CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-56494 – IBM EntireX information disclosure
https://notcve.org/view.php?id=CVE-2024-56494
27 Feb 2025 — IBM EntireX 11.1 could allow a local user to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system. • https://www.ibm.com/support/pages/node/7184194 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-56812 – IBM EntireX information disclosure
https://notcve.org/view.php?id=CVE-2024-56812
27 Feb 2025 — IBM EntireX 11.1 could allow a local user to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system. • https://www.ibm.com/support/pages/node/7184194 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 6.4EPSS: 0%CPEs: 2EXPL: 0CVE-2025-0719 – IBM Cloud Pak for Data cross-site scripting
https://notcve.org/view.php?id=CVE-2025-0719
26 Feb 2025 — IBM Cloud Pak for Data 4.0.0 through 4.8.5 and 5.0.0 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. • https://www.ibm.com/support/pages/node/7184173 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-55898 – IBM i privilege escalation
https://notcve.org/view.php?id=CVE-2024-55898
24 Feb 2025 — IBM i 7.2, 7.3, 7.4, and 7.5 could allow a user with the capability to compile or restore a program to gain elevated privileges due to an unqualified library call. A malicious actor could cause user-controlled code to run with administrator privilege. • https://www.ibm.com/support/pages/node/7183835 • CWE-427: Uncontrolled Search Path Element •
CVSS: 5.3EPSS: 0%CPEs: 5EXPL: 0CVE-2024-22341 – IBM Watson Query on Cloud Pak for Data information disclosure
https://notcve.org/view.php?id=CVE-2024-22341
22 Feb 2025 — IBM Watson Query on Cloud Pak for Data 4.0.0 through 4.0.9, 4.5.0 through 4.5.3, 4.6.0 through 4.6.6, 4.7.0 through 4.7.4, and 4.8.0 through 4.8.7 could allow unauthorized data access from a remote data source object due to improper privilege management. • https://www.ibm.com/support/pages/node/7183851 • CWE-269: Improper Privilege Management •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45674 – IBM Security Verify Bridge information disclosure
https://notcve.org/view.php?id=CVE-2024-45674
21 Feb 2025 — IBM Security Verify Bridge Directory Sync 1.0.1 through 1.0.12, IBM Security Verify Gateway for Windows Login 1.0.1 through 1.0.10, and IBM Security Verify Gateway for Radius 1.0.1 through 1.0.11 stores potentially sensitive information in log files that could be read by a local user. • https://www.ibm.com/support/pages/node/7183801 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 0CVE-2025-1403 – Qiskit SDK denial of service
https://notcve.org/view.php?id=CVE-2025-1403
21 Feb 2025 — Qiskit SDK 0.45.0 through 1.2.4 could allow a remote attacker to cause a denial of service using a maliciously crafted QPY file containing a malformed symengine serialization stream which can cause a segfault within the symengine library. • https://www.ibm.com/support/pages/node/7183868 • CWE-502: Deserialization of Untrusted Data •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45673 – IBM Security Verify Bridge information disclosure
https://notcve.org/view.php?id=CVE-2024-45673
21 Feb 2025 — IBM Security Verify Bridge Directory Sync 1.0.1 through 1.0.12, IBM Security Verify Gateway for Windows Login 1.0.1 through 1.0.10, and IBM Security Verify Gateway for Radius 1.0.1 through 1.0.11 stores user credentials in configuration files which can be read by a local user. • https://www.ibm.com/support/pages/node/7183801 • CWE-260: Password in Configuration File •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2025-0161 – IBM Security Verify Access Appliance code injection
https://notcve.org/view.php?id=CVE-2025-0161
20 Feb 2025 — IBM Security Verify Access Appliance 10.0.0.0 through 10.0.0.9 and 11.0.0.0 could allow a local user to execute arbitrary code due to improper restrictions on code generation. • https://www.ibm.com/support/pages/node/7183788 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49337 – IBM OpenPages HTML injection
https://notcve.org/view.php?id=CVE-2024-49337
20 Feb 2025 — IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages is vulnerable to HTML injection, caused by improper validation of user-supplied input of text fields used to construct workflow email notifications. A remote authenticated attacker could exploit this vulnerability using HTML tags in a text field of an object to inject malicious script into an email which would be executed in a victim's mail client within the security context of the OpenPages mail message. An attacker could use this for phishing or identity... • https://www.ibm.com/support/pages/node/7183541 • CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •