Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2025-02-19 CVE-2024-45084 IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0 could allow an authenticated attacker to conduct formula injection.
network
low complexity
CWE-502
8.0
8.0
2025-02-19 CVE-2025-1465 A vulnerability, which was classified as problematic, was found in lmxcms 1.41.
network
high complexity
CWE-74
4.1
4.1
2025-02-19 CVE-2025-20153 A vulnerability in the email filtering mechanism of Cisco Secure Email Gateway could allow an unauthenticated, remote attacker to bypass the configured rules and allow emails that should have been denied to flow through an affected device.
network
low complexity
CWE-284
5.8
5.8
2025-02-19 CVE-2025-20158 A vulnerability in the debug shell of Cisco Video Phone 8875 and Cisco Desk Phone 9800 Series could allow an authenticated, local attacker to access sensitive information on an affected device.
local
low complexity
CWE-200
4.4
4.4
2025-02-19 CVE-2025-20211 A vulnerability in the web-based management interface of Cisco BroadWorks Application Delivery Platform could allow an unauthenticated, remote attacker to conduct a cross-site scripting attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input.
network
low complexity
CWE-79
6.1
6.1
2025-02-19 CVE-2024-52902 IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0 client application contains hard coded database passwords in source code which could be used for unauthorized access to the system.
network
low complexity
CWE-798
8.8
8.8
2025-02-19 CVE-2025-1464 A vulnerability, which was classified as critical, has been found in Baiyi Cloud Asset Management System up to 20250204.
network
low complexity
CWE-74
7.3
7.3
2025-02-19 CVE-2024-13478 The LTL Freight Quotes – TForce Edition plugin for WordPress is vulnerable to SQL Injection via the 'dropship_edit_id' and 'edit_id' parameters in all versions up to, and including, 3.6.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.
network
low complexity
CWE-89
7.5
7.5
2025-02-19 CVE-2024-13479 The LTL Freight Quotes – SEFL Edition plugin for WordPress is vulnerable to SQL Injection via the 'dropship_edit_id' and 'edit_id' parameters in all versions up to, and including, 3.2.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.
network
low complexity
CWE-89
7.5
7.5
2025-02-19 CVE-2024-13481 The LTL Freight Quotes – R+L Carriers Edition plugin for WordPress is vulnerable to SQL Injection via the 'edit_id' and 'dropship_edit_id' parameters in all versions up to, and including, 3.3.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.
network
low complexity
CWE-89
7.5
7.5