Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2025-03-02 CVE-2024-55907 IBM Cognos Analytics Mobile 1.1 for iOS application could allow an attacker to reverse engineer the codebase to gain knowledge about the programming technique, interface, class definitions, algorithms and functions used due to weak obfuscation.
high complexity
CWE-540
2.0
2.0
2025-03-02 CVE-2025-0895 IBM Cognos Analytics Mobile 1.1 for Android could allow a user with physical access to the device, to obtain sensitive information from debugging code log messages.
low complexity
CWE-215
2.4
2.4
2025-03-02 CVE-2022-49733 Unspecified vulnerability in Linux Kernel
In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: oss: Fix race at SNDCTL_DSP_SYNC There is a small race window at snd_pcm_oss_sync() that is called from OSS PCM SNDCTL_DSP_SYNC ioctl; namely the function calls snd_pcm_oss_make_ready() at first, then takes the params_lock mutex for the rest.
local
high complexity
linux
4.7
4.7
2025-03-02 CVE-2025-1814 Stack-based Buffer Overflow vulnerability in Tenda AC6 Firmware 15.03.05.16
A vulnerability, which was classified as critical, has been found in Tenda AC6 15.03.05.16.
network
low complexity
tenda CWE-121
critical
 9.8
9.8
2025-03-01 CVE-2025-1800 Command Injection vulnerability in Dlink Dar-7000 Firmware 3.2
A vulnerability has been found in D-Link DAR-7000 3.2 and classified as critical.
network
low complexity
dlink CWE-77
8.8
8.8
2025-03-01 CVE-2024-41778 IBM Controller 11.0.0 through 11.0.1 and 11.1.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts.
network
high complexity
CWE-521
5.3
5.3
2025-03-01 CVE-2025-1491 The WP Posts Carousel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘auto_play_timeout’ parameter in all versions up to, and including, 1.3.7 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.4
6.4
2025-03-01 CVE-2024-13833 The Album Gallery – WordPress Gallery plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.6.3 via deserialization of untrusted input from gallery meta.
network
low complexity
CWE-502
7.2
7.2
2025-03-01 CVE-2025-1404 The Secure Copy Content Protection and Content Locking plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ays_sccp_reports_user_search() function in all versions up to, and including, 4.4.7.
network
low complexity
CWE-862
5.3
5.3
2025-03-01 CVE-2024-13546 The GenerateBlocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.9.1 via the 'get_image_description' function.
network
low complexity
CWE-200
4.3
4.3