9.8
CVE-2026-25526 - JinJava Bypass through ForTag leads to Arbitrary Java Execution
JinJava is a Java-based template engine based on django template syntax, adapted to render jinja templates. Prior to versions 2.7.6 and 2.8.3, JinJava is vulnerable to arbitrary Java execution via bypass through ForTag. This allows arbitrary Java class instantiation and file access bypassing built-β¦
5.3
CVE-2026-25523 - Magento's X-Original-Url header can expose admin url
Magento-lts is a long-term support alternative to Magento Community Edition (CE). Prior to version 20.16.1, the admin url can be discovered without prior knowledge of it's location by exploiting the X-Original-Url header on some configurations. This issue has been patched in version 20.16.1.
6.5
CVE-2024-51451 - Multiple Vulnerabilities in IBM Concert Software
IBM Concert 1.0.0 through 2.1.0 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking.
9.4
CVE-2026-25521 - Locutus is vulnerable to Prototype Pollution
Locutus brings stdlibs of other programming languages to JavaScript for educational purposes. In versions from 2.0.12 to before 2.0.39, a prototype pollution vulnerability exists in locutus. Despite a previous fix that attempted to mitigate prototype pollution by checking whether user input containβ¦
6.3
CVE-2024-43181 - Multiple Vulnerabilities in IBM Concert Software
IBM Concert 1.0.0 through 2.1.0 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system.
5.9
CVE-2026-25518 - cert-manager-controller DoS via Specially Crafted DNS Response
cert-manager adds certificates and certificate issuers as resource types in Kubernetes clusters, and simplifies the process of obtaining, renewing and using those certificates. In versions from 1.18.0 to before 1.18.5 and from 1.19.0 to before 1.19.3, the cert-manager-controller performs DNS lookupβ¦
4.3
CVE-2024-40685 - IBM Operations Analytics - Log Analysis is affected by CSRF Token Replay Attack
IBM Operations Analytics β Log Analysis versions 1.3.5.0 through 1.3.8.3 and IBM SmartCloud Analytics β Log Analysis are vulnerable to a cross-site request forgery (CSRF) vulnerability that could allow an attacker to trick a trusted user into performing unauthorized actions.
3.5
CVE-2025-2134 - IBM Jazz Reporting Service Denial of Service
IBM Jazz Reporting Service could allow an authenticated user on the network to affect the system's performance using complicated queries due to insufficient resource pooling.
3.5
CVE-2025-27550 - IBM Jazz Reporting Service Information Disclosure
IBM Jazz Reporting Service could allow an authenticated user on the host network to obtain sensitive information about other projects that reside on the server.
3.5
CVE-2025-1823 - IBM Jazz Reporting Service Denial of Service
IBM Jazz Reporting Service could allow an authenticated user on the host network to cause a denial of service using specially crafted SQL query that consumes excess memory resources.