CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

2897 matches found

CNNVD•added 2025/04/25 12:0 a.m.•1 views

IBM Maximo Asset Management 跨站脚本漏洞

IBM Maximo Asset Management is a comprehensive asset lifecycle and maintenance management solution from International Business Machines IBM. The solution is capable of managing all types of assets, such as facilities, transportation, etc., on a single platform with a single point of control for...

5.5CVSS6.1AI score0.0018EPSS

Exploits0References3

Positive Technologies•added 2025/04/25 12:0 a.m.•3 views

PT-2025-17900 · Ibm · Ibm Maximo Asset Management

Name of the Vulnerable Software and Affected Versions: IBM Maximo Asset Management version 7.6.1.3 Description: The issue allows a privileged user to embed arbitrary JavaScript code in the Web UI, potentially altering the intended functionality and leading to credentials disclosure within a trust...

5.5CVSS5.3AI score0.0018EPSS

Exploits0References6

OSV•added 2025/04/22 12:15 a.m.•1 views

CVE-2025-2987

IBM Maximo Asset Management 7.6.1.3 is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks...

5.4CVSS5.8AI score

Exploits0References1

NVD•added 2025/04/22 12:15 a.m.•20 views

CVE-2025-2987

5.4CVSS0.00178EPSS

Exploits0References1

Vulnrichment•added 2025/04/21 11:24 p.m.•17 views

CVE-2025-2987 IBM Maximo Asset Management server-side request forgery

3.8CVSS4.2AI score0.00178EPSS

Exploits0References1

CVE•added 2025/04/21 11:24 p.m.•71 views

CVE-2025-2987

IBM Maximo Asset Management 7.6.1.3 is vulnerable to Server-Side Request Forgery (SSRF). An authenticated attacker may cause the system to issue unauthorized requests, potentially enabling network enumeration or other attacks. The IBM security bulletin assigns CVE-2025-2987 with a CVSS v3.1 base ...

5.4CVSS4AI score0.00178EPSS

Exploits0References1Affected Software1

Cvelist•added 2025/04/21 11:24 p.m.•18 views

CVE-2025-2987 IBM Maximo Asset Management server-side request forgery

3.8CVSS0.00178EPSS

Exploits0References1

CNNVD•added 2025/04/21 12:0 a.m.•2 views

IBM Maximo Asset Management 代码问题漏洞

5.4CVSS6.8AI score0.00178EPSS

Exploits0References1

Positive Technologies•added 2025/04/21 12:0 a.m.•2 views

PT-2025-17470 · Ibm · Ibm Maximo Asset Management

Name of the Vulnerable Software and Affected Versions: IBM Maximo Asset Management version 7.6.1.3 Description: The issue allows an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. This is due to a...

5.5CVSS5.8AI score0.00178EPSS

Exploits0References12

IBM Security Bulletins•added 2025/04/17 10:18 a.m.•34 views

Security Bulletin: IBM Maximo Application Suite - IoT uses netty-common-4.1.114.Final.jar which is vulnerable to CVE-2025-25193.

Summary IBM Maximo Application Suite - IoT uses netty-common-4.1.114.Final.jar which is vulnerable to CVE-2025-25193. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-25193 DESCRIPTION: Netty, an asynchronous, event-driven networ...

5.5CVSS6.8AI score0.00357EPSS

Exploits0Affected Software1

IBM Security Bulletins•added 2025/04/17 10:14 a.m.•21 views

Security Bulletin: IBM Maximo Application Suite - IoT uses cryptography-44.0.0-cp39-abi3-manylinux_2_28_x86_64.whl which is vulnerable to CVE-2024-12797.

Summary IBM Maximo Application Suite - IoT uses cryptography-44.0.0-cp39-abi3-manylinux228x8664.whl which is vulnerable to CVE-2024-12797. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-12797 DESCRIPTION: Issue summary: Clients...

6.3CVSS6.8AI score0.02357EPSS

Exploits0Affected Software1

IBM Security Bulletins•added 2025/04/15 12:32 p.m.•8 views

Security Bulletin: IBM Maximo Application Suite - Manage Component uses prismjs-1.29.0.tgz which is vulnerable to CVE-2024-53382.

Summary IBM Maximo Application Suite - Manage Component uses prismjs-1.29.0.tgz which is vulnerable to CVE-2024-53382. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-53382 DESCRIPTION: Prism aka PrismJS through 1.29.0 allows DO...

