4.3

CVSS3.1

CVE-2025-36299 - IBM Planning Analytics Information Disclosure

IBM Planning Analytics Local 2.1.0 through 2.1.14 stores sensitive information in source code could be used in further attacks against the system.

📅 Published: Nov. 17, 2025, 8:09 p.m. 🔄 Last Modified: Nov. 19, 2025, 1:08 p.m.

8

CVSS3.1

CVE-2025-36357 - IBM Planning Analytics Local Directory Traversal

IBM Planning Analytics Local 2.1.0 through 2.1.14 could allow a remote authenticated user to traverse directories on the system. An attacker could send a specially crafted URL request containing absolute path sequences to view, read, or write arbitrary files on the system.

📅 Published: Nov. 17, 2025, 8:07 p.m. 🔄 Last Modified: Feb. 26, 2026, 4:56 p.m.

6.9

CVSS4.0

CVE-2025-13299 - itsourcecode Web-Based Internet Laboratory Management System controller.php sql injection

A flaw has been found in itsourcecode Web-Based Internet Laboratory Management System 1.0. This impacts an unknown function of the file /user/controller.php. Executing a manipulation can lead to sql injection. The attack may be performed from remote. The exploit has been published and may be used.

📅 Published: Nov. 17, 2025, 8:02 p.m. 🔄 Last Modified: Feb. 24, 2026, 7:16 a.m.

6.9

CVSS4.0

CVE-2025-13298 - itsourcecode Web-Based Internet Laboratory Management System controller.php sql injection

A vulnerability was detected in itsourcecode Web-Based Internet Laboratory Management System 1.0. This affects an unknown function of the file /enrollment/controller.php. Performing a manipulation results in sql injection. The attack is possible to be carried out remotely. The exploit is now public…

📅 Published: Nov. 17, 2025, 7:32 p.m. 🔄 Last Modified: Feb. 24, 2026, 7:16 a.m.

6.9

CVSS4.0

CVE-2025-13297 - itsourcecode Web-Based Internet Laboratory Management System controller.php sql injection

A security vulnerability has been detected in itsourcecode Web-Based Internet Laboratory Management System 1.0. The impacted element is an unknown function of the file /course/controller.php. Such manipulation leads to sql injection. The attack can be executed remotely. The exploit has been disclos…

📅 Published: Nov. 17, 2025, 6:02 p.m. 🔄 Last Modified: Feb. 24, 2026, 6:33 a.m.

8.5

CVSS4.0

CVE-2025-34323 - Nagios Log Server < 2026R1.0.1 Local Privilege Escalation via Writable Scripts and Sudo Rules

Nagios Log Server versions prior to 2026R1.0.1 are vulnerable to local privilege escalation due to a combination of sudo misconfiguration and group-writable application directories. The 'www-data' user is a member of the 'nagios' group, which has write access to '/usr/local/nagioslogserver/scripts'…

📅 Published: Nov. 17, 2025, 5:48 p.m. 🔄 Last Modified: Feb. 26, 2026, 4:56 p.m.

8.6

CVSS4.0

CVE-2025-34322 - Nagios Log Server < 2026R1.0.1 Authenticated Command Injection via Natural Language Queries

Nagios Log Server versions prior to 2026R1.0.1 contain an authenticated command injection vulnerability in the experimental 'Natural Language Queries' feature. When this feature is configured, certain user-controlled settings—including model selection and connection parameters—are read from the glo…

📅 Published: Nov. 17, 2025, 5:48 p.m. 🔄 Last Modified: Nov. 26, 2025, 3:15 p.m.

4.8

CVSS3.1

CVE-2025-55059 -

CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')

📅 Published: Nov. 17, 2025, 5:36 p.m. 🔄 Last Modified: Nov. 24, 2025, 4:32 p.m.

4.5

CVSS3.1

CVE-2025-55058 -

CWE-20 Improper Input Validation

📅 Published: Nov. 17, 2025, 5:33 p.m. 🔄 Last Modified: Nov. 24, 2025, 3:56 p.m.

4.5

CVSS3.1

CVE-2025-55057 -

Multiple CWE-352 Cross-Site Request Forgery (CSRF)

📅 Published: Nov. 17, 2025, 5:31 p.m. 🔄 Last Modified: Nov. 24, 2025, 3:49 p.m.
Total resulsts: 346554
Page 2728 of 34,656
« previous page » next page
Filters