5.9
CVE-2025-33020 - IBM Engineering Systems Design Rhapsody information disclosure
IBM Engineering Systems Design Rhapsody 9.0.2, 10.0, and 10.0.1 transmits sensitive information without encryption that could allow an attacker to obtain highly sensitive information.
7.3
CVE-2025-40596 -
A Stack-based buffer overflow vulnerability in the SMA100 series web interface allows remote, unauthenticated attacker to cause Denial of Service (DoS) or potentially results in code execution.
6.3
CVE-2025-36117 - IBM Db2 Mirror for i session fixation
IBM Db2 Mirror for i 7.4, 7.5, and 7.6 does not disallow the session id after use which could allow an authenticated user to impersonate another user on the system.
6.3
CVE-2025-36116 - IBM Db2 Mirror for i cross-site websocket hijacking
IBM Db2 Mirror for i 7.4, 7.5, and 7.6 GUI is affected by cross-site WebSocket hijacking vulnerability. By sending a specially crafted request, an unauthenticated malicious actor could exploit this vulnerability to sniff an existing WebSocket connection to then remotely perform operations that theβ¦
0.0
CVE-2025-8086 -
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
8.7
CVE-2010-10012 - httpdASM 0.92 Path Traversal
A path traversal vulnerability exists in httpdasm version 0.92, a lightweight Windows HTTP server, that allows unauthenticated attackers to read arbitrary files on the host system. By sending a specially crafted GET request containing a sequence of URL-encoded backslashesΒ and directory traversal paβ¦
9.3
CVE-2015-10141 - Xdebug Remote Debugger Unauthenticated OS Command Execution
An unauthenticated OS command injection vulnerability exists within Xdebug versions 2.5.5 and earlier, a PHP debugging extension developed by Derick Rethans. When remote debugging is enabled, Xdebug listens on port 9000 and accepts debugger protocol commands without authentication. An attacker can β¦
8.5
CVE-2016-15045 - Deepin lastore-daemon Privilege Escalation via Unsigned .deb Installation
A local privilege escalation vulnerability exists in lastore-daemon, the system package manager daemon used in Deepin Linux (developed by Wuhan Deepin Technology Co., Ltd.). In versions 0.9.53-1 (Deepin 15.5) and 0.9.66-1 (Deepin 15.7), the D-Bus configuration permits any user in the sudo group to β¦
9.3
CVE-2017-20198 - DC/OS Marathon UI < 1.9.0 Unauthenticated RCE via Docker Mount Abuse
The Marathon UI in DC/OS < 1.9.0 allows unauthenticated users to deploy arbitrary Docker containers. Due to improper restriction of volume mount configurations, attackers can deploy a container that mounts the host's root filesystem (/) with read/write privileges. When using a malicious Docker imagβ¦
8.7
CVE-2018-25113 - Dicoogle PACS Web Server 2.5.0 Unauthenticated Path Traversal
An unauthenticated path traversal vulnerability exists in Dicoogle PACS Web Server version 2.5.0 and possibly earlier. The vulnerability allows remote attackers to read arbitrary files on the underlying system by sending a crafted request to the /exportFile endpoint using the UID parameter. Successβ¦