0.0
CVE-2025-31111 -
Not used
0.0
CVE-2025-31105 -
Not used
0.0
CVE-2025-31106 -
Not used
0.0
CVE-2025-31107 -
Not used
0.0
CVE-2025-31108 -
Not used
0.0
CVE-2025-31109 -
Not used
7.7
CVE-2025-27404 - Icinga Web 2 DOM-based XSS vulnerability
Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. A vulnerability in versions prior to 2.11.5 and 2.12.13 allows an attacker to craft a URL that, once visited by any user, allows to embed arbitrary Javascript into Icinga Web and to act on behalf of that β¦
4.3
CVE-2025-24972 - Discourse may bypass user preference when adding users to chat groups
Discourse is an open-source discussion platform. Prior to versions `3.3.4` on the `stable` branch and `3.4.0.beta5` on the `beta` branch, in specific circumstances, users could be added to group direct messages despite disabling direct messaging in their preferences. Versions `3.3.4` and `3.4.0.betβ¦
4.3
CVE-2025-24808 - Discourse has race condition when adding users to a group DM
Discourse is an open-source discussion platform. Prior to versions `3.3.4` on the `stable` branch and `3.4.0.beta5` on the `beta` branch, someone who is about to reach the limit of users in a group DM may send requests to add new users in parallel. The requests might all go through ignoring the limβ¦
4.7
CVE-2022-39163 - IBM Cognos Controller HTTP response smuggling
IBM Cognos Controller 11.0.0 through 11.1.0 is vulnerable to a Client-Side Desync (CSD) attack where an attacker could exploit a desynchronized browser connection that could lead to further cross-site scripting (XSS) attacks.