Total
7141 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-36367 | 1 Ibm | 1 I | 2025-11-05 | N/A | 8.8 HIGH |
| IBM i 7.6, 7.5, 7.4, 7.3, and 7.2 is vulnerable to privilege escalation caused by an invalid IBM i SQL services authorization check. A malicious actor can use the elevated privileges of another user profile to gain root access to the host operating system. | |||||
| CVE-2025-41111 | 1 Canaldenuncia | 1 Canaldenuncia.app | 2025-11-05 | N/A | 7.5 HIGH |
| A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameter 'id_denuncia' in '/backend/api/buscarComentariosByDenuncia.php'. | |||||
| CVE-2025-41112 | 1 Canaldenuncia | 1 Canaldenuncia.app | 2025-11-05 | N/A | 7.5 HIGH |
| A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameter 'web' in '/backend/api/buscarConfiguracionParametros2.php'. | |||||
| CVE-2025-41113 | 1 Canaldenuncia | 1 Canaldenuncia.app | 2025-11-05 | N/A | 7.5 HIGH |
| A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameter 'id_denuncia' in '/backend/api/buscarDenunciaByPin.php'. | |||||
| CVE-2025-41114 | 1 Canaldenuncia | 1 Canaldenuncia.app | 2025-11-05 | N/A | 7.5 HIGH |
| A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameters 'id_denuncia' and 'id_user' in '/backend/api/buscarDocumentosByIdDenunciaUsuario.php'. | |||||
| CVE-2025-41335 | 1 Canaldenuncia | 1 Canaldenuncia.app | 2025-11-05 | N/A | 7.5 HIGH |
| A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameters 'id' and ' 'id_sociedad' in '/api/buscarEmpresaById.php'. | |||||
| CVE-2025-41337 | 1 Canaldenuncia | 1 Canaldenuncia.app | 2025-11-05 | N/A | 7.5 HIGH |
| A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameter 'web' in '/backend/api/buscarSSOParametros.php'. | |||||
| CVE-2025-41336 | 1 Canaldenuncia | 1 Canaldenuncia.app | 2025-11-05 | N/A | 7.5 HIGH |
| A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameter 'web' in '/backend/api/buscarConfiguracionParametros.php'. | |||||
| CVE-2025-41338 | 1 Canaldenuncia | 1 Canaldenuncia.app | 2025-11-05 | N/A | 7.5 HIGH |
| A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameters 'id_denuncia' and 'id_user' in '/backend/api/buscarTestigoByIdDenunciaUsuario.php'. | |||||
| CVE-2025-41339 | 1 Canaldenuncia | 1 Canaldenuncia.app | 2025-11-05 | N/A | 7.5 HIGH |
| A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameter 'id_sociedad' in '/backend/api/buscarTipoDenuncia.php'. | |||||
| CVE-2025-41340 | 1 Canaldenuncia | 1 Canaldenuncia.app | 2025-11-05 | N/A | 7.5 HIGH |
| A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameters 'id_tp_denuncia' and 'id_sociedad' in '/backend/api/buscarTipoDenunciabyId.php'. | |||||
| CVE-2025-41341 | 1 Canaldenuncia | 1 Canaldenuncia.app | 2025-11-05 | N/A | 7.5 HIGH |
| A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameters 'id_denuncia' and 'seguro' in '/backend/api/buscarUsuarioByDenuncia.php'. | |||||
| CVE-2025-41342 | 1 Canaldenuncia | 1 Canaldenuncia.app | 2025-11-05 | N/A | 7.5 HIGH |
| A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameter 'id_user' in '/backend/api/buscarUsuarioId.php'. | |||||
| CVE-2025-41343 | 1 Canaldenuncia | 1 Canaldenuncia.app | 2025-11-05 | N/A | 7.5 HIGH |
| A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameter 'email' in '/backend/api/users/searchUserByEmail.php'. | |||||
| CVE-2025-41344 | 1 Canaldenuncia | 1 Canaldenuncia.app | 2025-11-05 | N/A | 7.5 HIGH |
| A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameter 'id_archivo' in '/backend/api/verArchivo.php'. | |||||
| CVE-2025-41345 | 1 Canaldenuncia | 1 Canaldenuncia.app | 2025-11-05 | N/A | 7.5 HIGH |
| A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameters 'id_denuncia' and 'id_user' in '/backend/api/buscarDenunciasById.php'. | |||||
| CVE-2025-64150 | 1 Jenkins | 1 Publish To Bitbucket | 2025-11-04 | N/A | 5.4 MEDIUM |
| A missing permission check in Jenkins Publish to Bitbucket Plugin 0.4 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | |||||
| CVE-2025-64148 | 1 Jenkins | 1 Publish To Bitbucket | 2025-11-04 | N/A | 4.3 MEDIUM |
| A missing permission check in Jenkins Publish to Bitbucket Plugin 0.4 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | |||||
| CVE-2025-64142 | 1 Jenkins | 1 Nexus Task Runner | 2025-11-04 | N/A | 4.3 MEDIUM |
| A missing permission check in Jenkins Nexus Task Runner Plugin 0.9.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials. | |||||
| CVE-2025-64139 | 1 Jenkins | 1 Start Windocks Container | 2025-11-04 | N/A | 4.3 MEDIUM |
| A missing permission check in Jenkins Start Windocks Containers Plugin 1.4 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL. | |||||