| 2025-02-20 | CVE-2024-49781 | IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages is vulnerable to an XML external entity injection (XXE) attack when processing XML data. | 7.1 |
| 2025-02-20 | CVE-2024-13476 | SQL Injection vulnerability in Eniture LTL Freight Quotes
The LTL Freight Quotes – GlobalTranz Edition plugin for WordPress is vulnerable to SQL Injection via the 'engtz_wd_save_dropship' AJAX endpoint in all versions up to, and including, 2.3.11 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 7.5 |
| 2025-02-20 | CVE-2024-13753 | Cross-Site Request Forgery (CSRF) vulnerability in Webcodingplace Ultimate Classified Listings
The Ultimate Classified Listings plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. | 8.8 |
| 2025-02-19 | CVE-2025-27092 | Path Traversal vulnerability in CMU Ghosts
GHOSTS is an open source user simulation framework for cyber experimentation, simulation, training, and exercise. | 7.5 |
| 2025-02-19 | CVE-2023-47160 | IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 8.2 |
| 2025-02-19 | CVE-2024-28777 | IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0 is vulnerable to unrestricted deserialization. | 8.8 |
| 2025-02-19 | CVE-2024-45084 | IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0 could allow an authenticated attacker to conduct formula injection. | 8.0 |
| 2025-02-19 | CVE-2024-52902 | IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0 client application contains hard coded database passwords in source code which could be used for unauthorized access to the system. | 8.8 |
| 2025-02-19 | CVE-2025-1464 | A vulnerability, which was classified as critical, has been found in Baiyi Cloud Asset Management System up to 20250204. | 7.3 |
| 2025-02-19 | CVE-2024-13478 | SQL Injection vulnerability in Eniture LTL Freight Quotes
The LTL Freight Quotes – TForce Edition plugin for WordPress is vulnerable to SQL Injection via the 'dropship_edit_id' and 'edit_id' parameters in all versions up to, and including, 3.6.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 7.5 |