Skip to main content
CVE-2026-0829 MEDIUM POC This Month

Frontend File Manager Plugin WordPre versions up to 23.5 is affected by missing authorization (CVSS 5.8).

WordPress
NVD WPScan
CVSS 3.1
5.8
EPSS
2.4%
CVE-2025-70829 MEDIUM POC This Month

An information exposure vulnerability in Datart v1.0.0-rc.3 allows authenticated attackers to access sensitive data via a custom H2 JDBC connection string. [CVSS 5.7 MEDIUM]

Information Disclosure Datart
NVD GitHub
CVSS 3.1
5.7
EPSS
0.0%
CVE-2025-27900 MEDIUM PATCH This Month

Db2 Recovery Expert versions up to 5.5.0 is affected by url redirection to untrusted site (open redirect) (CVSS 6.8).

IBM Open Redirect Db2 Recovery Expert
NVD
CVSS 3.1
6.8
EPSS
0.0%
CVE-2026-22284 MEDIUM PATCH This Month

Unauthenticated command injection in Dell SmartFabric OS10 versions before 10.5.6.12 allows high-privileged remote attackers to execute arbitrary commands on affected network devices. The vulnerability stems from improper sanitization of user-supplied input in command processing, requiring attacker knowledge of administrative credentials to trigger. A patch is available and administrators should prioritize updating affected systems given the severity of potential command execution impact.

Command Injection Smartfabric Os10
NVD
CVSS 3.1
6.6
EPSS
0.1%
CVE-2026-23596 MEDIUM PATCH This Month

Unauthenticated attackers can trigger service restarts through the management API in Aruba Networking Private 5G Core, causing denial of service and disrupting system availability. This network-adjacent vulnerability requires no authentication or user interaction and has a publicly available patch to remediate the issue.

Denial Of Service Aruba Networking Private 5g Core
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-22762 MEDIUM This Month

Arbitrary file deletion in Dell Avamar Server and Virtual Edition versions before 19.10 SP1 with CHF338912 stems from improper path traversal validation in the security module. High-privileged remote attackers can exploit this vulnerability to delete files on affected systems, though no patch is currently available.

Path Traversal
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-36598 MEDIUM This Month

Dell Avamar, versions prior to 19.12 with patch 338905, contains an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in the Security. [CVSS 6.5 MEDIUM]

Path Traversal
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-14689 MEDIUM This Month

Db2 contains a vulnerability that allows attackers to an authenticated user to cause a denial of service due to improper neutralizatio (CVSS 6.5).

IBM Linux Windows Denial Of Service Db2
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-31118 MEDIUM This Month

Missing Authorization vulnerability in Smartypants SP Project & Document Manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SP Project & Document Manager: from n/a through 4.70. [CVSS 6.5 MEDIUM]

Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-33130 MEDIUM This Month

IBM DB2 Merge Backup for Linux, UNIX and Windows 12.1.0.0 could allow an authenticated user to cause the program to crash due to a buffer being overwritten when it is allocated on the stack. [CVSS 6.5 MEDIUM]

IBM Linux Windows Denial Of Service Db2 Merge Backup
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-33124 MEDIUM This Month

Db2 Merge Backup versions up to 12.1.0.0 is affected by incorrect calculation of buffer size (CVSS 6.5).

IBM Linux Windows Denial Of Service Db2 Merge Backup
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-33089 MEDIUM This Month

IBM Concert 1.0.0 through 2.1.0 could allow a remote attacker to obtain sensitive information or perform unauthorized actions due to the use of hard coded user credentials. [CVSS 6.5 MEDIUM]

IBM Concert
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-27901 MEDIUM This Month

Db2 Recovery Expert versions up to 5.5.0 contains a vulnerability that allows attackers to conduct various attacks against the vulnerable system, including cross-site scri (CVSS 6.5).

IBM Linux Windows XSS Db2 Recovery Expert
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-23598 MEDIUM PATCH This Month

HPE Aruba Networking 5G Core API error handling exposes sensitive information including user accounts, roles, and system configuration to unauthenticated remote attackers. Successful exploitation enables attackers to gather intelligence on internal services and workflows, creating a foundation for further attacks targeting unauthorized access and privilege escalation. A patch is available.

Information Disclosure Authentication Bypass Aruba Networking Private 5g Core
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-23597 MEDIUM PATCH This Month

HPE Aruba Networking 5G Core API error handling leaks sensitive information including user accounts, roles, and system configuration to unauthenticated remote attackers. Exposed internal service details can be leveraged to identify attack vectors for privilege escalation and unauthorized access. A patch is available.

