor.

SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-2620 MEDIUM This Month

SQL injection in Huace Monitoring and Early Warning System 2.2 via the ID parameter in /Web/SysManage/ProjectRole.aspx allows unauthenticated remote attackers to manipulate database queries. Public exploit code exists for this vulnerability, and the vendor has not provided a patch or response. An attacker can exploit this to read, modify, or delete sensitive data from the affected system.

SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-13108 MEDIUM This Month

Db2 Merge Backup versions up to 12.1.0.0 contains a vulnerability that allows attackers to access sensitive information in memory due to the buffer not properly clearing r (CVSS 5.5).

IBM Linux Windows Db2 Merge Backup
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-14289 MEDIUM This Month

IBM webMethods Integration Server 12.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. [CVSS 5.4 MEDIUM]

IBM Webmethods Integration Server
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-26357 MEDIUM This Month

Stored cross-site scripting in Dell Unisphere for PowerMax 9.2.4.x allows authenticated remote attackers to inject malicious scripts that execute in users' browsers, potentially enabling session hijacking or credential theft. The vulnerability requires user interaction and carries a medium severity rating with no patch currently available.

XSS Information Disclosure
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-23861 MEDIUM This Month

Cross-site scripting in Dell Unisphere for PowerMax vApp 9.2.4.x enables authenticated remote attackers to inject malicious scripts that execute in victim browsers, potentially compromising session tokens or stealing sensitive information. The vulnerability requires user interaction and low-level privileges, but no patch is currently available to address it.

XSS Information Disclosure
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-36243 MEDIUM This Month

IBM Concert 1.0.0 through 2.1.0 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. [CVSS 5.4 MEDIUM]

IBM SSRF Concert
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-1657 MEDIUM This Month

Unauthenticated attackers can upload arbitrary image files to WordPress sites running EventPrime plugin versions up to 4.2.8.4 through an unprotected AJAX endpoint that lacks proper authentication checks. This vulnerability allows unauthorized file uploads to the media library, potentially enabling further attacks such as stored XSS or malicious file distribution. No patch is currently available.

WordPress
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2023-38265 MEDIUM This Month

IBM Cloud Pak System 2.3.3.6, 2.3.3.7, 2.3.4.0, 2.3.4.1, and 2.3.5.0 could disclose folder location information to an unauthenticated attacker that could aid in further attacks against the system. [CVSS 5.3 MEDIUM]

IBM Cloud Pak System
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-27899 MEDIUM PATCH This Month

IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 discloses sensitive information in an environment variable that could aid in further attacks against the system. [CVSS 5.3 MEDIUM]

IBM Db2 Recovery Expert
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-36425 MEDIUM This Month

Db2 versions up to 12.1.3 contains a vulnerability that allows attackers to an authenticated user to obtain sensitive information under specific HADR config (CVSS 5.3).

IBM Linux Windows Db2
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-36348 MEDIUM This Month

Sterling B2B Integrator versions up to 6.1.2.7 is affected by error message information leak (CVSS 4.9).

IBM Sterling B2b Integrator Sterling File Gateway
NVD
CVSS 3.1
4.9
EPSS
0.0%
CVE-2025-36597 MEDIUM This Month

Dell Avamar, versions prior to 19.12 with patch 338905, contains an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in the Security. [CVSS 4.7 MEDIUM]

Path Traversal Information Disclosure
NVD
CVSS 3.1
4.7
EPSS
0.0%
CVE-2025-13333 MEDIUM This Month

IBM WebSphere Application Server 9.0, and 8.5 could provide weaker than expected security during system administration of security settings. [CVSS 4.4 MEDIUM]

IBM Websphere Application Server
NVD
CVSS 3.1
4.4
EPSS
0.0%
CVE-2026-2002 MEDIUM This Month

Stored XSS in Forminator Forms plugin for WordPress (versions up to 1.50.2) allows authenticated administrators and delegated form managers to inject malicious scripts through the form_name parameter due to inadequate input sanitization. When users access pages containing injected forms, the scripts execute in their browsers, potentially compromising site security and user data. No patch is currently available.

WordPress XSS
NVD
CVSS 3.1
4.4
EPSS
0.0%
CVE-2023-38005 MEDIUM This Month

IBM Cloud Pak System 2.3.3.6, 2.3.3.7, 2.3.4.0, 2.3.4.1, and 2.3.5.0 could allow an authenticated user to perform unauthorized tasks due to improper access controls. [CVSS 4.3 MEDIUM]

IBM Cloud Pak System
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-2608 MEDIUM This Month

Page Builder Toolkit for Gutenberg Editor versions up to 3.5.32. is affected by missing authorization (CVSS 4.3).

WordPress
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-12755 MEDIUM This Month

IBM MQ Operator (SC2 v3.2.0-3.8.1, LTS v2.0.0-2.0.29) and IBM‑supplied MQ Advanced container images (across affected SC2, CD, and LTS 9.3.x-9.4.x releases) contain a vulnerability where log messages are not properly neutralized before being written to log files. [CVSS 4.0 MEDIUM]

IBM
NVD
CVSS 3.1
4.0
EPSS
0.0%
CVE-2025-36183 LOW Monitor

Watsonx.Data versions up to 2.2.1 is affected by unrestricted upload of file with dangerous type (CVSS 3.8).

IBM
NVD
CVSS 3.1
3.8
EPSS
0.0%
CVE-2026-24733 LOW PATCH Monitor

Improper Input Validation vulnerability in Apache Tomcat. Tomcat did not limit HTTP/0.9 requests to the GET method. [CVSS 3.7 LOW]

Apache Tomcat
NVD HeroDevs VulDB
CVSS 3.1
3.7
EPSS
0.2%
CVE-2026-0102 LOW PATCH Monitor

Edge Chromium contains a vulnerability that allows attackers to disclosure of stored autofill data such as addresses, email, or phone number met (CVSS 3.1).

Information Disclosure Edge Chromium
NVD
CVSS 3.1
3.1
EPSS
0.0%
CVE-2026-2247 This Week

SQL injection vulnerability (SQLi) in Clicldeu SaaS, specifically in the generation of reports, which occurs when a previously authenticated remote attacker executes a malicious payload in the URL generated after downloading the student's report card in the ‘Day-to-day’ section from the mobile application.

SQLi
NVD
EPSS
0.1%
CVE-2025-62183 This Week

Pega Platform versions 8.1.0 through 25.1.1 are affected by a Stored Cross-site Scripting vulnerability in a user interface component. Requires an administrative user and given extensive access rights, impact to Confidentiality and Integrity are low.

XSS
NVD
EPSS
0.1%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy