4.3
CVE-2022-22363 - IBM Cognos Controller information disclosure
IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller 11.1.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.
3.7
CVE-2021-20455 - IBM Cognos Controller information disclosure
IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller 11.1.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.
8.2
CVE-2024-40702 - IBM Cognos Controller improper certificate validation
IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller 11.1.0 could allow an unauthorized user to obtain valid tokens to gain access to protected resources due to improper certificate validation.
5.3
CVE-2025-0298 - code-projects Online Book Shop process_login.php sql injection
A vulnerability was found in code-projects Online Book Shop 1.0. It has been rated as critical. This issue affects some unknown processing of the file /process_login.php. The manipulation of the argument usernm leads to sql injection. The attack may be initiated remotely. The exploit has been disclβ¦
6.5
CVE-2024-28778 - IBM Cognos Controller information disclosure
IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller 11.1.0 is vulnerable to exposure of Artifactory API keys. This vulnerability allows users to publish code to private packages or repositories under the name of the organization.
4.3
CVE-2024-25037 - IBM Cognos Controller information disclosure
IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller 11.1.0 could allow a remote attacker to obtain sensitive information when a stack trace is returned in the browser.
9.8
CVE-2025-21624 - ClipBucket V5 Playlist Cover File Upload to Remote Code Execution
ClipBucket V5 provides open source video hosting with PHP. Prior to 5.5.1 - 239, a file upload vulnerability exists in the Manage Playlist functionality of the application, specifically surrounding the uploading of playlist cover images. Without proper checks, an attacker can upload a PHP script fiβ¦
7.5
CVE-2025-21623 - ClipBucket V5 Unauthenticated Template Directory Update to Denial-of-Service
ClipBucket V5 provides open source video hosting with PHP. Prior to 5.5.1 - 238, ClipBucket V5 allows unauthenticated attackers to change the template directory via a directory traversal, which results in a denial of service.
7.5
CVE-2025-21622 - ClipBucket V5 Avatar URL Path Traversal to Arbitrary File Delete
ClipBucket V5 provides open source video hosting with PHP. During the user avatar upload workflow, a user can choose to upload and change their avatar at any time. During deletion, ClipBucket checks for the avatar_url as a filepath within the avatars subdirectory. If the URL path exists within the β¦
4.3
CVE-2024-52813 - matrix-sdk-crypto missing facility to signal rotation of a verified cryptographic identity
matrix-rust-sdk is an implementation of a Matrix client-server library in Rust. Versions of the matrix-sdk-crypto Rust crate before 0.8.0 lack a dedicated mechanism to notify that a user's cryptographic identity has changed from a verified to an unverified one, which could cause client applicationsβ¦