CVE-2025-62726 - n8n Vulnerable to Remote Code Execution via Git Node Pre-Commit Hook
CVE ID : CVE-2025-62726
Published : Oct. 30, 2025, 4:24 p.m. | 45 minutes ago
Description : n8n is an open source workflow automation platform. Prior to 1.113.0, a remote code execution vulnerability exists in the Git Node component available in both Cloud and Self-Hosted versions of n8n. When a malicious actor clones a remote repository containing a pre-commit hook, the subsequent use of the Commit operation in the Git Node can inadvertently trigger the hook’s execution. This allows attackers to execute arbitrary code within the n8n environment, potentially compromising the system and any connected credentials or workflows. This vulnerability is fixed in 1.113.0.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-62726
Published : Oct. 30, 2025, 4:24 p.m. | 45 minutes ago
Description : n8n is an open source workflow automation platform. Prior to 1.113.0, a remote code execution vulnerability exists in the Git Node component available in both Cloud and Self-Hosted versions of n8n. When a malicious actor clones a remote repository containing a pre-commit hook, the subsequent use of the Commit operation in the Git Node can inadvertently trigger the hook’s execution. This allows attackers to execute arbitrary code within the n8n environment, potentially compromising the system and any connected credentials or workflows. This vulnerability is fixed in 1.113.0.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-61121 - Glority Global Group Ltd. Mobile Scanner Android App Credential Leakage Vulnerability
CVE ID : CVE-2025-61121
Published : Oct. 30, 2025, 5:15 p.m. | 3 hours, 58 minutes ago
Description : Mobile Scanner Android App version 2.12.38 (package name com.glority.everlens), developed by Glority Global Group Ltd., contains a credential leakage vulnerability. Improper handling of cloud service credentials may allow attackers to obtain them and carry out unauthorized actions, such as sensitive information disclosure and abuse of cloud resources. Successful exploitation could result in privacy breaches and misuse of the platform infrastructure.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-61121
Published : Oct. 30, 2025, 5:15 p.m. | 3 hours, 58 minutes ago
Description : Mobile Scanner Android App version 2.12.38 (package name com.glority.everlens), developed by Glority Global Group Ltd., contains a credential leakage vulnerability. Improper handling of cloud service credentials may allow attackers to obtain them and carry out unauthorized actions, such as sensitive information disclosure and abuse of cloud resources. Successful exploitation could result in privacy breaches and misuse of the platform infrastructure.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-61196 - BusinessNext CRMnext Remote Code Execution (RCE)
CVE ID : CVE-2025-61196
Published : Oct. 30, 2025, 5:15 p.m. | 3 hours, 58 minutes ago
Description : An issue in BusinessNext CRMnext v.10.8.3.0 allows a remote attacker to execute arbitrary code via the comments unput parameter
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-61196
Published : Oct. 30, 2025, 5:15 p.m. | 3 hours, 58 minutes ago
Description : An issue in BusinessNext CRMnext v.10.8.3.0 allows a remote attacker to execute arbitrary code via the comments unput parameter
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-62795 - JumpServer Unauthorized LDAP Configuration Access via WebSocket
CVE ID : CVE-2025-62795
Published : Oct. 30, 2025, 5:15 p.m. | 3 hours, 58 minutes ago
Description : JumpServer is an open source bastion host and an operation and maintenance security audit system. Prior to v3.10.21-lts and v4.10.12-lts, a low-privileged authenticated user can invoke LDAP configuration tests and start LDAP synchronization by sending crafted messages to the /ws/ldap/ WebSocket endpoint, bypassing authorization checks and potentially exposing LDAP credentials or causing unintended sync operations. This vulnerability is fixed in v3.10.21-lts and v4.10.12-lts.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-62795
Published : Oct. 30, 2025, 5:15 p.m. | 3 hours, 58 minutes ago
Description : JumpServer is an open source bastion host and an operation and maintenance security audit system. Prior to v3.10.21-lts and v4.10.12-lts, a low-privileged authenticated user can invoke LDAP configuration tests and start LDAP synchronization by sending crafted messages to the /ws/ldap/ WebSocket endpoint, bypassing authorization checks and potentially exposing LDAP credentials or causing unintended sync operations. This vulnerability is fixed in v3.10.21-lts and v4.10.12-lts.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-63885 - AIxBlock Stored XSS Vulnerability
CVE ID : CVE-2025-63885
Published : Oct. 30, 2025, 5:15 p.m. | 3 hours, 58 minutes ago
Description : A stored cross-site scripting (XSS) vulnerability in AIxBlock commit 04f305 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the model_desc field.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-63885
Published : Oct. 30, 2025, 5:15 p.m. | 3 hours, 58 minutes ago
