7.3
CVE-2025-61914 - n8n's Possible Stored XSS in "Respond to Webhook" Node May Execute Outside iframe Sandbox
n8n is an open source workflow automation platform. Prior to version 1.114.0, a stored Cross-Site Scripting (XSS) vulnerability may occur in n8n when using the βRespond to Webhookβ node. When this node responds with HTML content containing executable scripts, the payload may execute directly in theβ¦
9.3
CVE-2025-13158 - apidoc-core - prototype pollution in api_group.js, api_param_title.js, api_use.js, and api_permissiβ¦
Prototype pollution vulnerability in apidoc-core versions 0.2.0 and all subsequent versions allows remote attackers to modify JavaScript object prototypes via malformed data structures, including the βdefineβ property processed by the application, potentially leading to denial of service or unintenβ¦
7.7
CVE-2025-64645 - Multiple Vulnerabilities in IBM Concert Software.
IBM Concert 1.0.0 through 2.1.0 could allow a local user to escalate their privileges due to a race condition of a symbolic link.
5.4
CVE-2025-36230 - XSS in IBM Aspera Faspex
IBM Aspera Faspex 5 5.0.0 through 5.0.14.1 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.
3.1
CVE-2025-36229 - Exposure of Sensitive System Information to an Unauthorized Control Sphere in IBM Aspera Faspex
IBM Aspera Faspex 5 5.0.0 through 5.0.14.1 could allow authenticated users to enumerate sensitive information of data due by enumerating package identifiers.
3.8
CVE-2025-36228 - Incorrect Execution-Assigned Permissions in IBM Aspera Faspex
IBM Aspera Faspex 5 5.0.0 through 5.0.14.1 may allow inconsistent permissions between the user interface and backend API allowed users to access features that appeared disabled, potentially leading to misuse.
6.7
CVE-2025-36192 - Missing Authorization with the DS8900F and DS8A00 Hardware Management Console
IBM DS8A00( R10.1) 10.10.106.0 and IBM DS8A00 ( R10.0) 10.1.3.010.2.45.0 and IBM DS8900F ( R9.4) 89.40.83.089.42.18.089.44.5.0 IBM System Storage DS8000 could allow a local user with authorized CCW update permissions to delete or corrupt backups due to missing authorization in IBM Safeguarded Copy β¦
4.3
CVE-2025-14687 - Client-Side Enforcement of Server-Side Security in IBM Db2 Intelligence Center
IBM Db2 Intelligence Center 1.1.0, 1.1.1, 1.1.2 could allow an authenticated user to perform unauthorized actions due to client-side enforcement of sever side security mechanisms.
9.8
CVE-2025-13915 - Authentication bypass in IBM API Connect
IBM API Connect 10.0.8.0 through 10.0.8.5, and 10.0.11.0 could allow a remote attacker to bypass authentication mechanisms and gain unauthorized access to the application.
7.8
CVE-2025-12771 - IBM Concert Software Improper Restriction of Operations within the Bounds of a Memory Buffer.
IBM Concert 1.0.0 through 2.1.0 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local user could overflow the buffer and execute arbitrary code on the system.