Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2025-03-02 CVE-2025-1829 OS Command Injection vulnerability in Totolink X18 Firmware 9.1.0Cu.2024B20220329
A vulnerability was found in TOTOLINK X18 9.1.0cu.2024_B20220329.
network
low complexity
totolink CWE-78
8.8
8.8
2025-03-02 CVE-2025-1819 A vulnerability, which was classified as critical, was found in Tenda AC7 1200M 15.03.06.44.
network
low complexity
CWE-77
6.3
6.3
2025-03-02 CVE-2024-55907 IBM Cognos Analytics Mobile 1.1 for iOS application could allow an attacker to reverse engineer the codebase to gain knowledge about the programming technique, interface, class definitions, algorithms and functions used due to weak obfuscation.
high complexity
CWE-540
2.0
2.0
2025-03-02 CVE-2025-0895 IBM Cognos Analytics Mobile 1.1 for Android could allow a user with physical access to the device, to obtain sensitive information from debugging code log messages.
low complexity
CWE-215
2.4
2.4
2025-03-02 CVE-2022-49733 Unspecified vulnerability in Linux Kernel
In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: oss: Fix race at SNDCTL_DSP_SYNC There is a small race window at snd_pcm_oss_sync() that is called from OSS PCM SNDCTL_DSP_SYNC ioctl; namely the function calls snd_pcm_oss_make_ready() at first, then takes the params_lock mutex for the rest.
local
high complexity
linux
4.7
4.7
2025-03-02 CVE-2025-1814 Stack-based Buffer Overflow vulnerability in Tenda AC6 Firmware 15.03.05.16
A vulnerability, which was classified as critical, has been found in Tenda AC6 15.03.05.16.
network
low complexity
tenda CWE-121
critical
 9.8
9.8
2025-03-01 CVE-2024-41778 IBM Controller 11.0.0 through 11.0.1 and 11.1.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts.
network
high complexity
CWE-521
5.3
5.3
2025-03-01 CVE-2025-1491 The WP Posts Carousel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘auto_play_timeout’ parameter in all versions up to, and including, 1.3.7 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.4
6.4
2025-03-01 CVE-2024-13833 The Album Gallery – WordPress Gallery plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.6.3 via deserialization of untrusted input from gallery meta.
network
low complexity
CWE-502
7.2
7.2
2025-03-01 CVE-2025-1404 The Secure Copy Content Protection and Content Locking plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ays_sccp_reports_user_search() function in all versions up to, and including, 4.4.7.
network
low complexity
CWE-862
5.3
5.3