Lucene search
K

21310 matches found

Vulnrichment
Vulnrichment
added 2025/02/28 2:31 a.m.7 views

CVE-2025-0823 IBM MQ path traversal

IBM Cognos Analytics 11.2.0 through 11.2.4 FP5 and 12.0.0 through 12.0.4 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system...

6.5CVSS6.4AI score0.0054EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/02/28 2:31 a.m.27 views

CVE-2025-0823 IBM MQ path traversal

IBM Cognos Analytics 11.2.0 through 11.2.4 FP5 and 12.0.0 through 12.0.4 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system...

6.5CVSS0.0054EPSS
Exploits0References1
CVE
CVE
added 2025/02/28 2:31 a.m.109 views

CVE-2025-0823

CVE-2025-0823 affects IBM Cognos Analytics 11.2.0–11.2.4 FP5 and 12.0.0–12.0.4. Root cause is a path traversal vulnerability allowing a remote attacker to view arbitrary files by sending crafted URLs with /../ sequences. Impact is exposure of sensitive files; no exploitation details are provided ...

6.5CVSS6.4AI score0.0054EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/02/28 12:0 a.m.8 views

CVE-2025-26326

A vulnerability was identified in the NVDA Remote version 2.6.4 and Tele NVDA Remote version 2025.3.3 remote connection add-ons, which allows an attacker to obtain total control of the remote system by guessing a weak password. The problem occurs because these add-ons accept any password entered ...

9.1AI score0.01404EPSS
Exploits0References6
CVE
CVE
added 2025/02/28 12:0 a.m.89 views

CVE-2025-26326

CVE-2025-26326 affects the NVDA Remote (v2.6.4) and Tele NVDA Remote (v2025.3.3) remote connection add-ons. The root cause is that the components accept any entered password without additional authentication or device verification, enabling brute-force/guess attacks. Reports indicate over 1,000 s...

8.8CVSS9AI score0.01404EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2025/02/28 12:0 a.m.5 views

PT-2025-9107 · Nvda · Nvda

Name of the Vulnerable Software and Affected Versions: NVDA versions 2024.4.1 through 2024.4.2 Description: A vulnerability in the remote connection complements of NVDA allows an attacker to obtain total control of the remote system when guessing a weak password. The problem occurs because the...

8.8CVSS7.5AI score0.01404EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2025/02/28 12:0 a.m.4 views

PT-2025-9049 · Ibm · Ibm Cognos Analytics

Name of the Vulnerable Software and Affected Versions: IBM Cognos Analytics versions 11.2.0 through 11.2.4 FP5 IBM Cognos Analytics versions 12.0.0 through 12.0.4 Description: The issue allows a remote attacker to traverse directories on the system by sending a specially crafted URL request...

6.5CVSS6.4AI score0.0054EPSS
Exploits0References7
Cvelist
Cvelist
added 2025/02/28 12:0 a.m.14 views

CVE-2025-26326

A vulnerability was identified in the NVDA Remote version 2.6.4 and Tele NVDA Remote version 2025.3.3 remote connection add-ons, which allows an attacker to obtain total control of the remote system by guessing a weak password. The problem occurs because these add-ons accept any password entered ...

0.01404EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2025/02/28 12:0 a.m.6 views

PT-2025-9135 · Pwndoc · Pwndoc

Name of the Vulnerable Software and Affected Versions: PwnDoc versions prior to 1.2.0 Description: The issue concerns the backup restore functionality, which allows an administrator to import raw data into the database, including Path Traversal ../ sequences. This is problematic for the template...

6.5CVSS7.1AI score0.01079EPSS
Exploits1References14
IBM Security Bulletins
IBM Security Bulletins
added 2025/02/27 9:9 p.m.24 views

Security Bulletin: IBM MQ Console is affected by a command injection vulnerability (CVE-2025-0975)

Summary IBM MQ has addressed a command injection vulnerability in the MQ Console Vulnerability Details CVEID:CVE-2025-0975 DESCRIPTION: IBM MQ console could allow an authenticated user to execute code due to improper neutralization of escape characters. CWE:CWE-150: Improper Neutralization of...

