Vulnerabilities (CVE)

Total 300701 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-52895 1 Ibm 1 I 2025-07-03 N/A 6.5 MEDIUM
IBM i 7.4 and 7.5 is vulnerable to a database access denial of service caused by a bypass of a database capabilities restriction check. A privileged bad actor can remove or otherwise impact database infrastructure files resulting in incorrect behavior of software products that rely upon the database.
CVE-2025-36004 1 Ibm 1 I 2025-07-03 N/A 8.8 HIGH
IBM i 7.2, 7.3, 7.4, and 7.5 could allow a user to gain elevated privileges due to an unqualified library call in IBM Facsimile Support for i. A malicious actor could cause user-controlled code to run with administrator privilege.
CVE-2025-33122 1 Ibm 1 I 2025-07-03 N/A 7.5 HIGH
IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 could allow a user to gain elevated privileges due to an unqualified library call in IBM Advanced Job Scheduler for i. A malicious actor could cause user-controlled code to run with administrator privilege.
CVE-2025-3218 1 Ibm 1 I 2025-07-03 N/A 5.4 MEDIUM
IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 is vulnerable to authentication and authorization attacks due to incorrect validation processing in IBM i Netserver. A malicious actor could use the weaknesses, in conjunction with brute force authentication attacks or to bypass authority restrictions, to access the server.
CVE-2025-2950 1 Ibm 1 I 2025-07-03 N/A 5.4 MEDIUM
IBM i 7.3, 7.4, 7.5, and 7.5 is vulnerable to a host header injection attack caused by improper neutralization of HTTP header content by IBM Navigator for i. An authenticated user can manipulate the host header in HTTP requests to change domain/IP address which may lead to unexpected behavior.
CVE-2024-55898 1 Ibm 1 I 2025-07-03 N/A 8.5 HIGH
IBM i 7.2, 7.3, 7.4, and 7.5 could allow a user with the capability to compile or restore a program to gain elevated privileges due to an unqualified library call. A malicious actor could cause user-controlled code to run with administrator privilege.
CVE-2022-39163 2 Ibm, Microsoft 3 Cognos Controller, Controller, Windows 2025-07-03 N/A 4.7 MEDIUM
IBM Cognos Controller 11.0.0 through 11.1.0 is vulnerable to a Client-Side Desync (CSD) attack where an attacker could exploit a desynchronized browser connection that could lead to further cross-site scripting (XSS) attacks.
CVE-2024-40702 2 Ibm, Microsoft 3 Cognos Controller, Controller, Windows 2025-07-03 N/A 8.2 HIGH
IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller 11.1.0 could allow an unauthorized user to obtain valid tokens to gain access to protected resources due to improper certificate validation.
CVE-2024-28778 2 Ibm, Microsoft 3 Cognos Controller, Controller, Windows 2025-07-03 N/A 6.5 MEDIUM
IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller 11.1.0 is vulnerable to exposure of Artifactory API keys. This vulnerability allows users to publish code to private packages or repositories under the name of the organization.
CVE-2024-25037 2 Ibm, Microsoft 3 Cognos Controller, Controller, Windows 2025-07-03 N/A 4.3 MEDIUM
IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller 11.1.0 could allow a remote attacker to obtain sensitive information when a stack trace is returned in the browser.
CVE-2022-22363 2 Ibm, Microsoft 3 Cognos Controller, Controller, Windows 2025-07-03 N/A 4.3 MEDIUM
IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller 11.1.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.
CVE-2021-20455 2 Ibm, Microsoft 3 Cognos Controller, Controller, Windows 2025-07-03 N/A 3.7 LOW
IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller 11.1.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.
CVE-2024-25048 1 Ibm 1 Mq Appliance 2025-07-03 N/A 7.5 HIGH
IBM MQ Appliance 9.3 CD and LTS are vulnerable to a heap-based buffer overflow, caused by improper bounds checking. A remote authenticated attacker could overflow a buffer and execute arbitrary code on the system or cause the server to crash. IBM X-Force ID: 283137.
CVE-2024-54173 1 Ibm 1 Mq Appliance 2025-07-03 N/A 4.7 MEDIUM
IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD reveals potentially sensitive information in trace files that could be read by a local user when webconsole trace is enabled.
CVE-2025-0975 1 Ibm 1 Mq Appliance 2025-07-03 N/A 8.8 HIGH
IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD console could allow an authenticated user to execute code due to improper neutralization of escape characters.
CVE-2025-23225 1 Ibm 1 Mq Appliance 2025-07-03 N/A 6.5 MEDIUM
IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD could allow an authenticated user to cause a denial of service due to the improper handling of invalid headers sent to the queue.
CVE-2024-51471 1 Ibm 1 Mq Appliance 2025-07-03 N/A 5.3 MEDIUM
IBM MQ Appliance 9.3 LTS, 9.3 CD, and 9.4 LTS web console could allow an authenticated user to cause a denial-of-service when trace is enabled due to information being written into memory outside of the intended buffer size.
CVE-2025-53370 2025-07-03 N/A 8.6 HIGH
Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. From versions 1.9.4 to before 3.4.0, short descriptions set via the ShortDescription extension are inserted as raw HTML by the Citizen skin, allowing any user to insert arbitrary HTML into the DOM by editing a page. This issue has been patched in version 3.4.0.
CVE-2025-53369 2025-07-03 N/A 8.6 HIGH
Short Description is a MediaWiki extension that provides local short description support. In version 4.0.0, short descriptions are not properly sanitized before being inserted as HTML using mw.util.addSubtitle, allowing any user to insert arbitrary HTML into the DOM by editing a page. This issue has been patched in version 4.0.1.
CVE-2025-53368 2025-07-03 N/A 8.6 HIGH
Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. From versions 1.9.4 to before 3.4.0, page descriptions are inserted into raw HTML without proper sanitization by the Citizen skin when using the old search bar. Any user with page editing privileges can insert cross-site scripting (XSS) payloads into the DOM for other users who are searching for specific pages. This issue has been patched in version 3.4.0.