4.3
CVE-2023-47159 - IBM Sterling File Gateway information disclosure
IBM Sterling File Gateway 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.1 could allow an authenticated user to enumerate usernames due to an observable discrepancy in request responses.
4.3
CVE-2024-22316 - IBM Sterling File Gateway improper access control
IBM Sterling File Gateway 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.1 could allow an authenticated user to perform unauthorized actions to another user's data due to improper access controls.
5.4
CVE-2024-37527 - IBM OpenPages with Watson cross-site scripting
IBM OpenPages with Watson 8.3 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
6
CVE-2024-45598 - Cacti has a Local File Inclusion (LFI) Vulnerability via Poller Standard Error Log Path
Cacti is an open source performance and fault management framework. Prior to 1.2.29, an administrator can change the `Poller Standard Error Log Path` parameter in either Installation Step 5 or in Configuration->Settings->Paths tab to a local file inside the server. Then simply going to Logs tab andβ¦
5.9
CVE-2024-38320 - IBM Storage Protect for Virtual Environments: Data Protection for VMware information disclosure
IBM Storage Protect for Virtual Environments: Data Protection for VMwareΒ and Storage Protect Backup-Archive Client 8.1.0.0 through 8.1.23.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
5.9
CVE-2024-38325 - IBM Storage Defender information disclosure
IBM Storage Defender 2.0.0 through 2.0.7 on-prem defender-sensor-cmd CLI could allow a remote attacker to obtain sensitive information, caused by sending network requests over an insecure channel. An attacker could exploit this vulnerability to obtain sensitive information using man in the middleβ¦
7.5
CVE-2025-24783 - Apache Cocoon: continuations may not be private
** UNSUPPORTED WHEN ASSIGNED ** Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG) vulnerability in Apache Cocoon. This issue affects Apache Cocoon: all versions. When a continuation is created, it gets a random identifier. Because the random number generator used to generate theseβ¦
6.5
CVE-2025-24782 - WordPress Post Grid, Slider & Carousel Ultimate β with Shortcode, Gutenberg Block & Elementor Widgeβ¦
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in wpWax Post Grid, Slider & Carousel Ultimate post-grid-carousel-ultimate allows PHP Local File Inclusion.This issue affects Post Grid, Slider & Carousel Ultimate: from n/a throughβ¦
7.1
CVE-2025-23982 - WordPress Fare Calculator plugin <= 1.1 - CSRF to Stored Cross-Site Scripting vulnerability
Missing Authorization vulnerability in Gopi krishnan Fare Calculator fare-calculator allows Stored XSS.This issue affects Fare Calculator: from n/a through <= 1.1.
5.3
CVE-2025-24747 - WordPress Houzez theme <= 3.4.0 - Broken Access Control vulnerability
Missing Authorization vulnerability in favethemes Houzez houzez.This issue affects Houzez: from n/a through <= 3.4.0.