Description : A stored cross-site scripting (XSS) vulnerability in AIxBlock commit 04f305 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the model_desc field.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-64096 - CryptoLib vulnerable to Stack Buffer Overflow in Crypto_Key_Update due to missing TLV length check
CVE ID : CVE-2025-64096
Published : Oct. 30, 2025, 5:15 p.m. | 3 hours, 58 minutes ago
Description : CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. Prier to 1.4.2, there is a missing bounds check in Crypto_Key_update() (crypto_key_mgmt.c) which allows a remote attacker to trigger a stack-based buffer overflow by supplying a TLV packet with a spoofed length field. The function calculates the number of keys from an attacker-controlled field (pdu_len), which may exceed the static array size (kblk[98]), leading to an out-of-bounds write and potential memory corruption. This vulnerability is fixed in 1.4.2.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-64096
Published : Oct. 30, 2025, 5:15 p.m. | 3 hours, 58 minutes ago
Description : CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. Prier to 1.4.2, there is a missing bounds check in Crypto_Key_update() (crypto_key_mgmt.c) which allows a remote attacker to trigger a stack-based buffer overflow by supplying a TLV packet with a spoofed length field. The function calculates the number of keys from an attacker-controlled field (pdu_len), which may exceed the static array size (kblk[98]), leading to an out-of-bounds write and potential memory corruption. This vulnerability is fixed in 1.4.2.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-56313 - JATOS Reflected Cross-Site Scripting (XSS) Vulnerability
CVE ID : CVE-2025-56313
Published : Oct. 30, 2025, 6:15 p.m. | 2 hours, 58 minutes ago
Description : A Reflected Cross-Site Scripting (XSS) vulnerability was discovered in the /publix/run endpoint of JATOS 3.7.1 through 3.9.6 (inclusive). This allows remote attackers to execute arbitrary JavaScript in a user's web browser by including a malicious payload in the "code" URL parameter. When an authenticated admin user accesses the study's URL, the malicious script gets interpreted and executes within their browser, which can lead to unauthorized actions, account compromise, and privilege escalation.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-56313
Published : Oct. 30, 2025, 6:15 p.m. | 2 hours, 58 minutes ago
Description : A Reflected Cross-Site Scripting (XSS) vulnerability was discovered in the /publix/run endpoint of JATOS 3.7.1 through 3.9.6 (inclusive). This allows remote attackers to execute arbitrary JavaScript in a user's web browser by including a malicious payload in the "code" URL parameter. When an authenticated admin user accesses the study's URL, the malicious script gets interpreted and executes within their browser, which can lead to unauthorized actions, account compromise, and privilege escalation.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-62266 - Liferay Portal DNS Rebinding Vulnerability
CVE ID : CVE-2025-62266
Published : Oct. 30, 2025, 6:15 p.m. | 2 hours, 58 minutes ago
Description : By default, Liferay Portal 7.4.0 through 7.4.3.119, and older unsupported versions, and Liferay DXP 2024.Q1.1 through 2024.Q1.5, 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported versions is vulnerable to DNS rebinding attacks, which allows remote attackers to redirect users to arbitrary external URLs. This vulnerability can be mitigated by changing the redirect URL security from IP to domain.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-62266
Published : Oct. 30, 2025, 6:15 p.m. | 2 hours, 58 minutes ago
Description : By default, Liferay Portal 7.4.0 through 7.4.3.119, and older unsupported versions, and Liferay DXP 2024.Q1.1 through 2024.Q1.5, 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported versions is vulnerable to DNS rebinding attacks, which allows remote attackers to redirect users to arbitrary external URLs. This vulnerability can be mitigated by changing the redirect URL security from IP to domain.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-64112 - Statmatic vulnerable to Stored Cross-Site Scripting
CVE ID : CVE-2025-64112
Published : Oct. 30, 2025, 6:15 p.m. | 2 hours, 58 minutes ago
Description : Statmatic is a Laravel and Git powered content management system (CMS). Stored XSS vulnerabilities in Collections and Taxonomies allow authenticated users with content creation permissions to inject malicious JavaScript that executes when viewed by higher-privileged users. This vulnerability is fixed in 5.22.1.
Severity: 8.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-64112
Published : Oct. 30, 2025, 6:15 p.m. | 2 hours, 58 minutes ago
Description : Statmatic is a Laravel and Git powered content management system (CMS). Stored XSS vulnerabilities in Collections and Taxonomies allow authenticated users with content creation permissions to inject malicious JavaScript that executes when viewed by higher-privileged users. This vulnerability is fixed in 5.22.1.
