Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2025-02-19 CVE-2025-27092 Path Traversal vulnerability in CMU Ghosts
GHOSTS is an open source user simulation framework for cyber experimentation, simulation, training, and exercise.
network
low complexity
cmu CWE-22
7.5
7.5
2025-02-19 CVE-2025-27090 Server-Side Request Forgery (SSRF) vulnerability in Bishopfox Sliver
Sliver is an open source cross-platform adversary emulation/red team framework, it can be used by organizations of all sizes to perform security testing.
network
low complexity
bishopfox CWE-918
5.3
5.3
2025-02-19 CVE-2025-0677 A flaw was found in grub2.
local
high complexity
CWE-787
6.4
6.4
2025-02-19 CVE-2024-45777 A flaw was found in grub2.
local
low complexity
CWE-787
6.7
6.7
2025-02-19 CVE-2024-53974 Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
network
low complexity
CWE-79
5.4
5.4
2025-02-19 CVE-2025-1118 A flaw was found in grub2.
local
low complexity
CWE-501
4.4
4.4
2025-02-19 CVE-2023-47160 IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data.
network
low complexity
CWE-611
8.2
8.2
2025-02-19 CVE-2025-27089 Incorrect Authorization vulnerability in Monospace Directus
Directus is a real-time API and App dashboard for managing SQL database content.
network
low complexity
monospace CWE-863
4.3
4.3
2025-02-19 CVE-2024-28776 IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0 is vulnerable to cross-site scripting.
network
low complexity
CWE-79
5.4
5.4
2025-02-19 CVE-2024-28777 IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0 is vulnerable to unrestricted deserialization.
network
low complexity
CWE-502
8.8
8.8