CVE-2025-63713 - SourceCodester MatchMaster XSS
CVE ID : CVE-2025-63713
Published : Nov. 7, 2025, 6:15 p.m. | 2 hours, 6 minutes ago
Description : Cross-Site Scripting (XSS) vulnerability in SourceCodester "MatchMaster" 1.0 allows remote attackers to inject arbitrary web script or HTML via crafted input in the custom test creation feature. The vulnerability exists because the application fails to properly sanitize user-supplied input in test titles and matching pair items before rendering them in the DOM during test execution.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-63713
Published : Nov. 7, 2025, 6:15 p.m. | 2 hours, 6 minutes ago
Description : Cross-Site Scripting (XSS) vulnerability in SourceCodester "MatchMaster" 1.0 allows remote attackers to inject arbitrary web script or HTML via crafted input in the custom test creation feature. The vulnerability exists because the application fails to properly sanitize user-supplied input in test titles and matching pair items before rendering them in the DOM during test execution.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-63714 - SourceCodester User Account Generator XSS
CVE ID : CVE-2025-63714
Published : Nov. 7, 2025, 6:15 p.m. | 2 hours, 6 minutes ago
Description : Cross-Site Scripting (XSS) vulnerability in SourceCodester User Account Generator 1.0 allows remote attackers to execute arbitrary JavaScript code in the context of the user's browser session via crafted input in the Username Prefix field. The vulnerability exists due to improper sanitization of user-supplied input when rendering generated account data to the DOM, allowing persistent injection of malicious HTML elements that execute when clicked by users.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-63714
Published : Nov. 7, 2025, 6:15 p.m. | 2 hours, 6 minutes ago
Description : Cross-Site Scripting (XSS) vulnerability in SourceCodester User Account Generator 1.0 allows remote attackers to execute arbitrary JavaScript code in the context of the user's browser session via crafted input in the Username Prefix field. The vulnerability exists due to improper sanitization of user-supplied input when rendering generated account data to the DOM, allowing persistent injection of malicious HTML elements that execute when clicked by users.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-63716 - SourceCodester Leads Manager Tool CSRF Vulnerability
CVE ID : CVE-2025-63716
Published : Nov. 7, 2025, 6:15 p.m. | 2 hours, 6 minutes ago
Description : The SourceCodester Leads Manager Tool v1.0 is vulnerable to Cross-Site Request Forgery (CSRF) attacks that allow unauthorized state-changing operations. The application lacks CSRF protection mechanisms such as anti-CSRF tokens or same-origin verification for critical endpoints.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-63716
Published : Nov. 7, 2025, 6:15 p.m. | 2 hours, 6 minutes ago
Description : The SourceCodester Leads Manager Tool v1.0 is vulnerable to Cross-Site Request Forgery (CSRF) attacks that allow unauthorized state-changing operations. The application lacks CSRF protection mechanisms such as anti-CSRF tokens or same-origin verification for critical endpoints.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-63718 - SourceCodester PQMS SQL Injection
CVE ID : CVE-2025-63718
Published : Nov. 7, 2025, 6:15 p.m. | 2 hours, 6 minutes ago
Description : A SQL injection vulnerability exists in the SourceCodester PQMS (Patient Queue Management System) 1.0 in the api_patient_schedule.php endpoint. The appointmentID parameter is not properly sanitized, allowing attackers to execute arbitrary SQL commands.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-63718
Published : Nov. 7, 2025, 6:15 p.m. | 2 hours, 6 minutes ago
Description : A SQL injection vulnerability exists in the SourceCodester PQMS (Patient Queue Management System) 1.0 in the api_patient_schedule.php endpoint. The appointmentID parameter is not properly sanitized, allowing attackers to execute arbitrary SQL commands.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-64347 - Apollo Router Improperly Enforces Renamed Access Control Directives
CVE ID : CVE-2025-64347
Published : Nov. 7, 2025, 6:15 p.m. | 2 hours, 6 minutes ago
Description : Apollo Router Core is a configurable Rust graph router written to run a federated supergraph using Apollo Federation 2. Versions 1.61.12-rc.0 and below and 2.8.1-rc.0 allow unauthorized access to protected data through schema elements with access control directives (@authenticated, @requiresScopes, and @policy) that were renamed via @link imports. Router did not enforce renamed access control directives on schema elements (e.g. fields and types), allowing queries to bypass those element-level access controls. This issue is fixed in versions 1.61.12 and 2.8.1.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-64347
Published : Nov. 7, 2025, 6:15 p.m. | 2 hours, 6 minutes ago
Description : Apollo Router Core is a configurable Rust graph router written to run a federated supergraph using Apollo Federation 2. Versions 1.61.12-rc.0 and below and 2.8.1-rc.0 allow unauthorized access to protected data through schema elements with access control directives (@authenticated, @requiresScopes, and @policy) that were renamed via @link imports. Router did not enforce renamed access control directives on schema elements (e.g. fields and types), allowing queries to bypass those element-level access controls. This issue is fixed in versions 1.61.12 and 2.8.1.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-64430 - Parse Server Vulnerable to Server-Side Request Forgery (SSRF) in File Upload via URI Format
CVE ID : CVE-2025-64430
Published : Nov. 7, 2025, 6:15 p.m. | 2 hours, 6 minutes ago
