CVE-2023-35017 - IBM Security Verify Governance 10.0.2 Identity Manager can transmit user credentials in clear text that could be obtained by an attacker using man in the middle techniques.
Published: January 28, 2025; 7:15:07 PM -0500

CVE-2023-33838 - IBM Security Verify Governance 10.0.2 Identity Manager uses a one-way cryptographic hash against an input that should not be reversible, such as a password, but the product does not also use a salt as part of the input.
Published: January 28, 2025; 9:15:26 PM -0500

V3.1: 4.9 MEDIUM

CVE-2023-37412 - IBM Aspera Faspex 5.0.0 through 5.0.10 could allow a privileged user to make system changes without proper access controls.
Published: January 29, 2025; 12:15:26 PM -0500

V3.1: 4.9 MEDIUM

CVE-2023-37413 - IBM Aspera Faspex 5.0.0 through 5.0.10 could disclose sensitive username information due to an observable response discrepancy.
Published: January 29, 2025; 12:15:26 PM -0500

V3.1: 5.3 MEDIUM

CVE-2023-50309 - IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially lea... read CVE-2023-50309
Published: January 22, 2025; 10:15:08 PM -0500

V3.1: 5.4 MEDIUM

CVE-2023-32340 - IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to... read CVE-2023-32340
Published: January 22, 2025; 10:15:08 PM -0500

V3.1: 5.4 MEDIUM

CVE-2025-1283 - The Dingtian DT-R0 Series is vulnerable to an exploit that allows attackers to bypass login requirements by directly navigating to the main page.
Published: February 13, 2025; 5:15:11 PM -0500

CVE-2025-22896 - mySCADA myPRO Manager stores credentials in cleartext, which could allow an attacker to obtain sensitive information.
Published: February 13, 2025; 5:15:11 PM -0500

V3.1: 7.5 HIGH

CVE-2025-23411 - mySCADA myPRO Manager is vulnerable to cross-site request forgery (CSRF), which could allow an attacker to obtain sensitive information. An attacker would need to trick the victim in to visiting an attacker-controlled website.
Published: February 13, 2025; 5:15:11 PM -0500

V3.1: 6.5 MEDIUM

CVE-2025-24865 - The administrative web interface of mySCADA myPRO Manager can be accessed without authentication which could allow an unauthorized attacker to retrieve sensitive information and upload files without the associated password.
Published: February 13, 2025; 5:15:12 PM -0500

V3.1: 9.8 CRITICAL

CVE-2025-25067 - mySCADA myPRO Manager is vulnerable to an OS command injection which could allow a remote attacker to execute arbitrary OS commands.
Published: February 13, 2025; 5:15:12 PM -0500

CVE-2024-13682 - The Wallet System for WooCommerce – Wallet, Wallet Cashback, Refunds, Partial Payment, Wallet Restriction plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.2. This is due to missing or incor... read CVE-2024-13682
Published: March 04, 2025; 4:15:09 AM -0500

V3.1: 4.3 MEDIUM

CVE-2024-13724 - The Wallet System for WooCommerce – Wallet, Wallet Cashback, Refunds, Partial Payment, Wallet Restriction plugin for WordPress is vulnerable to unauthorized access to functionality in all versions up to, and including, 2.6.2. This makes it possibl... read CVE-2024-13724
Published: March 04, 2025; 4:15:10 AM -0500

V3.1: 4.3 MEDIUM

CVE-2024-9618 - The Master Addons – Elementor Addons with White Label, Free Widgets, Hover Effects, Conditions, & Animations plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 2.0.7.2 due t... read CVE-2024-9618
Published: March 04, 2025; 4:15:10 AM -0500

V3.1: 5.4 MEDIUM

CVE-2024-45426 - Incorrect ownership assignment in some Zoom Workplace Apps may allow a privileged user to conduct an information disclosure via network access.
Published: February 25, 2025; 3:15:35 PM -0500

V3.1: 6.5 MEDIUM

CVE-2025-27146 - matrix-appservice-irc is a Node.js IRC bridge for Matrix. The matrix-appservice-irc bridge up to version 3.0.3 contains a vulnerability which can lead to arbitrary IRC command execution as the puppeted user. The attacker can only inject commands e... read CVE-2025-27146
Published: February 25, 2025; 3:15:38 PM -0500

V3.1: 4.3 MEDIUM

CVE-2025-20626 - in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through use after free. This vulnerability can be exploited only in restricted scenarios.
Published: March 03, 2025; 11:15:13 PM -0500

V3.1: 7.8 HIGH

CVE-2025-0433 - The Master Addons – Elementor Addons with White Label, Free Widgets, Hover Effects, Conditions, & Animations plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 2.0.7.1 due... read CVE-2025-0433
Published: March 04, 2025; 4:15:10 AM -0500

V3.1: 5.4 MEDIUM

CVE-2022-42966 - An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the cleo PyPI package, when an attacker is able to supply arbitrary input to the Table.set_rows method
Published: November 09, 2022; 3:15:10 PM -0500

V3.1: 7.5 HIGH

CVE-2024-56285 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPBits WPBITS Addons For Elementor Page Builder allows Stored XSS.This issue affects WPBITS Addons For Elementor Page Builder: from n/a through 1... read CVE-2024-56285
Published: January 07, 2025; 6:15:10 AM -0500

V3.1: 5.4 MEDIUM