Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-02-20 | CVE-2024-49779 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Openpages With Watson 9.0 IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages could allow a remote attacker to bypass security restrictions, caused by improper validation and management of authentication cookies. | 8.8 |
| 2025-02-20 | CVE-2024-49781 | XXE vulnerability in IBM Openpages With Watson 9.0 IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages is vulnerable to an XML external entity injection (XXE) attack when processing XML data. | 7.1 |
| 2025-02-20 | CVE-2024-13476 | SQL Injection vulnerability in Eniture LTL Freight Quotes The LTL Freight Quotes – GlobalTranz Edition plugin for WordPress is vulnerable to SQL Injection via the 'engtz_wd_save_dropship' AJAX endpoint in all versions up to, and including, 2.3.11 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 7.5 |
| 2025-02-20 | CVE-2024-13753 | Cross-Site Request Forgery (CSRF) vulnerability in Webcodingplace Ultimate Classified Listings The Ultimate Classified Listings plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. | 8.8 |
| 2025-02-20 | CVE-2024-49782 | Improper Validation of Certificate with Host Mismatch vulnerability in IBM Openpages With Watson 9.0 IBM OpenPages with Watson 8.3 and 9.0 could allow a remote attacker to spoof mail server identity when using SSL/TLS security. | 8.2 |
| 2025-02-20 | CVE-2025-1492 | Uncontrolled Recursion vulnerability in Wireshark Bundle Protocol and CBOR dissector crashes in Wireshark 4.4.0 to 4.4.3 and 4.2.0 to 4.2.10 allows denial of service via packet injection or crafted capture file | 7.5 |
| 2025-02-19 | CVE-2025-27092 | Path Traversal vulnerability in CMU Ghosts GHOSTS is an open source user simulation framework for cyber experimentation, simulation, training, and exercise. | 7.5 |
| 2025-02-19 | CVE-2023-47160 | IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 8.2 |
| 2025-02-19 | CVE-2024-28777 | IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0 is vulnerable to unrestricted deserialization. | 8.8 |
| 2025-02-19 | CVE-2024-45084 | IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0 could allow an authenticated attacker to conduct formula injection. | 8.0 |