Description : Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In versions 4.2.0 through 7.5.3, and 8.0.0 through 8.3.1-alpha.1, there is a Server-Side Request Forgery (SSRF) vulnerability in the file upload functionality when trying to upload a Parse.File with uri parameter, allowing execution of an arbitrary URI. The vulnerability stems from a file upload feature in which Parse Server retrieves the file data from a URI that is provided in the request. A request to the provided URI is executed, but the response is not stored in Parse Server's file storage as the server crashes upon receiving the response. This issue is fixed in versions 7.5.4 and 8.4.0-alpha.1.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-64430
Published : Nov. 7, 2025, 6:15 p.m. | 2 hours, 6 minutes ago
Description : Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In versions 4.2.0 through 7.5.3, and 8.0.0 through 8.3.1-alpha.1, there is a Server-Side Request Forgery (SSRF) vulnerability in the file upload functionality when trying to upload a Parse.File with uri parameter, allowing execution of an arbitrary URI. The vulnerability stems from a file upload feature in which Parse Server retrieves the file data from a URI that is provided in the request. A request to the provided URI is executed, but the response is not stored in Parse Server's file storage as the server crashes upon receiving the response. This issue is fixed in versions 7.5.4 and 8.4.0-alpha.1.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9458 - PRT File Parsing Memory Corruption Vulnerability
CVE ID : CVE-2025-9458
Published : Nov. 7, 2025, 6:15 p.m. | 2 hours, 6 minutes ago
Description : A maliciously crafted PRT file, when parsed through certain Autodesk products, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9458
Published : Nov. 7, 2025, 6:15 p.m. | 2 hours, 6 minutes ago
Description : A maliciously crafted PRT file, when parsed through certain Autodesk products, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-47118 - IBM Db2 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query
CVE ID : CVE-2024-47118
Published : Nov. 7, 2025, 7:15 p.m. | 1 hour, 6 minutes ago
Description : IBM Db2 10.5.0 through 10.5.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-47118
Published : Nov. 7, 2025, 7:15 p.m. | 1 hour, 6 minutes ago
Description : IBM Db2 10.5.0 through 10.5.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-12890 - Bluetooth: peripheral: Invalid handling of malformed connection request
CVE ID : CVE-2025-12890
Published : Nov. 7, 2025, 7:15 p.m. | 1 hour, 6 minutes ago
Description : Improper handling of malformed Connection Request with the interval set to be 1 (which supposed to be illegal) and the chM 0x7CFFFFFFFF triggers a crash. The peripheral will not be connectable after it.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-12890
Published : Nov. 7, 2025, 7:15 p.m. | 1 hour, 6 minutes ago
Description : Improper handling of malformed Connection Request with the interval set to be 1 (which supposed to be illegal) and the chM 0x7CFFFFFFFF triggers a crash. The peripheral will not be connectable after it.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-2534 - IBM Db2 denial of service
CVE ID : CVE-2025-2534
Published : Nov. 7, 2025, 7:15 p.m. | 1 hour, 6 minutes ago
Description : IBM Db2 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-2534
Published : Nov. 7, 2025, 7:15 p.m. | 1 hour, 6 minutes ago
Description : IBM Db2 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-33012 - IBM Db2 improper account lockout
CVE ID : CVE-2025-33012
Published : Nov. 7, 2025, 7:15 p.m. | 1 hour, 6 minutes ago
Description : IBM Db2 10.5.0 through 10.5.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux could allow an authenticated user to regain access after account lockout due to password use after expiration date.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-33012
Published : Nov. 7, 2025, 7:15 p.m. | 1 hour, 6 minutes ago
Description : IBM Db2 10.5.0 through 10.5.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux could allow an authenticated user to regain access after account lockout due to password use after expiration date.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-36006 - IBM Db2 denial of service
CVE ID : CVE-2025-36006
Published : Nov. 7, 2025, 7:16 p.m. | 1 hour, 5 minutes ago
Description : IBM Db2 10.5.0 through 10.5.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow an authenticated user to cause a denial due to the improper release of resources after use.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-36006
Published : Nov. 7, 2025, 7:16 p.m. | 1 hour, 5 minutes ago
Description : IBM Db2 10.5.0 through 10.5.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow an authenticated user to cause a denial due to the improper release of resources after use.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-36008 - IBM Db2 denial of service
CVE ID : CVE-2025-36008
Published : Nov. 7, 2025, 7:16 p.m. | 1 hour, 5 minutes ago
Description : IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow an authenticated user to cause a denial of service due to improper allocation of resources.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-36008
Published : Nov. 7, 2025, 7:16 p.m. | 1 hour, 5 minutes ago
Description : IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow an authenticated user to cause a denial of service due to improper allocation of resources.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-36131 - IBM Db2 information disclosure
CVE ID : CVE-2025-36131
Published : Nov. 7, 2025, 7:16 p.m. | 1 hour, 5 minutes ago
Description : IBM Db2 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes Db2 Connect Server) clpplus command exposes user credentials to the terminal which could be obtained by a third party with physical access to the system.