Severity: 8.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-64115 - Movary unvalidated Referer header allows open redirect and phishing
CVE ID : CVE-2025-64115
Published : Oct. 30, 2025, 6:15 p.m. | 2 hours, 58 minutes ago
Description : Movary is a web application to track, rate and explore your movie watch history. Versions up to and including 0.68.0 use the HTTP Referer header value directly for redirects in multiple settings endpoints, allowing a crafted link to cause an open redirect to an attacker-controlled site and facilitate phishing. This vulnerability is fixed in 0.69.0.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-64115
Published : Oct. 30, 2025, 6:15 p.m. | 2 hours, 58 minutes ago
Description : Movary is a web application to track, rate and explore your movie watch history. Versions up to and including 0.68.0 use the HTTP Referer header value directly for redirects in multiple settings endpoints, allowing a crafted link to cause an open redirect to an attacker-controlled site and facilitate phishing. This vulnerability is fixed in 0.69.0.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-64116 - Movary vulnerable to an open redirect
CVE ID : CVE-2025-64116
Published : Oct. 30, 2025, 6:15 p.m. | 2 hours, 58 minutes ago
Description : Movary is a web application to track, rate and explore your movie watch history. Prior to 0.69.0, the login page accepts a redirect parameter without validation, allowing attackers to redirect authenticated users to arbitrary external sites. This vulnerability is fixed in 0.69.0.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-64116
Published : Oct. 30, 2025, 6:15 p.m. | 2 hours, 58 minutes ago
Description : Movary is a web application to track, rate and explore your movie watch history. Prior to 0.69.0, the login page accepts a redirect parameter without validation, allowing attackers to redirect authenticated users to arbitrary external sites. This vulnerability is fixed in 0.69.0.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-64118 - node-tar vulnerable to race condition leading to uninitialized memory exposure
CVE ID : CVE-2025-64118
Published : Oct. 30, 2025, 6:15 p.m. | 2 hours, 58 minutes ago
Description : node-tar is a Tar for Node.js. In 7.5.1, using .t (aka .list) with { sync: true } to read tar entry contents returns uninitialized memory contents if tar file was changed on disk to a smaller size while being read. This vulnerability is fixed in 7.5.2.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-64118
Published : Oct. 30, 2025, 6:15 p.m. | 2 hours, 58 minutes ago
Description : node-tar is a Tar for Node.js. In 7.5.1, using .t (aka .list) with { sync: true } to read tar entry contents returns uninitialized memory contents if tar file was changed on disk to a smaller size while being read. This vulnerability is fixed in 7.5.2.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-36137 - IBM Sterling Connect:Direct for UNIX command execution
CVE ID : CVE-2025-36137
Published : Oct. 30, 2025, 7:16 p.m. | 1 hour, 57 minutes ago
Description : IBM Sterling Connect Direct for Unix 6.2.0.7 through 6.2.0.9 iFix004, 6.4.0.0 through 6.4.0.2 iFix001, and 6.3.0.2 through 6.3.0.5 iFix002 incorrectly assigns permissions for maintenance tasks to Control Center Director (CCD) users that could allow a privileged user to escalate their privileges further due to unnecessary privilege assignment for post update scripts.
Severity: 7.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-36137
Published : Oct. 30, 2025, 7:16 p.m. | 1 hour, 57 minutes ago
Description : IBM Sterling Connect Direct for Unix 6.2.0.7 through 6.2.0.9 iFix004, 6.4.0.0 through 6.4.0.2 iFix001, and 6.3.0.2 through 6.3.0.5 iFix002 incorrectly assigns permissions for maintenance tasks to Control Center Director (CCD) users that could allow a privileged user to escalate their privileges further due to unnecessary privilege assignment for post update scripts.