5.4CVSS5.7AI score0.00271EPSS

Exploits1Affected Software1

IBM Security Bulletins•added 2025/04/15 12:30 p.m.•14 views

Security Bulletin: IBM Maximo Application Suite - Manage Component uses dompurify-3.2.3.tgz which is vulnerable to CVE-2025-26791.

Summary IBM Maximo Application Suite - Manage Component uses dompurify-3.2.3.tgz which is vulnerable to CVE-2025-26791. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-26791 DESCRIPTION: DOMPurify before 3.2.4 has an incorrect...

6.1CVSS5.8AI score0.00559EPSS

Exploits1Affected Software1

IBM Security Bulletins•added 2025/04/15 10:36 a.m.•28 views

Security Bulletin: There is a vulnerability in vitest-2.1.8.tgz used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2025-24963,CVE-2025-24964)

Summary There is a vulnerability in vitest-2.1.8.tgz used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2025-24963 DESCRIPTION: Vitest is a testing framework powered by Vite. The screenshot-error handler on the browser mode HTTP server that...

9.6CVSS8AI score0.02291EPSS

Exploits1Affected Software1

IBM Security Bulletins•added 2025/04/15 3:28 a.m.•23 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to Log Forging CVE-2024-35150

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to Log Forging CVE-2024-35150. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-35150 DESCRIPTION: IBM Maximo Application Suite - Monitor Component does not...

5.3CVSS5.2AI score0.00262EPSS

Exploits0Affected Software1

IBM Security Bulletins•added 2025/04/15 3:10 a.m.•31 views

Security Bulletin: IBM Maximo Asset Management application is vulnerable to allow a remote attacker to traverse directories on the system. (CVE-2024-45652)

Summary IBM Maximo MXAPIASSET API could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system. Vulnerability Details CVEID:CVE-2024-45652 DESCRIPTION: IBM Maxi...

7.5CVSS6.5AI score0.00763EPSS

Exploits0Affected Software1

IBM Security Bulletins•added 2025/04/15 2:22 a.m.•44 views

Security Bulletin: IBM Maximo Application Suite - IoT Component uses aiohttp-3.8.6-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl which is vulnerable to CVE-2024-23829, CVE-2023-49082, CVE-2024-23334 and CVE-2023-49081

Summary IBM Maximo Application Suite - IoT Component uses aiohttp-3.8.6-cp37-cp37m-manylinux217x8664.manylinux2014x8664.whl which is vulnerable to CVE-2024-23829, CVE-2023-49082, CVE-2024-23334 and CVE-2023-49081. This bulletin contains information regarding the vulnerability and its fixture...

7.5CVSS7.1AI score0.76875EPSS

Exploits18Affected Software1

IBM Security Bulletins•added 2025/04/14 6:39 p.m.•25 views

Security Bulletin: IBM Maximo Application Suite is vulnerable to Unrestricted File Upload (CVE-2025-1500)

Summary IBM Maximo Application Suite is vulnerable to Unrestricted File Upload which could allow an authenticated user to upload a file with dangerous types that could be executed by another user if opened CVE-2025-1500. Vulnerability Details CVEID:CVE-2025-1500 DESCRIPTION: IBM Maximo Applicatio...

8CVSS6.3AI score0.00222EPSS

Exploits0Affected Software1

IBM Security Bulletins•added 2025/04/14 10:25 a.m.•32 views

Security Bulletin: IBM Maximo Application Suite - Predict Component vulnerable to Microsoft LightGBM could allow a remote attacker to execute arbitrary code on the system.

Summary Security Bulletin: IBM Maximo Application Suite - Predict Component vulnerable to Microsoft LightGBM could allow a remote attacker to execute arbitrary code on the system.. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details...

8.1CVSS7.6AI score0.01384EPSS

Exploits0Affected Software1

IBM Security Bulletins•added 2025/04/14 9:38 a.m.•10 views

Security Bulletin: IBM Maximo Application Suite uses nanoid-3.3.7.tgz which is vulnerable to CVE-2024-55565.

Summary IBM Maximo Application Suite uses nanoid-3.3.7.tgz which is vulnerable to CVE-2024-55565. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-55565 DESCRIPTION: nanoid aka Nano ID before 5.0.9 mishandles non-integer values...

4.3CVSS6.6AI score0.00666EPSS

Exploits0Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by