Lucene search
K

64 matches found

Cvelist
Cvelist
added 3 days ago29 views

CVE-2025-36321 Vulnerabilities found in Watson Data Intelligence

IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site...

5.7CVSS0.00398EPSS
Exploits0References1
EUVD
EUVD
added 3 days ago4 views

EUVD-2025-210379

IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 s vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks...

4.3CVSS5.8AI score0.0027EPSS
Exploits0References1
Cvelist
Cvelist
added 3 days ago29 views

CVE-2025-36327 Vulnerabilities found in Watson Data Intelligence

IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 could allow an authenticated user to bypass security controls and perform unauthorized actions due to client-side enforcement of sever-side security...

6.5CVSS0.00375EPSS
Exploits0References1
CVE
CVE
added 3 days ago10 views

CVE-2025-36336

CVE-2025-36336 affects IBM watsonx.data intelligence versions 5.2.0, 5.2.1, 5.2.2, and 5.3.0. The issue is that data is transmitted in clear text, which an attacker could exploit via man-in-the-middle techniques to obtain sensitive information. The base metrics show a moderate network attack with...

5.9CVSS5.8AI score0.00203EPSS
Exploits0References1
Patchstack
Patchstack
added last week7 views

WordPress User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder plugin <= 5.2.0 - Missing Authorization to Unauthenticated Payment Bypass vulnerability

Missing Authorization to Unauthenticated Payment Bypass vulnerability discovered by Supakiad S. m3ez - E-CQURITY Thailand in WordPress Plugin User Registration versions = 5.2.0...

6.5CVSS5.8AI score0.0018EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/04/30 9:12 p.m.9 views

CVE-2025-36335

CVE-2025-36335 affects IBM watsonx.data intelligence releases 5.2.0, 5.2.1, 5.3.0, and 5.3.1. The root cause is that user credentials are stored in plain text, allowing a local user to read them. This leads to confidentiality impact (high) per the CVSS metrics, with access restricted to local con...

6.2CVSS5.1AI score0.00093EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/04/30 9:12 p.m.27 views

CVE-2025-36335 Vulnerabilities found

IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.3.0, 5.3.1 stores user credentials in plain text which can be read by a local user...

6.2CVSS0.00093EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/30 12:0 a.m.9 views

IBM watsonx.data intelligence 安全漏洞

IBM Watsonx.Data Intelligence is a data intelligence platform developed by IBM. Versions 5.2.0, 5.2.1, 5.3.0, and 5.3.1 of IBM Watsonx.Data Intelligence contain security vulnerabilities. These vulnerabilities stem from the storage of user credentials in plaintext, which could be read by local use...

6.2CVSS5.8AI score0.00093EPSS
Exploits0References1
OSV
OSV
added 2026/04/08 8:2 p.m.2 views

GHSA-CHQC-8P9Q-PQ6Q basic-ftp has FTP Command Injection via CRLF

Summary basic-ftp version 5.2.0 allows FTP command injection via CRLF sequences \r\n in file path parameters passed to high-level path APIs such as cd, remove, rename, uploadFrom, downloadTo, list, and removeDir. The library's protectWhitespace helper only handles leading spaces and returns other...

8.6CVSS6.1AI score0.02185EPSS
Exploits1References5
vulnersOsv
vulnersOsv
added 2026/04/07 3:17 p.m.6 views

arthexis (>=0.2.6 <=0.8.0), cg-django-uaa (=2.1.9) +29 more potentially affected by CVE-2026-4292 via django (>=5.2.0 <=5.2.12)

django PYPI version =5.2.0, =0.2.6, =0.1.0, =0.1.0, =1.3.0, =1.92.0.5, =4.2.0, =0.0.7, =3.0.0, =0.1.0, =0.1.1 and more Source cves: CVE-2026-4292 Source advisory: OSV:PYSEC-2026-53...

2.7CVSS5.7AI score0.00294EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/03/03 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2026-27699

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The basic-ftp FTP client library for Node.js contains a path traversal vulnerability CWE-22 in versions prior to 5.2.0 in the downloadToDir method. A malicious...

9.8CVSS7.2AI score0.00528EPSS
Exploits2References2
EUVD
EUVD
added 2026/02/25 10:34 p.m.24 views

EUVD-2026-8643

Basic FTP has Path Traversal Vulnerability in its downloadToDir method...

9.1CVSS5.2AI score0.00528EPSS
Exploits2References4
ATTACKERKB
ATTACKERKB
added 2026/02/25 2:58 p.m.5 views

CVE-2026-27699

The basic-ftp FTP client library for Node.js contains a path traversal vulnerability CWE-22 in versions prior to 5.2.0 in the downloadToDir method. A malicious FTP server can send directory listings with filenames containing path traversal sequences ../ that cause files to be written outside the...

9.8CVSS5.4AI score0.00528EPSS
Exploits2References4Affected Software1
OSV
OSV
added 2026/02/11 1:15 p.m.3 views

CVE-2025-58471

An allocation of resources without limits or throttling vulnerability has been reported to affect Qsync Central. If a remote attacker gains an administrator account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of...

4.9CVSS5.8AI score
Exploits0References1
vulnersOsv
vulnersOsv
added 2026/02/03 3:49 p.m.4 views

cg-django-uaa (=2.1.9), deeplabelnet (>=0.1.0 <=0.1.20) +22 more potentially affected by CVE-2025-14550 via django (>=5.2.0 <=5.2.10)

django PYPI version =5.2.0, =0.1.0, =0.1.0, =1.3.0, =1.92.0.5, =4.2.0, =0.0.7, =3.0.0, =0.1.0, =5.2.0, =5.2.1 - djbackup =2.1.0 and more Source cves: CVE-2025-14550 Source advisory: SNYK:PYTHON-DJANGO-15198929...

7.5CVSS7AI score0.00993EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/02/03 3:16 p.m.8 views

cg-django-uaa (=2.1.9), deeplabelnet (>=0.1.0 <=0.1.20) +22 more potentially affected by CVE-2026-1287 via django (>=5.2.0 <=5.2.10)

django PYPI version =5.2.0, =0.1.0, =0.1.0, =1.3.0, =1.92.0.5, =4.2.0, =0.0.7, =3.0.0, =0.1.0, =5.2.0, =5.2.1 - djbackup =2.1.0 and more Source cves: CVE-2026-1287 Source advisory: OSV:PYSEC-2026-46...

8.3CVSS7AI score0.00754EPSS
Exploits0
OSV
OSV
added 2026/01/20 4:16 p.m.3 views

CVE-2025-36065

IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0 5.2.0.00 through 5.2.0.12 does not invalidate session after a browser closure which could allow an authenticated user to impersonate another user on the system...

6.5CVSS5.8AI score0.00158EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/01/20 3:14 p.m.14 views

CVE-2025-36066 Multiple vulnerabilities were addressed in IBM Sterling Connect:Express for UNIX.

IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0 5.2.0.00 through 5.2.0.12 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leadi...

6.1CVSS0.00172EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/01/20 12:0 a.m.6 views

IBM Sterling Connect: Express Adapter for Sterling code issue and vulnerability

IBM Sterling Connect: Express Adapter for Sterling is a communication adapter developed by the American multinational company International Business Machines IBM. There were code vulnerabilities in versions 5.2.0.00 to 5.2.0.12 of IBM Sterling Connect: Express Adapter for Sterling. These...

6.5CVSS5.9AI score0.00145EPSS
Exploits0References1
NVD
NVD
added 2025/12/09 4:18 p.m.8 views

CVE-2025-67586

Missing Authorization vulnerability in Ronald Huereca Highlight and Share highlight-and-share allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Highlight and Share: from n/a through = 5.2.0...

4.7CVSS0.004EPSS
Exploits2References1
Rows per page
Query Builder