5.2
CVE-2025-36057 - IBM Cognos Analytics Mobile (iOS) authentication bypass
IBM Cognos Analytics Mobile (iOS) 1.1.0 through 1.1.22 is vulnerable to authentication bypass by using the Local Authentication Framework library which is not needed as biometric authentication is not used in the application.
5.9
CVE-2025-36062 - IBM Cognos Analytics Mobile (iOS) information disclosure
IBM Cognos Analytics Mobile (iOS) 1.1.0 through 1.1.22 could be vulnerable to information exposure due to the use of unencrypted network traffic.
6.5
CVE-2025-36106 - IBM Cognos Analytics Mobile (iOS) information disclosure
IBM Cognos Analytics Mobile (iOS) 1.1.0 through 1.1.22 could allow malicious actors to view and modify information coming to and from the application which could then be used to access confidential information on the device or network by using a the deprecated or misconfigured AFNetworking library β¦
5.9
CVE-2025-36107 - IBM Cognos Analytics Mobile (iOS) information disclosure
IBM Cognos Analytics Mobile (iOS) 1.1.0 through 1.1.22 could allow malicious actors to obtain sensitive information due to the cleartext transmission of data.
6.9
CVE-2025-7933 - Campcodes Sales and Inventory System Setting settings_update.php sql injection
A vulnerability classified as critical was found in Campcodes Sales and Inventory System 1.0. This vulnerability affects unknown code of the file /pages/settings_update.php of the component Setting Handler. The manipulation of the argument ID leads to sql injection. The attack can be initiated remoβ¦
6.5
CVE-2025-52575 - EspoCRM vulnerable to LDAP Injection through Improper Neutralization of Special Elements
EspoCRM is an Open Source CRM (Customer Relationship Management) software. EspoCRM versions 9.1.6 and earlier are vulnerable to blind LDAP Injection when LDAP authentication is enabled. A remote, unauthenticated attacker can manipulate LDAP queries by injecting crafted input containing wildcard chaβ¦
6
CVE-2025-7962 - com.sun.mail/jakarta.mail: Jakarta Mail SMTP Injection Vulnerability
In Jakarta Mail 2.0.2 it is possible to preform a SMTP Injection by utilizing theΒ \r and \n UTF-8 characters to separate different messages.
5.3
CVE-2025-7932 - D-Link DIRβ817L ssdpcgi lxmldbc_system command injection
A vulnerability classified as critical has been found in D-Link DIRβ817L up to 1.04B01. This affects the function lxmldbc_system of the file ssdpcgi. The manipulation leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be β¦
7.5
CVE-2025-7717 - File Download - Moderately critical - Access bypass - SA-CONTRIB-2025-089
Missing Authorization vulnerability in Drupal File Download allows Forceful Browsing.This issue affects File Download: from 0.0.0 before 1.9.0, from 2.0.0 before 2.0.1.
6.1
CVE-2025-7716 - Real-time SEO for Drupal - Moderately critical - Cross-site Scripting - SA-CONTRIB-2025-091
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Real-time SEO for Drupal allows Cross-Site Scripting (XSS).This issue affects Real-time SEO for Drupal: from 2.0.0 before 2.2.0.