5.3
CVE-2024-47106 - IBM Jazz for Service Management information disclosure
IBM Jazz for Service Management 1.1.3 through 1.1.3.22 could allow a remote attacker to obtain sensitive information from improper access restrictions that could aid in further attacks against the system.
8.1
CVE-2024-47113 - IBM ICP - Voice Gateway XML injection
IBM ICP - Voice GatewayΒ 1.0.2, 1.0.2.4, 1.0.3, 1.0.4, 1.0.5, 1.0.6. 1.0.7, 1.0.7.1, and 1.0.8 could allow remote attacker to send specially crafted XML statements, which would allow them to attacker to view or modify information in the XML document.
5.3
CVE-2024-49354 - IBM Concert information disclosure
IBM Concert 1.0.0, 1.0.1, and 1.0.2 is vulnerable to sensitive information disclosure through specially crafted API Calls.
6.5
CVE-2024-49824 - IBM Robotic Process Automation security bypass
IBM Robotic Process Automation 21.0.0 through 21.0.7.18 and 23.0.0 through 23.0.18 and IBM Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.18 and 23.0.0 through 23.0.18 could allow an authenticated user to perform unauthorized actions as a privileged user due to improper validatioβ¦
6.7
CVE-2024-51448 - IBM Robotic Process Automation privilege escalation
IBM Robotic Process Automation 21.0.0 through 21.0.7.17 and 23.0.0 through 23.0.18 could allow a local user to escalate their privileges. All files in the install inherit the file permissions of the parent directory and therefore a non-privileged user can substitute any executable for the nssm.exe β¦
5.1
CVE-2025-0560 - CampCodes School Management Software Photo Gallery Page photo-gallery cross site scripting
A vulnerability, which was classified as problematic, was found in CampCodes School Management Software 1.0. Affected is an unknown function of the file /photo-gallery of the component Photo Gallery Page. The manipulation of the argument Description leads to cross site scripting. It is possible to β¦
4.4
CVE-2024-49338 - IBM App Connect Enterprise information disclosure
IBM App Connect Enterprise 12.0.1.0 through 12.0.7.0and 13.0.1.0 under certain configurations could allow a privileged user to obtain JMS credentials.
5.1
CVE-2025-0559 - Campcodes School Management Software Create Id Card Page create-id-card cross site scripting
A vulnerability, which was classified as problematic, has been found in Campcodes School Management Software 1.0. This issue affects some unknown processing of the file /create-id-card of the component Create Id Card Page. The manipulation of the argument ID Card Title leads to cross site scriptingβ¦
5.3
CVE-2025-0558 - TDuckCloud tduck-platform QueryProThemeRequest.java QueryProThemeRequest sql injection
A vulnerability classified as critical was found in TDuckCloud tduck-platform up to 4.0. This vulnerability affects the function QueryProThemeRequest of the file src/main/java/com/tduck/cloud/form/request/QueryProThemeRequest.java. The manipulation of the argument color leads to sql injection. The β¦
6.9
CVE-2025-0557 - Hyland Alfresco Community Edition URL s cross site scripting
A vulnerability classified as problematic has been found in Hyland Alfresco Community Edition and Alfresco Enterprise Edition up to 6.2.2. This affects an unknown part of the file /share/s/ of the component URL Handler. The manipulation leads to cross site scripting. It is possible to initiate the β¦