4.6
CVE-2025-64760 - Tuleap has missing CSRF protections in its tracker trigger management system
Tuleap is a free and open source suite for management of software development and collaboration. Versions of Tuleap Community Edition prior to 17.0.99.1763126988 and Tuleap Enterprise Edition prior to 17.0-3 and 16.13-8 have missing CSRF protections which allow attackers to create or remove trackerโฆ
4.6
CVE-2025-64499 - Tuleap is missing CSRF protections for its planning management API
Tuleap is a free and open source suite for management of software development and collaboration. Tuleap Community Editon versions prior to 17.0.99.1762456922 and Tuleap Enterprise Edition versions prior to 17.0-2, 16.13-7 and 16.12-10 are vulnerable to CSRF attacks through planning management API. โฆ
4.6
CVE-2025-64498 - Tuleap has a Cross-Site Request Forgery (CSRF) vulnerability
Tuleap is an Open Source Suite for management of software development and collaboration. Tuleap Community Edition versions below 17.0.99.1762444754 and Tuleap Enterprise Edition versions prior to 17.0-2, 16.13-7 and 16.12-10 allow attackers trick victims into changing tracker general settings. Thiโฆ
6.5
CVE-2025-64497 - Tuleap exposes releases for all projects to File Release System project administrators
Tuleap is an Open Source Suite for management of software development and collaboration. Versions below 17.0.99.1762431347 of Tuleap Community Edition and Tuleap Enterprise Edition below 17.0-2, 16.13-7 and 16.12-10 allow attackers to access file release system information in projects they do not โฆ
6.5
CVE-2025-36140 - IBM watsonx.data Denial of Service
IBM watsonx.data 2.2 through 2.2.1 could allow an authenticated user to cause a denial of service through ingestion pods due to improper allocation of resources without limits.
5.9
CVE-2025-62408 - c-ares has a Use After Free vulnerability when connection is cleaned up after error
c-ares is an asynchronous resolver library. Versions 1.32.3 through 1.34.5 terminate a query after maximum attempts when using read_answer() and process_answer(), which can cause a Denial of Service. This issue is fixed in version 1.34.6.
5.4
CVE-2025-12635 - IBM WebSphere Application Server and WebSphere Application Server Liberty Cross-Site Scripting
IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.12 are affected by cross-site scripting due to improper validation of user-supplied input. An attacker could exploit this vulnerability by using a specially crafted URL to redirect the useโฆ
6.5
CVE-2025-64650 - IBM Storage Defender - Resiliency Service Information Disclosure
IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.18 could disclose sensitive user credentials in log files.
4.6
CVE-2025-12832 - IBM InfoSphere Information Server Server-Side Request Forgery
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to server-side request forgery (SSRF). This may allow an authenticatedย attacker to send unauthorized requests from the system, potentially leading to network enumeration orย facilitating other attacks.
0.0
CVE-2025-67514 -
Vulnerability is dependency-based.