Latest CVE Feed
-
5.4
MEDIUMCVE-2025-2987
IBM Maximo Asset Management 7.6.1.3 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.... Read more
Affected Products : maximo_asset_management- Published: Apr. 22, 2025
- Modified: Aug. 13, 2025
- Vuln Type: Server-Side Request Forgery
-
5.5
MEDIUMCVE-2025-2986
IBM Maximo Asset Management 7.6.1.3 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disc... Read more
Affected Products : maximo_asset_management- Published: Apr. 25, 2025
- Modified: Aug. 13, 2025
- Vuln Type: Cross-Site Scripting
-
8.8
HIGHCVE-2025-1095
IBM Personal Communications v14 and v15 include a Windows service that is vulnerable to local privilege escalation (LPE). The vulnerability allows any interactively logged in users on the target computer to run commands with full privileges in the context... Read more
- Published: Apr. 08, 2025
- Modified: Aug. 13, 2025
- Vuln Type: Authorization
-
5.4
MEDIUMCVE-2024-56341
IBM Content Navigator 3.0.11, 3.0.15, and 3.1.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credent... Read more
- Published: Apr. 02, 2025
- Modified: Aug. 13, 2025
- Vuln Type: Cross-Site Scripting
-
4.9
MEDIUMCVE-2024-49338
IBM App Connect Enterprise 12.0.1.0 through 12.0.7.0and 13.0.1.0 under certain configurations could allow a privileged user to obtain JMS credentials.... Read more
- Published: Jan. 18, 2025
- Modified: Aug. 13, 2025
- Vuln Type: Information Disclosure
-
7.8
HIGHCVE-2024-9167
Under specific circumstances, insecure permissions in Ivanti Velocity License Server before version 5.2 allows a local authenticated attacker to achieve local privilege escalation.... Read more
Affected Products : velocity_license_server- Published: Oct. 08, 2024
- Modified: Aug. 13, 2025
-
9.6
CRITICALCVE-2024-4405
Xiaomi Pro 13 mimarket manual-upgrade Cross-Site Scripting Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Xiaomi Pro 13 smartphones. User interaction is required to ex... Read more
- Published: May. 02, 2024
- Modified: Aug. 13, 2025
-
9.6
CRITICALCVE-2024-4406
Xiaomi Pro 13 GetApps integral-dialog-page Cross-Site Scripting Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Xiaomi Pro 13 smartphones. User interaction is required ... Read more
- Published: May. 02, 2024
- Modified: Aug. 13, 2025
-
7.5
HIGHCVE-2023-27334
Softing edgeConnector Siemens ConditionRefresh Resource Exhaustion Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Softing edgeConnector Siemens. Authenticati... Read more
Affected Products : secure_integration_server edgeconnector edgeaggregator opc_ua_c\+\+_software_development_kit- Published: May. 03, 2024
- Modified: Aug. 13, 2025
-
9.6
CRITICALCVE-2023-27335
Softing edgeAggregator Client Cross-Site Scripting Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Softing edgeAggregator. User interaction is required to exploit this ... Read more
- Published: May. 03, 2024
- Modified: Aug. 13, 2025
-
7.5
HIGHCVE-2023-27336
Softing edgeConnector Siemens OPC UA Server Null Pointer Dereference Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Softing edgeConnector Siemens. Authentica... Read more
- Published: May. 03, 2024
- Modified: Aug. 13, 2025
-
7.8
HIGHCVE-2023-27347
G DATA Total Security Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of G Data Total Security. An attacker must first obtain the ability to execute low-pr... Read more
Affected Products : total_security- Published: May. 03, 2024
- Modified: Aug. 13, 2025
-
7.8
HIGHCVE-2023-27362
3CX Uncontrolled Search Path Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of 3CX. An attacker must first obtain the ability to execute low-privileged code on the targe... Read more
Affected Products : 3cx- Published: May. 03, 2024
- Modified: Aug. 13, 2025
-
4.3
MEDIUMCVE-2024-20497
A vulnerability in Cisco Expressway Edge (Expressway-E) could allow an authenticated, remote attacker to masquerade as another user on an affected system. This vulnerability is due to inadequate authorization checks for Mobile and Remote Access (MRA) u... Read more
- Published: Sep. 04, 2024
- Modified: Aug. 12, 2025
-
7.4
HIGHCVE-2025-3155
A flaw was found in Yelp. The Gnome user help application allows the help document to execute arbitrary scripts. This vulnerability allows malicious users to input help documents, which may exfiltrate user files to an external environment.... Read more
- Published: Apr. 03, 2025
- Modified: Aug. 12, 2025
- Vuln Type: Cross-Site Scripting
-
7.5
HIGHCVE-2024-12088
A flaw was found in rsync. When using the `--safe-links` option, the rsync client fails to properly verify if a symbolic link destination sent from the server contains another symbolic link within it. This results in a path traversal vulnerability, which ... Read more
Affected Products : enterprise_linux enterprise_linux_server_aus openshift_container_platform enterprise_linux_eus enterprise_linux_for_ibm_z_systems_eus enterprise_linux_for_power_little_endian enterprise_linux_for_power_little_endian_eus enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions rsync enterprise_linux_for_ibm_z_systems +10 more products- Published: Jan. 14, 2025
- Modified: Aug. 12, 2025
- Vuln Type: Path Traversal
-
7.5
HIGHCVE-2024-12087
A path traversal vulnerability exists in rsync. It stems from behavior enabled by the `--inc-recursive` option, a default-enabled option for many client options and can be enabled by the server even if not explicitly enabled by the client. When using the ... Read more
Affected Products : enterprise_linux enterprise_linux_server_aus enterprise_linux_eus enterprise_linux_for_ibm_z_systems_eus enterprise_linux_for_power_little_endian enterprise_linux_for_power_little_endian_eus enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions rsync suse_linux enterprise_linux_for_ibm_z_systems +8 more products- Published: Jan. 14, 2025
- Modified: Aug. 12, 2025
- Vuln Type: Path Traversal
-
7.5
HIGHCVE-2024-12085
A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length (s2length) to cause a comparison between a checksum and uninitialized memory and leak one byte of uniniti... Read more
Affected Products : enterprise_linux enterprise_linux_server enterprise_linux_server_aus enterprise_linux_server_tus openshift_container_platform enterprise_linux_eus openshift enterprise_linux_for_ibm_z_systems_eus enterprise_linux_for_power_little_endian enterprise_linux_for_power_little_endian_eus +13 more products- Published: Jan. 14, 2025
- Modified: Aug. 12, 2025
- Vuln Type: Memory Corruption
-
6.1
MEDIUMCVE-2025-54783
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Versions 7.14.6 and below have a Reflected Cross-Site Scripting (XSS) vulnerability. This vulnerability allows an attacker to execute JavaScript code... Read more
Affected Products : suitecrm- Published: Aug. 07, 2025
- Modified: Aug. 12, 2025
- Vuln Type: Cross-Site Scripting
-
8.6
HIGHCVE-2025-54784
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. There is a Cross Site Scripting (XSS) vulnerability in the email viewer in versions 7.14.0 through 7.14.6. An external attacker could send a prepared... Read more
Affected Products : suitecrm- Published: Aug. 07, 2025
- Modified: Aug. 12, 2025
- Vuln Type: Cross-Site Scripting