Severity: 7.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-52179 - Zucchetti Ad Hoc Revolution XSS
CVE ID : CVE-2025-52179
Published : Oct. 30, 2025, 7:16 p.m. | 1 hour, 57 minutes ago
Description : Cross-site scripting (XSS) vulnerability in Zucchetti Ad Hoc Revolution 4.1 and earlier allows remote unauthenticated attackers to inject arbitrary JavaScript via the pHtmlSource parameter of the /ahrw/jsp/gsfr_feditorHTML.jsp endpoint.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-52179
Published : Oct. 30, 2025, 7:16 p.m. | 1 hour, 57 minutes ago
Description : Cross-site scripting (XSS) vulnerability in Zucchetti Ad Hoc Revolution 4.1 and earlier allows remote unauthenticated attackers to inject arbitrary JavaScript via the pHtmlSource parameter of the /ahrw/jsp/gsfr_feditorHTML.jsp endpoint.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-52180 - Zucchetti Ad Hoc Infinity XSS
CVE ID : CVE-2025-52180
Published : Oct. 30, 2025, 7:16 p.m. | 1 hour, 57 minutes ago
Description : Cross-site scripting (XSS) vulnerability in Zucchetti Ad Hoc Infinity 4.2 and earlier allows remote unauthenticated attackers to inject arbitrary JavaScript via the pHtmlSource parameter of the /ahi/jsp/gsfr_feditorHTML.jsp?pHtmlSource endpoint.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-52180
Published : Oct. 30, 2025, 7:16 p.m. | 1 hour, 57 minutes ago
Description : Cross-site scripting (XSS) vulnerability in Zucchetti Ad Hoc Infinity 4.2 and earlier allows remote unauthenticated attackers to inject arbitrary JavaScript via the pHtmlSource parameter of the /ahi/jsp/gsfr_feditorHTML.jsp?pHtmlSource endpoint.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-57109 - Kitware VTK Heap Use-After-Free Vulnerability
CVE ID : CVE-2025-57109
Published : Oct. 30, 2025, 7:16 p.m. | 1 hour, 57 minutes ago
Description : Kitware VTK (Visualization Toolkit) 9.5.0 is vulnerable to Heap Use-After-Free in vtkGLTFImporter::ImportActors. When processing GLTF files with invalid scene node references, the application accesses string members of mesh objects that have been previously freed during actor import operations.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-57109
Published : Oct. 30, 2025, 7:16 p.m. | 1 hour, 57 minutes ago
Description : Kitware VTK (Visualization Toolkit) 9.5.0 is vulnerable to Heap Use-After-Free in vtkGLTFImporter::ImportActors. When processing GLTF files with invalid scene node references, the application accesses string members of mesh objects that have been previously freed during actor import operations.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-62265 - Liferay Portal and DXP Blogs Widget XSS
CVE ID : CVE-2025-62265
Published : Oct. 30, 2025, 7:16 p.m. | 1 hour, 57 minutes ago
Description : Cross-site scripting (XSS) vulnerability in the Blogs widget in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.8, 7.4 GA through update 92, 7.3 GA through update 36, and older unsupported versions allows remote attackers to inject arbitrary web script or HTML via a crafted
CVE ID : CVE-2025-62265
Published : Oct. 30, 2025, 7:16 p.m. | 1 hour, 57 minutes ago
Description : Cross-site scripting (XSS) vulnerability in the Blogs widget in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.8, 7.4 GA through update 92, 7.3 GA through update 36, and older unsupported versions allows remote attackers to inject arbitrary web script or HTML via a crafted
CVE-2025-63298 - SourceCodester Pet Grooming Management System Path Traversal Vulnerability
CVE ID : CVE-2025-63298
Published : Oct. 30, 2025, 7:16 p.m. | 1 hour, 57 minutes ago
Description : A path traversal vulnerability was identified in SourceCodester Pet Grooming Management System 1.0, affecting the admin/manage_website.php component. An authenticated user with administrative privileges can leverage this flaw by submitting a specially crafted POST request, enabling the deletion of arbitrary files on the web server or underlying operating system.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-63298
Published : Oct. 30, 2025, 7:16 p.m. | 1 hour, 57 minutes ago
Description : A path traversal vulnerability was identified in SourceCodester Pet Grooming Management System 1.0, affecting the admin/manage_website.php component. An authenticated user with administrative privileges can leverage this flaw by submitting a specially crafted POST request, enabling the deletion of arbitrary files on the web server or underlying operating system.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-63422 - Each Italy Wireless Mini Router WIRELESS-N 300M Authentication Bypass Vulnerability
CVE ID : CVE-2025-63422
Published : Oct. 30, 2025, 7:16 p.m. | 1 hour, 57 minutes ago
Description : Incorrect access control in the Web management interface in Each Italy Wireless Mini Router WIRELESS-N 300M v28K.MiniRouter.20190211 allows attackers to arbitrarily change the administrator username and password via sending a crafted GET request.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-63422
Published : Oct. 30, 2025, 7:16 p.m. | 1 hour, 57 minutes ago
Description : Incorrect access control in the Web management interface in Each Italy Wireless Mini Router WIRELESS-N 300M v28K.MiniRouter.20190211 allows attackers to arbitrarily change the administrator username and password via sending a crafted GET request.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3355 - IBM Tivoli Monitoring is vulnerable to unauthenticated file read and write operations
CVE ID : CVE-2025-3355
Published : Oct. 30, 2025, 8:15 p.m. | 58 minutes ago
Description : IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 21 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3355
Published : Oct. 30, 2025, 8:15 p.m. | 58 minutes ago
Description : IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 21 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3356 - IBM Tivoli Monitoring is vulnerable to unauthenticated file read and write operations
CVE ID : CVE-2025-3356
Published : Oct. 30, 2025, 8:15 p.m. | 58 minutes ago
Description : IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 21 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view, overwrite, or append to arbitrary files on the system.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3356
Published : Oct. 30, 2025, 8:15 p.m. | 58 minutes ago
Description : IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 21 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view, overwrite, or append to arbitrary files on the system.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...