4.4
CVE-2025-33116 - IBM Watson Studio on Cloud Pak for Data cross-site scripting
IBM Watson Studio 4.0 through 5.2.0 on Cloud Pak for Data is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted sβ¦
7.5
CVE-2024-48014 -
Dell BSAFE Micro Edition Suite, versions prior to 5.0.2.3 contain an Out-of-bounds Write vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to denial of service.
6.9
CVE-2025-10951 - geyang ml-logger server.py log_handler path traversal
A vulnerability was identified in geyang ml-logger up to acf255bade5be6ad88d90735c8367b28cbe3a743. Affected by this vulnerability is the function log_handler of the file ml_logger/server.py. Such manipulation of the argument File leads to path traversal. It is possible to launch the attack remotelyβ¦
4
CVE-2025-36601 -
Dell PowerScale OneFS, versions 9.5.0.0 through 9.11.0.0, contains an exposure of sensitive information to an unauthorized actor vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to Information disclosure.
5.1
CVE-2025-40838 - Ericsson Indoor Connect 8855 - Insufficiently Protected Credentials Vulnerability
Ericsson Indoor Connect 8855 contains a vulnerability where server-side security can be bypassed in the client which if exploited can lead to unauthorized disclosure of certain information.
8.7
CVE-2025-40837 - Ericsson Indoor Connect 8855 - Missing Authorization Vulnerability
Ericsson Indoor Connect 8855 contains a missing authorization vulnerability which if exploited can allow access to the system as a user with higher privileges than intended.
2.4
CVE-2025-59838 - Monkeytype Vulnerable to Self-XSS on loading saved custom text
Monkeytype is a minimalistic and customizable typing test. In versions 25.36.0 and prior, improper handling of user input when loading a saved custom text results in XSS. This issue has been fixed in version 25.44.0.
8.7
CVE-2025-40836 - Ericsson Indoor Connect 8855 - Improper Input Validation Vulnerability
Ericsson Indoor Connect 8855 contains an improper input validation vulnerability which if exploited can allow an attacker to execute commands with escalated privileges.
9.5
CVE-2020-36851 - Rob--W / cors-anywhere Misconfigured CORS Proxy Allows SSRF
Rob -- W / cors-anywhere instances configured as an open proxy allow unauthenticated external users to induce the server to make HTTP requests to arbitrary targets (SSRF). Because the proxy forwards requests and headers, an attacker can reach internal-only endpoints and link-local metadata servicesβ¦
9.9
CVE-2025-59832 - Horrila Stored XSS Vulnerability via Ticket Comment section
Horilla is a free and open source Human Resource Management System (HRMS). Prior to version 1.4.0, there is a stored XSS vulnerability in the ticket comment editor. A low-privilege authenticated user could run arbitrary JavaScript in an adminβs browser, exfiltrate the adminβs cookies/CSRF token, anβ¦