Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2025-05-28 CVE-2024-51453 IBM Sterling Secure Proxy 6.2.0.0 through 6.2.0.1 could allow a remote attacker to traverse directories on the system.
network
low complexity
CWE-22
4.3
4.3
2025-05-28 CVE-2025-5297 A vulnerability, which was classified as critical, has been found in SourceCodester Computer Store System 1.0.
local
low complexity
CWE-121
5.3
5.3
2025-05-28 CVE-2025-4963 The WP Extended plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 3.0.15 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.4
6.4
2025-05-28 CVE-2025-5082 The WP Attachments plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘attachment_id’ parameter in all versions up to, and including, 5.0.12 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.1
6.1
2025-05-28 CVE-2025-25025 IBM Security Guardium 12.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser.
network
low complexity
CWE-209
4.3
4.3
2025-05-28 CVE-2025-25026 IBM Security Guardium 12.0 could allow an authenticated user to obtain sensitive information due to an incorrect authentication check.
network
low complexity
CWE-863
4.3
4.3
2025-05-28 CVE-2025-25029 IBM Security Guardium 12.0 could allow a privileged user to download any file on the system due to improper escaping of input.
network
low complexity
CWE-116
4.9
4.9
2025-05-27 CVE-2024-45094 IBM DS8900F and DS8A00 Hardware Management Console (HMC) is vulnerable to stored cross-site scripting.
network
low complexity
CWE-79
5.5
5.5
2025-05-27 CVE-2025-5245 A vulnerability classified as critical has been found in GNU Binutils up to 2.44.
local
low complexity
CWE-119
5.3
5.3
2025-05-27 CVE-2025-5244 A vulnerability was found in GNU Binutils up to 2.44.
local
low complexity
CWE-119
5.3
5.3