5.9
CVE-2024-22314 - IBM Storage Defender - Resiliency Service information disclosure
IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.12 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
8.8
CVE-2025-20236 - Cisco Webex App Client-Side Remote Code Execution Vulnerability
A vulnerability in the custom URL parser of Cisco Webex App could allow an unauthenticated, remote attacker to persuade a user to download arbitrary files, which could allow the attacker to execute arbitrary commands on the host of the targeted user. This vulnerability is due to insufficient inpβ¦
4.3
CVE-2025-2564 - Unauthorized View Access to Archived Channel Member Info
Mattermost versions 10.5.x <= 10.5.1, 10.4.x <= 10.4.3, 9.11.x <= 9.11.9 fail to properly enforce the 'Allow users to view/update archived channels' System Console setting, which allows authenticated users to view members and member information of archived channels even when this setting is disableβ¦
5.3
CVE-2025-20150 - Cisco Nexus Dashboard Username Enumeration Vulnerability
A vulnerability in Cisco Nexus Dashboard could allow an unauthenticated, remote attacker to enumerate LDAP user accounts. This vulnerability is due to the improper handling of LDAP authentication requests. An attacker could exploit this vulnerability by sending authentication requests to an affeβ¦
6
CVE-2025-20178 - Cisco Secure Network Analytics Privilege Escalation Vulnerability
A vulnerability in the web-based management interface of Cisco Secure Network Analytics could allow an authenticated, remote attacker with valid administrative credentials to execute arbitrary commands as root on the underlying operating system. This vulnerability is due to insufficient integrβ¦
6.5
CVE-2024-56736 - Apache HertzBeat: Server-Side Request Forgery (SSRF) in Api Config Oss
Server-Side Request Forgery (SSRF) vulnerability in Apache HertzBeat. This issue affects Apache HertzBeat (incubating): before 1.7.0. Users are recommended to upgrade to version 1.7.0, which fixes the issue.
5.3
CVE-2025-3697 - SourceCodester Web-based Pharmacy Product Management System edit-product.php sql injection
A vulnerability, which was classified as critical, has been found in SourceCodester Web-based Pharmacy Product Management System 1.0. This issue affects some unknown processing of the file /edit-product.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remβ¦
5.3
CVE-2025-3696 - SourceCodester Web-based Pharmacy Product Management System search_stock. php sql injection
A vulnerability classified as critical was found in SourceCodester Web-based Pharmacy Product Management System 1.0. This vulnerability affects unknown code of the file /search/search_stock. php. The manipulation of the argument Name leads to sql injection. The attack can be initiated remotely. Theβ¦
6.9
CVE-2025-3694 - SourceCodester Web-based Pharmacy Product Management System Login sql injection
A vulnerability classified as critical has been found in SourceCodester Web-based Pharmacy Product Management System 1.0. This affects an unknown part of the component Login Handler. The manipulation of the argument login_email leads to sql injection. It is possible to initiate the attack remotely.β¦
8.7
CVE-2025-3693 - Tenda W12 httpd cgiWifiRadioSet stack-based overflow
A vulnerability was found in Tenda W12 3.0.0.5. It has been rated as critical. Affected by this issue is the function cgiWifiRadioSet of the file /bin/httpd. The manipulation leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and β¦