9.1
CVE-2024-38337 - IBM Sterling Secure Proxy improper input validation
IBM Sterling Secure Proxy 6.0.0.0, 6.0.0.1, 6.0.0.2, 6.0.0.3, 6.1.0.0, and 6.2.0.0 could allow an unauthorized attacker to retrieve or alter sensitive information contents due to incorrect permission assignments.
2
CVE-2025-0567 - Epic Games Launcher Installer profapi.dll untrusted search path
A vulnerability classified as problematic was found in Epic Games Launcher up to 17.2.1. This vulnerability affects unknown code in the library profapi.dll of the component Installer. The manipulation leads to untrusted search path. Attacking locally is a requirement. The complexity of an attack isβ¦
8.7
CVE-2025-0566 - Tenda AC15 SetDevNetName formSetDevNetName stack-based overflow
A vulnerability classified as critical has been found in Tenda AC15 15.13.07.13. This affects the function formSetDevNetName of the file /goform/SetDevNetName. The manipulation of the argument mac leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has β¦
6.9
CVE-2025-0565 - ZZCMS index.php sql injection
A vulnerability was found in ZZCMS 2023. It has been rated as critical. Affected by this issue is some unknown functionality of the file /index.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may β¦
5.5
CVE-2024-8722 - WP All Import Pro <= 4.9.7 - Authenticated (Administrator+) Stored Cross-Site Scripting via SVG Filβ¦
The Import any XML or CSV File to WordPress PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 4.9.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Admβ¦
6.9
CVE-2025-0564 - code-projects Fantasy-Cricket authenticate.php sql injection
A vulnerability was found in code-projects Fantasy-Cricket 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /authenticate.php. The manipulation of the argument uname leads to sql injection. The attack can be launched remotely. The exploitβ¦
6.5
CVE-2024-45652 - IBM Maximo Asset Management directory traversal
IBM Maximo MXAPIASSET API 7.6.1.3 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system.
4.3
CVE-2024-45653 - IBM Sterling Connect:Direct Web Services information disclosure
IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 could disclose sensitive IP address information to authenticated users in responses that could be used in further attacks against the system.
4.3
CVE-2024-45654 - IBM Security ReaQta improper input validation
IBM Security ReaQta 3.12 could allow an authenticated user to perform unauthorized actions due to reliance on untrusted inputs.
5.3
CVE-2025-0563 - code-projects Fantasy-Cricket update.php sql injection
A vulnerability was found in code-projects Fantasy-Cricket 1.0. It has been classified as critical. Affected is an unknown function of the file /dash/update.php. The manipulation of the argument uname leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosβ¦