6.5
CVE-2025-14148 - IBM DevOps Deploy is susceptible to a Insufficiently Protected Credentials vulnerability
IBM UCD - IBM DevOps Deploy 8.1 through 8.1.2.3 could allow an authenticated user with LLM integration configuration privileges to recover a previously saved LLM API Token.
6.5
CVE-2025-12035 - Bluetooth: Integer Overflow in Bluetooth Classic (BR/EDR) L2CAP
An integer overflow condition exists in Bluetooth Host stack, within the bt_br_acl_recv routine a critical path for processing inbound BR/EDR L2CAP traffic.
5
CVE-2025-36360 - IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) is susceptible to an Insufficient Session Expirationβ¦
IBM UCD - IBM UrbanCode Deploy 7.1 through 7.1.2.27, 7.2 through 7.2.3.20, and 7.3 through 7.3.2.15 and IBM UCD - IBM DevOps Deploy 8.0 through 8.0.1.10, and 8.1 through 8.1.2.3 is susceptible to a race condition in http-session client-IP binding enforcement which may allow a session to be briefly β¦
7
CVE-2025-14038 -
EDB Hybrid Manager contains a flaw that allows an unauthenticated attacker to directly access certain gRPC endpoints. This could allow an attacker to read potentially sensitive data or possibly cause a denial-of-service by writing malformed data to certain gRPC endpoints. This flaw has been remediaβ¦
0.0
CVE-2025-68128 -
reserved but not needed
0.0
CVE-2025-68127 -
reserved but not needed
0.0
CVE-2025-68124 -
reserved but not needed
0.0
CVE-2025-68126 -
reserved but not needed
0.0
CVE-2025-68125 -
reserved but not needed
6.4
CVE-2025-14387 - LearnPress β WordPress LMS Plugin <= 4.3.1 - Authenticated (Subscriber+) Stored Cross-Site Scriptinβ¦
The LearnPress β WordPress LMS Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 4.3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level access and above,β¦