5.8
CVE-2025-20153 - Cisco ESA mail Bypass
A vulnerability in the email filtering mechanism of Cisco Secure Email Gateway could allow an unauthenticated, remote attacker to bypass the configured rules and allow emails that should have been denied to flow through an affected device. This vulnerability is due to improper handling ofβ¦
4.4
CVE-2025-20158 - Cisco Video Phone 8875 and Desk Phone 9800 Series Information Disclosure Vulnerability
A vulnerability in the debug shell of Cisco Video Phone 8875 and Cisco Desk Phone 9800 Series could allow an authenticated, local attacker to access sensitive information on an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials with SSH access onβ¦
8.8
CVE-2024-28777 - IBM Cognos Controller code execution
IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0 is vulnerable to unrestricted deserialization. This vulnerability allows users to execute arbitrary code, escalate privileges, or cause denial of service attacks by exploiting the unrestricted deserialization of types in β¦
5.4
CVE-2024-28776 - IBM Cognos Controller cross-site scripting
IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trustedβ¦
5.9
CVE-2024-28780 - IBM Cognos Controller information disclosure
IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0 Rich ClientΒ uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
6.5
CVE-2024-45081 - IBM Cognos Controller incorrect authorization
IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0 could allow an authenticated user to modify restricted content due to incorrect authorization checks.
2.1
CVE-2025-1465 - lmxcms Maintenance db.inc.php code injection
A vulnerability, which was classified as problematic, was found in lmxcms 1.41. Affected is an unknown function of the file db.inc.php of the component Maintenance. The manipulation leads to code injection. It is possible to launch the attack remotely. The complexity of an attack is rather high. Thβ¦
8
CVE-2024-45084 - IBM Cognos Controller CSV injection
IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0 could allow an authenticated attacker to conduct formula injection. An attacker could execute arbitrary commands on the system, caused by improper validation of file contents.
8.8
CVE-2024-52902 - IBM Cognos Controller information disclosure
IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0 client application contains hard coded database passwords in source code which could be used for unauthorized access to the system.
6.9
CVE-2025-1464 - Baiyi Cloud Asset Management System admin.house.collect.php sql injection
A vulnerability, which was classified as critical, has been found in Baiyi Cloud Asset Management System up to 20250204. This issue affects some unknown processing of the file /wuser/admin.house.collect.php. The manipulation of the argument project_id leads to sql injection. The attack may be initiβ¦