Information Disclosure Authentication Bypass Aruba Networking Private 5g Core
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2022-41650 MEDIUM This Month

Missing Authorization vulnerability in Paul Custom Content by Country (by Shield Security) custom-content-by-country.This issue affects Custom Content by Country (by Shield Security): from n/a through 3.1.2. [CVSS 6.5 MEDIUM]

Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-13867 MEDIUM This Month

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.3 could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in data query logic

IBM Linux Windows Denial Of Service Db2
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-8303 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in EKA Software Computer Information Advertising Services Ltd. [CVSS 6.5 MEDIUM]

XSS
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-27904 MEDIUM PATCH This Month

Db2 Recovery Expert versions up to 5.5.0 is affected by cross-site request forgery (csrf) (CVSS 6.5).

IBM Linux Windows CSRF Db2 Recovery Expert
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-36018 MEDIUM This Month

IBM Concert 1.0.0 through 2.1.0 for Z hub component is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. [CVSS 6.5 MEDIUM]

IBM CSRF Concert
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-36377 MEDIUM This Month

IBM Security QRadar EDR 3.12 through 3.12.23 does not invalidate session after a session expiration which could allow an authenticated user to impersonate another user on the system. [CVSS 6.3 MEDIUM]

IBM Qradar Edr
NVD
CVSS 3.1
6.3
EPSS
0.0%
CVE-2025-36376 MEDIUM This Month

Security Qradar Edr versions up to 3.12.23 is affected by insufficient session expiration (CVSS 6.3).

IBM Security Qradar Edr
NVD
CVSS 3.1
6.3
EPSS
0.0%
CVE-2025-27898 MEDIUM PATCH This Month

IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 does not invalidate session after a timeout which could allow an authenticated user to impersonate another user on the system. [CVSS 6.3 MEDIUM]

IBM Db2 Recovery Expert
NVD
CVSS 3.1
6.3
EPSS
0.0%
CVE-2025-33135 MEDIUM This Month

IBM Financial Transaction Manager for ACH Services and Check Services for Multi-Platform 3.0.0.0 versions up to 3.0.5.4 is affected by cross-site scripting (xss) (CVSS 6.1).

IBM XSS
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-36019 MEDIUM This Month

IBM Concert 1.0.0 through 2.1.0 for Z hub framework is vulnerable to cross-site scripting. [CVSS 6.1 MEDIUM]

IBM XSS Concert
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-7706 MEDIUM This Month

from 3.0.0 to 3.3.1 versions up to 3.5.0. is affected by missing authentication for critical function (CVSS 6.1).

Authentication Bypass
NVD VulDB
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-33101 MEDIUM This Month

Concert versions up to 2.1.0 contains a vulnerability that allows attackers to obtain sensitive information using man in the middle techniques due to improper (CVSS 5.9).

IBM Concert
NVD
CVSS 3.1
5.9
EPSS
0.0%
CVE-2025-36379 MEDIUM This Month

IBM Security QRadar EDR 3.12 through 3.12.23 IBM Security ReaQta uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. [CVSS 5.9 MEDIUM]

Qradar Edr
NVD
CVSS 3.1
5.9
EPSS
0.0%
CVE-2024-43178 MEDIUM This Month

Concert versions up to 2.1.0 is affected by use of a broken or risky cryptographic algorithm (CVSS 5.9).

IBM Concert
NVD
CVSS 3.1
5.9
EPSS
0.0%
CVE-2025-27903 MEDIUM This Month

Db2 Recovery Expert versions up to 5.5.0 is affected by cleartext transmission of sensitive information (CVSS 5.9).

IBM Linux Windows Db2 Recovery Expert
NVD
CVSS 3.1
5.9
EPSS
0.0%
CVE-2026-2629 MEDIUM This Month

A weakness has been identified in jishi node-sonos-http-ap versions up to 3776 is affected by command injection (CVSS 7.3).

Command Injection
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.4%
CVE-2026-2621 MEDIUM This Month

SQL injection in Sciyon Koyuan Thermoelectricity Heat Network Management System 3.0 via the PGUID parameter in AsyncTreeProxy.aspx allows unauthenticated remote attackers to read, modify, and delete database contents. Public exploit code exists for this vulnerability and no patch is currently available from the vendor.

SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-2620 MEDIUM This Month

SQL injection in Huace Monitoring and Early Warning System 2.2 via the ID parameter in /Web/SysManage/ProjectRole.aspx allows unauthenticated remote attackers to manipulate database queries. Public exploit code exists for this vulnerability, and the vendor has not provided a patch or response. An attacker can exploit this to read, modify, or delete sensitive data from the affected system.

SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-13108 MEDIUM This Month

Db2 Merge Backup versions up to 12.1.0.0 contains a vulnerability that allows attackers to access sensitive information in memory due to the buffer not properly clearing r (CVSS 5.5).

IBM Linux Windows Db2 Merge Backup
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-14289 MEDIUM This Month

IBM webMethods Integration Server 12.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. [CVSS 5.4 MEDIUM]

IBM Webmethods Integration Server
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-26357 MEDIUM This Month

Stored cross-site scripting in Dell Unisphere for PowerMax 9.2.4.x allows authenticated remote attackers to inject malicious scripts that execute in users' browsers, potentially enabling session hijacking or credential theft. The vulnerability requires user interaction and carries a medium severity rating with no patch currently available.

XSS Information Disclosure
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-23861 MEDIUM This Month

Cross-site scripting in Dell Unisphere for PowerMax vApp 9.2.4.x enables authenticated remote attackers to inject malicious scripts that execute in victim browsers, potentially compromising session tokens or stealing sensitive information. The vulnerability requires user interaction and low-level privileges, but no patch is currently available to address it.

XSS Information Disclosure
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-36243 MEDIUM This Month

IBM Concert 1.0.0 through 2.1.0 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. [CVSS 5.4 MEDIUM]

IBM SSRF Concert
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-1657 MEDIUM This Month

Unauthenticated attackers can upload arbitrary image files to WordPress sites running EventPrime plugin versions up to 4.2.8.4 through an unprotected AJAX endpoint that lacks proper authentication checks. This vulnerability allows unauthorized file uploads to the media library, potentially enabling further attacks such as stored XSS or malicious file distribution. No patch is currently available.

WordPress
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2023-38265 MEDIUM This Month

IBM Cloud Pak System 2.3.3.6, 2.3.3.7, 2.3.4.0, 2.3.4.1, and 2.3.5.0 could disclose folder location information to an unauthenticated attacker that could aid in further attacks against the system. [CVSS 5.3 MEDIUM]

IBM Cloud Pak System
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-27899 MEDIUM PATCH This Month

IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 discloses sensitive information in an environment variable that could aid in further attacks against the system. [CVSS 5.3 MEDIUM]

IBM Db2 Recovery Expert
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-36425 MEDIUM This Month

Db2 versions up to 12.1.3 contains a vulnerability that allows attackers to an authenticated user to obtain sensitive information under specific HADR config (CVSS 5.3).

IBM Linux Windows Db2
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-36348 MEDIUM This Month

Sterling B2B Integrator versions up to 6.1.2.7 is affected by error message information leak (CVSS 4.9).

IBM Sterling B2b Integrator Sterling File Gateway
NVD
CVSS 3.1
4.9
EPSS
0.0%
CVE-2025-36597 MEDIUM This Month

Dell Avamar, versions prior to 19.12 with patch 338905, contains an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in the Security. [CVSS 4.7 MEDIUM]

Path Traversal Information Disclosure
NVD
CVSS 3.1
4.7
EPSS
0.0%
CVE-2025-13333 MEDIUM This Month

IBM WebSphere Application Server 9.0, and 8.5 could provide weaker than expected security during system administration of security settings. [CVSS 4.4 MEDIUM]

IBM Websphere Application Server
NVD
CVSS 3.1
4.4
EPSS
0.0%
CVE-2026-2002 MEDIUM This Month

Stored XSS in Forminator Forms plugin for WordPress (versions up to 1.50.2) allows authenticated administrators and delegated form managers to inject malicious scripts through the form_name parameter due to inadequate input sanitization. When users access pages containing injected forms, the scripts execute in their browsers, potentially compromising site security and user data. No patch is currently available.

WordPress XSS
NVD
CVSS 3.1
4.4
EPSS
0.0%
CVE-2023-38005 MEDIUM This Month

IBM Cloud Pak System 2.3.3.6, 2.3.3.7, 2.3.4.0, 2.3.4.1, and 2.3.5.0 could allow an authenticated user to perform unauthorized tasks due to improper access controls. [CVSS 4.3 MEDIUM]

IBM Cloud Pak System
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-2608 MEDIUM This Month

Page Builder Toolkit for Gutenberg Editor versions up to 3.5.32. is affected by missing authorization (CVSS 4.3).

WordPress
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-12755 MEDIUM This Month

IBM MQ Operator (SC2 v3.2.0-3.8.1, LTS v2.0.0-2.0.29) and IBM‑supplied MQ Advanced container images (across affected SC2, CD, and LTS 9.3.x-9.4.x releases) contain a vulnerability where log messages are not properly neutralized before being written to log files. [CVSS 4.0 MEDIUM]

IBM
NVD
CVSS 3.1
4.0
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy