Search Results (15902 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-49779 3 Ibm, Linux, Microsoft 3 Openpages With Watson, Linux Kernel, Windows 2025-08-15 4.3 Medium
IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages could allow a remote attacker to bypass security restrictions, caused by improper validation and management of authentication cookies. By modifying the CSRF token and Session Id cookie parameters using the cookies of another user, a remote attacker could exploit this vulnerability to bypass security restrictions and gain unauthorized access to the vulnerable application.
CVE-2024-49780 3 Ibm, Linux, Microsoft 3 Openpages With Watson, Linux Kernel, Windows 2025-08-15 5.3 Medium
IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages could allow a remote attacker to traverse directories on the system. An attacker with privileges to perform Import Configuration could send a specially crafted http request containing "dot dot" sequences (/../) in the file name parameter used in Import Configuration to write files to arbitrary locations outside of the specified directory and possibly overwrite arbitrary files.
CVE-2024-49781 3 Ibm, Linux, Microsoft 3 Openpages With Watson, Linux Kernel, Windows 2025-08-15 7.1 High
IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.
CVE-2024-49344 3 Ibm, Linux, Microsoft 3 Openpages With Watson, Linux Kernel, Windows 2025-08-15 4.3 Medium
IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages with Watson Assistant chat feature enabled the application establishes a session when a user logs in and uses chat, but the chat session is still left active after logout.
CVE-2024-49782 3 Ibm, Linux, Microsoft 3 Openpages With Watson, Linux Kernel, Windows 2025-08-15 6.8 Medium
IBM OpenPages with Watson 8.3 and 9.0  could allow a remote attacker to spoof mail server identity when using SSL/TLS security. An attacker could exploit this vulnerability to gain access to sensitive information disclosed through email notifications generated by OpenPages or disrupt notification delivery.
CVE-2024-49337 3 Ibm, Linux, Microsoft 3 Openpages With Watson, Linux Kernel, Windows 2025-08-15 5.4 Medium
IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages is vulnerable to HTML injection, caused by improper validation of user-supplied input of text fields used to construct workflow email notifications. A remote authenticated attacker could exploit this vulnerability using HTML tags in a text field of an object to inject malicious script into an email which would be executed in a victim's mail client within the security context of the OpenPages mail message. An attacker could use this for phishing or identity theft attacks.
CVE-2024-56341 3 Ibm, Linux, Microsoft 4 Aix, Content Navigator, Linux Kernel and 1 more 2025-08-15 5.4 Medium
IBM Content Navigator 3.0.11, 3.0.15, and 3.1.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVE-2024-43196 3 Ibm, Linux, Microsoft 3 Openpages With Watson, Linux Kernel, Windows 2025-08-15 4.3 Medium
IBM OpenPages with Watson 8.3 and 9.0  application could allow an authenticated user to manipulate data in the Questionnaires application allowing the user to spoof other users' responses.
CVE-2025-23227 3 Ibm, Linux, Microsoft 4 Aix, Tivoli Application Dependency Discovery Manager, Linux Kernel and 1 more 2025-08-15 6.4 Medium
IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 through 7.3.0.11 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVE-2024-41746 2 Ibm, Linux 2 Cics Tx, Linux Kernel 2025-08-14 7.2 High
IBM CICS TX Advanced 10.1, 11.1, and Standard 11.1 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVE-2025-21086 2 Intel, Linux 2 Ethernet 700 Series Software, Linux Kernel 2025-08-14 7.5 High
Improper input validation in the Linux kernel-mode driver for some Intel(R) 700 Series Ethernet before version 2.28.5 may allow an authenticated user to potentially enable escalation of privilege.
CVE-2025-25273 2 Intel, Linux 2 Ethernet 700 Series Software, Linux Kernel 2025-08-14 7.8 High
Insufficient control flow management in the Linux kernel-mode driver for some Intel(R) 700 Series Ethernet before version 2.28.5 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2025-24486 2 Intel, Linux 2 Ethernet 700 Series Software, Linux Kernel 2025-08-14 7.8 High
Improper input validation in the Linux kernel-mode driver for some Intel(R) 700 Series Ethernet before version 2.28.5 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2025-24303 2 Intel, Linux 2 Ethernet 800 Series Software, Linux Kernel 2025-08-14 7.8 High
Improper check for unusual or exceptional conditions in the Linux kernel-mode driver for some Intel(R) 800 Series Ethernet before version 1.17.2 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2025-22836 2 Intel, Linux 2 Ethernet 800 Series Software, Linux Kernel 2025-08-14 7.8 High
Integer overflow or wraparound in the Linux kernel-mode driver for some Intel(R) 800 Series Ethernet before version 1.17.2 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2025-24484 2 Intel, Linux 2 Ethernet 800 Series Software, Linux Kernel 2025-08-14 7.8 High
Improper input validation in the Linux kernel-mode driver for some Intel(R) 800 Series Ethernet before version 1.17.2 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2025-22893 2 Intel, Linux 2 Ethernet 800 Series Software, Linux Kernel 2025-08-14 7.8 High
Insufficient control flow management in the Linux kernel-mode driver for some Intel(R) 800 Series Ethernet before version 1.17.2 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2025-24325 2 Intel, Linux 2 Ethernet 800 Series Software, Linux Kernel 2025-08-14 8.8 High
Improper input validation in the Linux kernel-mode driver for some Intel(R) 800 Series Ethernet before version 1.17.2 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2025-20093 2 Intel, Linux 2 Ethernet 800 Series Software, Linux Kernel 2025-08-14 8.2 High
Improper check for unusual or exceptional conditions in the Linux kernel-mode driver for some Intel(R) 800 Series Ethernet before version 1.17.2 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2025-8880 4 Apple, Google, Linux and 1 more 4 Macos, Chrome, Linux Kernel and 1 more 2025-08-14 8.8 High
Race in V8 in Google Chrome prior to 139.0.7258.127 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)