Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2025-04-09 CVE-2025-30659 An Improper Handling of Length Parameter Inconsistency vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). When a device configured for Secure Vector Routing (SVR) receives a specifically malformed packet the PFE will crash and restart. This issue affects Junos OS on SRX Series: * All 21.4 versions, * 22.2 versions before 22.2R3-S6, * 22.4 versions before 22.4R3-S6, * 23.2 versions before 23.2R2-S3, * 23.4 versions before 23.4R2-S4, * 24.2 versions before 24.2R2. This issue does not affect versions before 21.4.
network
low complexity
CWE-130
7.5
7.5
2025-04-09 CVE-2025-30660 An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS on MX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).When processing a high rate of specific GRE traffic destined to the device, the respective PFE will hang causing traffic forwarding to stop.
network
low complexity
CWE-754
7.5
7.5
2025-04-09 CVE-2025-3115 Unspecified vulnerability in Tibco products
Injection Vulnerabilities: Attackers can inject malicious code, potentially gaining control over the system executing these functions. Additionally, insufficient validation of filenames during file uploads can enable attackers to upload and execute malicious files, leading to arbitrary code execution
network
low complexity
tibco
critical
 9.8
9.8
2025-04-09 CVE-2025-32375 Deserialization of Untrusted Data vulnerability in Bentoml
BentoML is a Python library for building online serving systems optimized for AI apps and model inference.
network
low complexity
bentoml CWE-502
critical
 9.8
9.8
2025-04-09 CVE-2023-33844 IBM Security Verify Governance 10.0.2 is vulnerable to cross-site scripting.
network
low complexity
CWE-79
5.4
5.4
2025-04-09 CVE-2025-25023 IBM Security Guardium 11.4 and 12.1 could allow a privileged user to read any file on the system due to incorrect privilege assignment.
network
low complexity
CWE-266
4.9
4.9
2025-04-09 CVE-2017-20197 A vulnerability was found in propanetank Roommate-Bill-Tracking up to 288437f658fc9ee7d4b92a9da12557024d8bc55c.
network
low complexity
CWE-74
7.3
7.3
2025-04-09 CVE-2025-3100 The WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.6.22 due to insufficient input sanitization and output escaping in tasks discussion.
network
low complexity
CWE-79
6.4
6.4
2025-04-08 CVE-2025-27189 Cross-Site Request Forgery (CSRF) vulnerability in Adobe Commerce B2B
Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could be exploited to cause a denial-of-service condition.
network
low complexity
adobe CWE-352
4.3
4.3
2025-04-08 CVE-2025-27190 Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass.
network
low complexity
CWE-284
5.3
5.3