6.2
CVE-2025-36083 - Multiple Vulnerabilities in IBM Concert Software.
IBM Concert Software 1.0.0 through 2.0.0 could allow a local user to obtain sensitive information from buffers due to improper clearing of heap memory before release.
5.3
CVE-2025-36081 - Multiple Vulnerabilities in IBM Concert Software.
IBM Concert Software 1.0.0 through 2.0.0 could allow a user to modify system logs due to improper neutralization of log input.
8.7
CVE-2025-34311 - IPFire < v2.29 Command Injection via Proxy Report Creation
IPFire versions prior to 2.29 (Core Update 198) contain a command injection vulnerability that allows an authenticated attacker to execute arbitrary commands as the user 'nobody' via multiple parameters when creating a Proxy report. When a user creates a Proxy report the application issues an HTTP …
8.7
CVE-2025-34312 - IPFire < v2.29 Command Injection via URL Filter Blacklist
IPFire versions prior to 2.29 (Core Update 198) contain a command injection vulnerability that allows an authenticated attacker to execute arbitrary commands as the 'nobody' user via the BE_NAME parameter when installing a blacklist. When a blacklist is installed the application issues an HTTP POST…
7.1
CVE-2025-34304 - IPFire < v2.29 SQL Injection via OpenVPN Connection Logs
IPFire versions prior to 2.29 (Core Update 198) contain a SQL injection vulnerability that allows an authenticated attacker to manipulate the SQL query used when viewing OpenVPN connection logs via the CONNECTION_NAME parameter. When viewing a range of OpenVPN connection logs, the application issue…
5.1
CVE-2025-34307 - IPFire < v2.29 Stored XSS via Default Country Search
IPFire versions prior to 2.29 (Core Update 198) contain a stored cross-site scripting (XSS) vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the pienumber parameter when updating the firewall country search defaults. When a user updates the default val…
5.1
CVE-2025-34306 - IPFire < v2.29 Stored XSS via Default IP Search Value
IPFire versions prior to 2.29 (Core Update 198) contain a stored cross-site scripting (XSS) vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the pienumber parameter when updating the default firewall IP search values. When a user updates these defaults…
5.1
CVE-2025-34308 - IPFire < v2.29 Stored XSS via Default Time Sync
IPFire versions prior to 2.29 (Core Update 198) contain a stored cross-site scripting (XSS) vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the UPDATE_VALUE parameter when updating the default time synchronization settings. When the default values dis…
5.1
CVE-2025-34318 - IPFire < v2.29 Stored XSS via DNS Creation (proxy.cgi)
IPFire versions prior to 2.29 (Core Update 198) contain a stored cross-site scripting (XSS) vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the TLS_HOSTNAME, UPSTREAM_USER, UPSTREAM_PASSWORD, ADMIN_MAIL_ADDRESS, and ADMIN_PASSWORD parameters when addi…
5.1
CVE-2025-34317 - IPFire < v2.29 Stored XSS via DNS Creation (dns.cgi)
IPFire versions prior to 2.29 (Core Update 198) contain a stored cross-site scripting (XSS) vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the TLS_HOSTNAME parameter when adding a new DNS entry. When a user adds a DNS entry, the application issues an…