21310 matches found
CVE-2025-0823 IBM MQ path traversal
IBM Cognos Analytics 11.2.0 through 11.2.4 FP5 and 12.0.0 through 12.0.4 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system...
CVE-2025-0823 IBM MQ path traversal
IBM Cognos Analytics 11.2.0 through 11.2.4 FP5 and 12.0.0 through 12.0.4 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system...
CVE-2025-0823
CVE-2025-0823 affects IBM Cognos Analytics 11.2.0–11.2.4 FP5 and 12.0.0–12.0.4. Root cause is a path traversal vulnerability allowing a remote attacker to view arbitrary files by sending crafted URLs with /../ sequences. Impact is exposure of sensitive files; no exploitation details are provided ...
CVE-2025-26326
A vulnerability was identified in the NVDA Remote version 2.6.4 and Tele NVDA Remote version 2025.3.3 remote connection add-ons, which allows an attacker to obtain total control of the remote system by guessing a weak password. The problem occurs because these add-ons accept any password entered ...
CVE-2025-26326
CVE-2025-26326 affects the NVDA Remote (v2.6.4) and Tele NVDA Remote (v2025.3.3) remote connection add-ons. The root cause is that the components accept any entered password without additional authentication or device verification, enabling brute-force/guess attacks. Reports indicate over 1,000 s...
PT-2025-9107 · Nvda · Nvda
Name of the Vulnerable Software and Affected Versions: NVDA versions 2024.4.1 through 2024.4.2 Description: A vulnerability in the remote connection complements of NVDA allows an attacker to obtain total control of the remote system when guessing a weak password. The problem occurs because the...
PT-2025-9049 · Ibm · Ibm Cognos Analytics
Name of the Vulnerable Software and Affected Versions: IBM Cognos Analytics versions 11.2.0 through 11.2.4 FP5 IBM Cognos Analytics versions 12.0.0 through 12.0.4 Description: The issue allows a remote attacker to traverse directories on the system by sending a specially crafted URL request...
CVE-2025-26326
A vulnerability was identified in the NVDA Remote version 2.6.4 and Tele NVDA Remote version 2025.3.3 remote connection add-ons, which allows an attacker to obtain total control of the remote system by guessing a weak password. The problem occurs because these add-ons accept any password entered ...
PT-2025-9135 · Pwndoc · Pwndoc
Name of the Vulnerable Software and Affected Versions: PwnDoc versions prior to 1.2.0 Description: The issue concerns the backup restore functionality, which allows an administrator to import raw data into the database, including Path Traversal ../ sequences. This is problematic for the template...
Security Bulletin: IBM MQ Console is affected by a command injection vulnerability (CVE-2025-0975)
Summary IBM MQ has addressed a command injection vulnerability in the MQ Console Vulnerability Details CVEID:CVE-2025-0975 DESCRIPTION: IBM MQ console could allow an authenticated user to execute code due to improper neutralization of escape characters. CWE:CWE-150: Improper Neutralization of...
Security Bulletin: IBM MQ Appliance Console is affected by code injection vulnerability (CVE-2025-0975)
Summary IBM MQ Appliance has addressed a code injection vulnerability in the IBM MQ Console. Vulnerability Details CVEID:CVE-2025-0975 DESCRIPTION: IBM MQ console could allow an authenticated user to execute code due to improper neutralization of escape characters. CWE:CWE-150: Improper...
Security Bulletin: IBM Cognos Analytics is affected by multiple vulnerabilities
Summary There are vulnerabilities in IBM WebSphere Application Server Liberty and Open-Source Software OSS components used by IBM Cognos Analytics. Additionally, IBM Cognos Analytics is vulnerable to Local File Inclusion vulnerabilities. For more information about the vulnerability impact, refer ...
CVE-2024-54169
IBM EntireX 11.1 could allow an authenticated attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system...
CVE-2024-54169
IBM EntireX 11.1 could allow an authenticated attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system...
CVE-2024-54169 IBM EntireX path traversal
IBM EntireX 11.1 could allow an authenticated attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system...
CVE-2024-54169
IBM EntireX 11.1 is impacted by CVE-2024-54169, a path-traversal vulnerability that could allow an authenticated attacker to view arbitrary files by sending a URL containing dot-dot sequences (/../). Root cause is improper pathname restriction in the affected component, enabling directory travers...
CVE-2024-54169 IBM EntireX path traversal
IBM EntireX 11.1 could allow an authenticated attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system...
Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to an arbitrary Python code execution in Jinja [CVE-2024-56326]
Summary IBM Watson Speech Services Cartridge is vulnerable to an arbitrary Python code execution in Jinja , caused by a sandbox breakout flaw CVE-2024-56326. Jinja is used by our Speech Runtimes. This vulnerabilitiy has been addressed. Please read the details for remediation below. Vulnerability...
Security Bulletin: IBM Observability with Instana (OnPrem) is affected by multiple security vulnerabilities
Summary Multiple vulnerabilities were remediated in IBM Observability with Instana OnPrem build 1.0.289 Vulnerability Details CVEID:CVE-2023-45283 DESCRIPTION: Golang Go could allow a remote attacker to traverse directories on the system, caused by the failure to recognize paths with a ??\ prefix...
VulnCheck KEV: CVE-2001-1580
Directory traversal vulnerability in ScriptEase viewcode.jse for Netware 5.1 before 5.1 SP3 allows remote attackers to read arbitrary files via ".." sequences in the query string...