IBM Sterling File Gateway
6.0.0.0 through 6.1.2.6, and 6.2.0.0 through 6.2.0.4
could disclose sensitive installation directory information to an authenticated user that could be used in further
Improper certificate validation in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows a remote unauthenticated attacker to intercept limited traffic between clients and
IBM AIX 7.2, and 7.3 and IBM VIOS 3.1, and 4.1 NIM server (formerly known as NIM master) service (nimesis) could allow a remote attacker to execute arbitrary commands due to improper process controls.
An authentication bypass vulnerability exists in ETQ Reliance on the CG (legacy) platform. The application allowed login as the privileged internal SYSTEM user by manipulating the username field. The
Improper input validation for some Intel(R) Wireless Bluetooth(R) products for Windows before version 23.40 may allow an unauthenticated user to potentially enable denial of service via adjacent acces
IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 could allow a remote attacker to cause an unhandled SSL exception which could leave the connection in an unexpected or insecure stat
A client-side enforcement of server-side security vulnerability [CWE-602] in Fortinet FortiSandbox version 5.0.0, 4.4.0 through 4.4.6 and before 4.2.7 allows an authenticated attacker with at least re
IBM Concert Software 1.0.0, 1.0.1, 1.0.2, and 1.0.2.1 could allow an authenticated user to perform unauthorized actions that should be reserved to administrator used due to improper access controls.
IBM Security Verify Access Appliance 10.0.0 through 10.0.3 could allow a locally authenticated user to increase their privileges due to execution with unnecessary privileges.
IBM Concert Software 1.0.0 through 1.0.5 could allow an authenticated user to cause a denial of service due to the expansion of archive files without controlling resource consumption.
An unauthenticated attacker with access to TCP port 12306 of the WorkExaminer server can exploit missing server-side authentication checks to bypass the login prompt in the WorkExaminer Professional c
An Incorrect Access Control vulnerability was found in /admin/delete_room.php in Kashipara Hotel Management System v1.0, which allows an unauthenticated attacker to delete valid hotel room entries in
Cleartext transmission of sensitive information for some BigDL software maintained by Intel(R) before version 2.5.0 may allow an authenticated user to potentially enable denial of service via adjacent
IBM Security Verify Access and IBM Security Verify Access Docker 10.0.0.0 through 10.0.9.0 and 11.0.0.0 through 11.0.1.0
could allow an unauthenticated user to execute arbitrary commands with lowe
IBM Security Verify Access Appliance and Container 10.0.0 through 10.0.8 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned. This informa
Shenzhen TVT Digital Technology Co., Ltd. NVMS-9000 firmware (used by many white-labeled DVR/NVR/IPC products) versions prior to 1.3.4 contain an authentication bypass in the NVMS-9000 control protoco
SAP Business Warehouse and SAP BW/4HANA BEx Tools allow an authenticated attacker to gain higher access levels than intended by exploiting improper authorization checks. This could potentially impact
IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow an authenticated user to cause a denial of service due to improper alloca
Improper Enforcement of Behavioral Controls in Devolutions Server 2025.3.15 and earlier allows an authenticated attacker with the delete permission to delete a PAM account that is currently checked ou
IBM Db2 for Linux 12.1.0, 12.1.1, and 12.1.2
could allow an unauthenticated user to cause a denial of service due to executable segments that are waiting for each other to release a necessary lock.