3.5
CVE-2025-27550 - IBM Jazz Reporting Service Information Disclosure
IBM Jazz Reporting Service could allow an authenticated user on the host network to obtain sensitive information about other projects that reside on the server.
3.5
CVE-2025-1823 - IBM Jazz Reporting Service Denial of Service
IBM Jazz Reporting Service could allow an authenticated user on the host network to cause a denial of service using specially crafted SQL query that consumes excess memory resources.
5.3
CVE-2024-39724 - IBM Db2 Big SQL on Cloud Pak for Data is vulnerable to a denial of service due to lack of throttlinβ¦
IBM Db2 Big SQL on Cloud Pak for Data versions 7.6 (on CP4D 4.8), 7.7 (on CP4D 5.0), and 7.8 (on CP4D 5.1) do not properly limit the allocation of system resources. An authenticated user with internal knowledge of the environment could exploit this weakness to cause a denial of service.
8.1
CVE-2026-25519 - OpenSlides has incorrect access control vulnerability in authentication service
OpenSlides is a free, web based presentation and assembly system for managing and projecting agenda, motions and elections of an assembly. Prior to version 4.2.29, OpenSlides supports local logins with username and password or an optionally configurable single sign on with SAML via an external IDP.β¦
5.1
CVE-2026-25517 - Wagtail has improper permission handling on admin preview endpoints
Wagtail is an open source content management system built on Django. Prior to versions 6.3.6, 7.0.4, 7.1.3, 7.2.2, and 7.3, due to a missing permission check on the preview endpoints, a user with access to the Wagtail admin and knowledge of a model's fields can craft a form submission to obtain a pβ¦
5.3
CVE-2023-38281 - Multiple Vulnerabilities in IBM Cloud Pak System
IBM Cloud Pak System does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker caβ¦
5.3
CVE-2023-38017 - Multiple Vulnerabilities in IBM Cloud Pak System
IBM Cloud Pak SystemΒ is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
8.2
CVE-2026-25511 - Group-Office is vulnerable to SSRF and File Read in WOPI service discovery
Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.150, 25.0.82, and 26.0.5, an authenticated user within the System Administrator group can trigger a full SSRF via the WOPI service discovery URL, including access to internal hosts/ports. The SSβ¦
9.4
CVE-2026-25512 - Group-Office is vulnerable to RCE due to Command Injection via TNEF Attachment Handler
Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.150, 25.0.82, and 26.0.5, there is a remote code execution (RCE) vulnerability in Group-Office. The endpoint email/message/tnefAttachmentFromTempFile directly concatenates the user-controlled paβ¦
6.9
CVE-2025-15555 - Open5GS VoLTE Cx-Test hss-cx-path.c hss_ogs_diam_cx_mar_cb stack-based overflow
A security flaw has been discovered in Open5GS up to 2.7.6. Affected by this vulnerability is the function hss_ogs_diam_cx_mar_cb of the file src/hss/hss-cx-path.c of the component VoLTE Cx-Test. The manipulation of the argument OGS_KEY_LEN results in stack-based buffer overflow. The attack may be β¦