Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2025-04-23 CVE-2024-22351 IBM InfoSphere Information 11.7 Server does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system.
network
low complexity
CWE-613
6.3
2025-04-23 CVE-2025-25045 IBM InfoSphere Information 11.7 Server authenticated user to obtain sensitive information when a detailed technical error message is returned in a request.
network
low complexity
CWE-209
4.3
2025-04-23 CVE-2025-25046 IBM InfoSphere Information Server 11.7 DataStage Flow Designer  transmits sensitive information via URL or query parameters that could be exposed to an unauthorized actor using man in the middle techniques.
network
high complexity
CWE-319
3.7
2025-04-23 CVE-2025-46397 Stack-overflow in fig2dev in version 3.2.9a allows an attacker possible code execution via local input manipulation via bezier_spline function.
local
low complexity
CWE-121
7.1
2025-04-23 CVE-2025-46398 Stack-overflow in fig2dev in version 3.2.9a allows an attacker possible code execution via local input manipulation via read_objects function.
local
low complexity
CWE-121
7.1
2025-04-23 CVE-2025-46399 Segmentation fault in fig2dev in version 3.2.9a allows an attacker to availability via local input manipulation via genge_itp_spline function.
local
low complexity
CWE-476
7.1
2025-04-23 CVE-2025-46400 Segmentation fault in fig2dev in version 3.2.9a allows an attacker to availability via local input manipulation via read_arcobject function.
local
low complexity
CWE-476
7.1
2025-04-23 CVE-2024-10306 A vulnerability was found in mod_proxy_cluster.
network
low complexity
CWE-863
5.4
2025-04-23 CVE-2025-1054 The UiCore Elements – Free Elementor widgets and templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the UI Counter, UI Icon Box, UI Testimonial Slider, UI Testimonial Grid, and UI Testimonial Carousel widgets in all versions up to, and including, 1.0.16 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.4
2025-04-23 CVE-2025-2595 An unauthenticated remote attacker can bypass the user management in CODESYS Visualization and read visualization template files or static elements by means of forced browsing.
network
low complexity
CWE-425
5.3