3.5
CVE-2025-55007 - Knowage vulnerable to server-side request forgery
Knowage is an open source analytics and business intelligence suite. Prior to version 8.1.37, Knowage is vulnerable to server-side request forgery. The vulnerability allows attackers to send requests to arbitrary hosts/paths. Since the attacker is not able to read the response, the impact of this vโฆ
6.9
CVE-2025-9786 - Campcodes Online Learning Management System teacher_signup.php sql injection
A vulnerability was found in Campcodes Online Learning Management System 1.0. Affected is an unknown function of the file /teacher_signup.php. Performing manipulation of the argument firstname results in sql injection. The attack can be initiated remotely. The exploit has been made public and couldโฆ
8.7
CVE-2025-9783 - TOTOLINK A702R formParentControl sub_418030 buffer overflow
A vulnerability was determined in TOTOLINK A702R 4.0.0-B20211108.1423. This issue affects the function sub_418030 of the file /boafrm/formParentControl. Executing manipulation of the argument submit-url can lead to buffer overflow. The attack may be launched remotely. The exploit has been publicly โฆ
6.1
CVE-2025-0656 - IBM Concert Software cross-site scripting
IBM Concert Software 1.0.0 through 1.1.0 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
5.4
CVE-2025-33082 - IBM Concert Software cross-site scripting
IBM Concert Software 1.0.0 through 1.1.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
5.4
CVE-2025-33083 - IBM Concert Software cross-site scripting
IBM Concert Software 1.0.0 through 1.1.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
5.9
CVE-2025-33084 - IBM Concert Software information disclosure
IBM Concert Software 1.0.0 through 1.1.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques.
5.9
CVE-2025-33099 - IBM Concert Software information disclosure
IBM Concert Software 1.0.0 through 1.1.0 could allow a remote attacker to perform unauthorized actions using man in the middle techniques due to improper certificate validation.
5.9
CVE-2025-33102 - IBM Concert Software information disclosure
IBM Concert Software 1.0.0 through 1.1.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
8.7
CVE-2025-9782 - TOTOLINK A702R formOneKeyAccessButton sub_4466F8 buffer overflow
A vulnerability was found in TOTOLINK A702R 4.0.0-B20211108.1423. This vulnerability affects the function sub_4466F8 of the file /boafrm/formOneKeyAccessButton. Performing manipulation of the argument submit-url results in buffer overflow. The attack may be initiated remotely. The exploit has been โฆ