8.8CVSS6.8AI score0.00607EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/02/27 8:38 p.m.24 views

Security Bulletin: IBM MQ Appliance Console is affected by code injection vulnerability (CVE-2025-0975)

Summary IBM MQ Appliance has addressed a code injection vulnerability in the IBM MQ Console. Vulnerability Details CVEID:CVE-2025-0975 DESCRIPTION: IBM MQ console could allow an authenticated user to execute code due to improper neutralization of escape characters. CWE:CWE-150: Improper...

8.8CVSS6.9AI score0.00607EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/02/27 5:3 p.m.37 views

Security Bulletin: IBM Cognos Analytics is affected by multiple vulnerabilities

Summary There are vulnerabilities in IBM WebSphere Application Server Liberty and Open-Source Software OSS components used by IBM Cognos Analytics. Additionally, IBM Cognos Analytics is vulnerable to Local File Inclusion vulnerabilities. For more information about the vulnerability impact, refer ...

9.8CVSS9.8AI score0.90709EPSS
Exploits3Affected Software1
OSV
OSV
added 2025/02/27 3:15 p.m.6 views

CVE-2024-54169

IBM EntireX 11.1 could allow an authenticated attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system...

6.5CVSS5.8AI score0.00435EPSS
Exploits0References1
NVD
NVD
added 2025/02/27 3:15 p.m.6 views

CVE-2024-54169

IBM EntireX 11.1 could allow an authenticated attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system...

6.5CVSS0.00435EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/02/27 2:54 p.m.7 views

CVE-2024-54169 IBM EntireX path traversal

IBM EntireX 11.1 could allow an authenticated attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system...

6.5CVSS6.3AI score0.00435EPSS
Exploits0References1
CVE
CVE
added 2025/02/27 2:54 p.m.32 views

CVE-2024-54169

IBM EntireX 11.1 is impacted by CVE-2024-54169, a path-traversal vulnerability that could allow an authenticated attacker to view arbitrary files by sending a URL containing dot-dot sequences (/../). Root cause is improper pathname restriction in the affected component, enabling directory travers...

6.5CVSS6.3AI score0.00435EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/02/27 2:54 p.m.12 views

CVE-2024-54169 IBM EntireX path traversal

IBM EntireX 11.1 could allow an authenticated attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system...

6.5CVSS0.00435EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2025/02/27 2:48 p.m.7 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to an arbitrary Python code execution in Jinja [CVE-2024-56326]

Summary IBM Watson Speech Services Cartridge is vulnerable to an arbitrary Python code execution in Jinja , caused by a sandbox breakout flaw CVE-2024-56326. Jinja is used by our Speech Runtimes. This vulnerabilitiy has been addressed. Please read the details for remediation below. Vulnerability...

8.8CVSS7.4AI score0.005EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/02/27 9:34 a.m.27 views

Security Bulletin: IBM Observability with Instana (OnPrem) is affected by multiple security vulnerabilities

Summary Multiple vulnerabilities were remediated in IBM Observability with Instana OnPrem build 1.0.289 Vulnerability Details CVEID:CVE-2023-45283 DESCRIPTION: Golang Go could allow a remote attacker to traverse directories on the system, caused by the failure to recognize paths with a ??\ prefix...

8.8CVSS9.5AI score0.91969EPSS
Exploits3Affected Software1
VulnCheck KEV
VulnCheck KEV
added 2025/02/27 12:0 a.m.3 views

VulnCheck KEV: CVE-2001-1580

Directory traversal vulnerability in ScriptEase viewcode.jse for Netware 5.1 before 5.1 SP3 allows remote attackers to read arbitrary files via ".." sequences in the query string...

5CVSS5.9AI score0.02883EPSS
Exploits1References1
Rows per page
Query Builder