5.4
CVE-2025-27089 - Overlapping policies allow update to non-allowed fields in directus
Directus is a real-time API and App dashboard for managing SQL database content. In affected versions if there are two overlapping policies for the `update` action that allow access to different fields, instead of correctly checking access permissions against the item they apply for the user is allβ¦
8.2
CVE-2023-47160 - IBM Cognos Controller XML external entity injection
IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.
6.1
CVE-2025-20211 - Cisco BroadWorks Application Delivery Platform Software Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco BroadWorks Application Delivery Platform could allow an unauthenticated, remote attacker to conduct a cross-site scripting attack against a user of the interface. This vulnerability exists because the web-based management interface dβ¦
5.8
CVE-2025-20153 - Cisco ESA mail Bypass
A vulnerability in the email filtering mechanism of Cisco Secure Email Gateway could allow an unauthenticated, remote attacker to bypass the configured rules and allow emails that should have been denied to flow through an affected device. This vulnerability is due to improper handling ofβ¦
4.4
CVE-2025-20158 - Cisco Video Phone 8875 and Desk Phone 9800 Series Information Disclosure Vulnerability
A vulnerability in the debug shell of Cisco Video Phone 8875 and Cisco Desk Phone 9800 Series could allow an authenticated, local attacker to access sensitive information on an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials with SSH access onβ¦
8.8
CVE-2024-28777 - IBM Cognos Controller code execution
IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0 is vulnerable to unrestricted deserialization. This vulnerability allows users to execute arbitrary code, escalate privileges, or cause denial of service attacks by exploiting the unrestricted deserialization of types in β¦
5.4
CVE-2024-28776 - IBM Cognos Controller cross-site scripting
IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trustedβ¦
5.9
CVE-2024-28780 - IBM Cognos Controller information disclosure
IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0 Rich ClientΒ uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
6.5
CVE-2024-45081 - IBM Cognos Controller incorrect authorization
IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0 could allow an authenticated user to modify restricted content due to incorrect authorization checks.
2.1
CVE-2025-1465 - lmxcms Maintenance db.inc.php code injection
A vulnerability, which was classified as problematic, was found in lmxcms 1.41. Affected is an unknown function of the file db.inc.php of the component Maintenance. The manipulation leads to code injection. It is possible to launch the attack remotely. The complexity of an attack is rather high. Thβ¦