Export limit exceeded: 336617 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (336617 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-12708 | 1 Ibm | 1 Concert | 2026-03-25 | 6.2 Medium |
| IBM Concert 1.0.0 through 2.2.0 contains hard-coded credentials that could be obtained by a local user. | ||||
| CVE-2026-1561 | 1 Ibm | 1 Websphere Application Server | 2026-03-25 | 5.4 Medium |
| IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 IBM WebSphere Application Server Liberty is vulnerable to server-side request forgery (SSRF). This may allow remote attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. | ||||
| CVE-2026-33222 | 2026-03-25 | 4.9 Medium | ||
| NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, users with JetStream admin API access to restore one stream could restore to other stream names, impacting data which should have been protected against them. Versions 2.11.15 and 2.12.6 contain a fix. As a workaround, if developers have configured users to have limited JetStream restore permissions, temporarily remove those permissions. | ||||
| CVE-2025-14915 | 1 Ibm | 1 Websphere Application Server Liberty | 2026-03-25 | 6.5 Medium |
| IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 IBM WebSphere Application Server Liberty is affected by privilege escalation. A privileged user could gain additional access to the application server. | ||||
| CVE-2025-14917 | 1 Ibm | 1 Websphere Application Server Liberty | 2026-03-25 | 6.7 Medium |
| IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 IBM WebSphere Application Server Liberty could provide weaker than expected security when administering security settings. | ||||
| CVE-2026-33248 | 2026-03-25 | 4.2 Medium | ||
| NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, when using mTLS for client identity, with `verify_and_map` to derive a NATS identity from the client certificate's Subject DN, certain patterns of RDN would not be correctly enforced, allowing for authentication bypass. This does require a valid certificate from a CA already trusted for client certificates, and `DN` naming patterns which the NATS maintainers consider highly unlikely. So this is an unlikely attack. Nonetheless, administrators who have been very sophisticated in their `DN` construction patterns might conceivably be impacted. Versions 2.11.15 and 2.12.6 contain a fix. As a workaround, developers should review their CA issuing practices. | ||||
| CVE-2026-1262 | 1 Ibm | 1 Infosphere Information Server | 2026-03-25 | 4.3 Medium |
| IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is affected by an information disclosure vulnerability. | ||||
| CVE-2025-14974 | 1 Ibm | 1 Infosphere Information Server | 2026-03-25 | 5.7 Medium |
| IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable due to Insecure Direct Object Reference (IDOR). | ||||
| CVE-2026-2485 | 1 Ibm | 1 Infosphere Information Server | 2026-03-25 | 4.8 Medium |
| IBM Infosphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | ||||
| CVE-2025-36258 | 1 Ibm | 1 Infosphere Information Server | 2026-03-25 | 7.1 High |
| IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 product stores user credentials and other sensitive information in plain text which can be read by a local user. | ||||
| CVE-2025-36438 | 1 Ibm | 1 Concert | 2026-03-25 | 5.1 Medium |
| IBM Concert 1.0.0 through 2.2.0 could allow a privileged user to perform unauthorized actions due to improper restriction of channel communication to intended endpoints. | ||||
| CVE-2025-36440 | 1 Ibm | 1 Concert | 2026-03-25 | 5.1 Medium |
| IBM Concert 1.0.0 through 2.2.0 could allow a local user to obtain sensitive information due to missing function level access control. | ||||
| CVE-2025-64646 | 1 Ibm | 1 Concert | 2026-03-25 | 6.2 Medium |
| IBM Concert 1.0.0 through 2.2.0 could allow an attacker to access sensitive information in memory due to the buffer not properly clearing resources. | ||||
| CVE-2026-2484 | 1 Ibm | 1 Infosphere Information Server | 2026-03-25 | 4.3 Medium |
| IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is affected by an information exposure vulnerability caused by overly verbose error messages | ||||
| CVE-2025-64647 | 1 Ibm | 1 Concert | 2026-03-25 | 5.9 Medium |
| IBM Concert 1.0.0 through 2.2.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information | ||||
| CVE-2025-64648 | 1 Ibm | 1 Concert | 2026-03-25 | 5.9 Medium |
| IBM Concert 1.0.0 through 2.2.0 transmits data in clear text that could allow an attacker to obtain sensitive information using man in the middle techniques. | ||||
| CVE-2026-2483 | 1 Ibm | 1 Infosphere Information Server | 2026-03-25 | 5.4 Medium |
| IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session | ||||
| CVE-2026-1014 | 1 Ibm | 1 Infosphere Information Server | 2026-03-25 | 6.5 Medium |
| IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to exposure of sensitive information via JSON server response manipulation. | ||||
| CVE-2019-25630 | 1 Phreesoft | 1 Phreebookserp | 2026-03-25 | 8.8 High |
| PhreeBooks ERP 5.2.3 contains an arbitrary file upload vulnerability in the Image Manager component that allows authenticated attackers to upload malicious files by submitting requests to the image upload endpoint. Attackers can upload PHP files through the imgFile parameter to the bizuno/image/manager endpoint and execute them via the bizunoFS.php script for remote code execution. | ||||
| CVE-2019-25632 | 2 Dulldusk, Sourceforge | 2 Phpfilemanager, Phpfilemanager | 2026-03-25 | 6.2 Medium |
| phpFileManager 1.7.8 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the action, fm_current_dir, and filename parameters. Attackers can send GET requests to index.php with crafted parameter values to access sensitive files like /etc/passwd from the server. | ||||