Severity: 4.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-36131
Published : Nov. 7, 2025, 7:16 p.m. | 1 hour, 5 minutes ago
Description : IBM Db2 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes Db2 Connect Server) clpplus command exposes user credentials to the terminal which could be obtained by a third party with physical access to the system.
Severity: 4.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-36135 - IBM Sterling B2B Integrator and IBM Sterling File Gateway are Vulnerable to Cross-Site Scripting
CVE ID : CVE-2025-36135
Published : Nov. 7, 2025, 7:16 p.m. | 1 hour, 5 minutes ago
Description : IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.7_1, 6.2.0.0 through 6.2.0.5, and 6.2.1.0 and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7_1, 6.2.0.0 through 6.2.0.5, and 6.2.1.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-36135
Published : Nov. 7, 2025, 7:16 p.m. | 1 hour, 5 minutes ago
Description : IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.7_1, 6.2.0.0 through 6.2.0.5, and 6.2.1.0 and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7_1, 6.2.0.0 through 6.2.0.5, and 6.2.1.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-36136 - IBM denial of service
CVE ID : CVE-2025-36136
Published : Nov. 7, 2025, 7:16 p.m. | 1 hour, 5 minutes ago
Description : IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes DB2 Connect Server) could allow a local user to cause a denial of service due to the database monitor script incorrectly detecting that the instance is still starting under specific conditions.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-36136
Published : Nov. 7, 2025, 7:16 p.m. | 1 hour, 5 minutes ago
Description : IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes DB2 Connect Server) could allow a local user to cause a denial of service due to the database monitor script incorrectly detecting that the instance is still starting under specific conditions.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-36185 - IBM Db2 denial of service
CVE ID : CVE-2025-36185
Published : Nov. 7, 2025, 7:16 p.m. | 1 hour, 5 minutes ago
Description : IBM Db2 12.1.0 through 12.1.2 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow a local user to cause a denial of service due to improper neutralization of special elements in data query logic.
Severity: 6.2 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-36185
Published : Nov. 7, 2025, 7:16 p.m. | 1 hour, 5 minutes ago
Description : IBM Db2 12.1.0 through 12.1.2 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow a local user to cause a denial of service due to improper neutralization of special elements in data query logic.
Severity: 6.2 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-36186 - IBM Db2 privilege escalation
CVE ID : CVE-2025-36186
Published : Nov. 7, 2025, 7:16 p.m. | 1 hour, 5 minutes ago
Description : IBM Db2 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes Db2 Connect Server) under specific configurations could allow a local user to execute malicious code that escalate their privileges to root due to execution of unnecessary privileges operated at a higher than minimum level.
Severity: 7.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-36186
Published : Nov. 7, 2025, 7:16 p.m. | 1 hour, 5 minutes ago
Description : IBM Db2 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes Db2 Connect Server) under specific configurations could allow a local user to execute malicious code that escalate their privileges to root due to execution of unnecessary privileges operated at a higher than minimum level.
Severity: 7.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-61261 - CKeditor Angular Reflected Cross-Site Scripting (XSS) Vulnerability
CVE ID : CVE-2025-61261
Published : Nov. 7, 2025, 7:16 p.m. | 1 hour, 5 minutes ago
Description : A reflected cross-site scripting (XSS) vulnerability in CKeditor v46.1.0 & Angular v18.0.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-61261
Published : Nov. 7, 2025, 7:16 p.m. | 1 hour, 5 minutes ago
Description : A reflected cross-site scripting (XSS) vulnerability in CKeditor v46.1.0 & Angular v18.0.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-63717 - SourceCodester Pet Grooming Management Software CSRF Vulnerability
CVE ID : CVE-2025-63717
Published : Nov. 7, 2025, 7:16 p.m. | 1 hour, 5 minutes ago
Description : The change password functionality at /pet_grooming/admin/change_pass.php in SourceCodester Pet Grooming Management Software 1.0 is vulnerable to Cross-Site Request Forgery (CSRF) attacks. The application does not implement adequate anti-CSRF tokens or same-site cookie restrictions, allowing attackers to trick authenticated users into unknowingly changing their passwords.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-63717
Published : Nov. 7, 2025, 7:16 p.m. | 1 hour, 5 minutes ago
Description : The change password functionality at /pet_grooming/admin/change_pass.php in SourceCodester Pet Grooming Management Software 1.0 is vulnerable to Cross-Site Request Forgery (CSRF) attacks. The application does not implement adequate anti-CSRF tokens or same-site cookie restrictions, allowing attackers to trick authenticated users into unknowingly changing their passwords.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-64431 - IDOR Vulnerabilities in ZITADEL's Organization API allows Cross-Tenant Data Tempering
CVE ID : CVE-2025-64431
Published : Nov. 7, 2025, 7:16 p.m. | 1 hour, 5 minutes ago
Description : Zitadel is an open source identity management platform. Versions 4.0.0-rc.1 through 4.6.2 are vulnerable to secure Direct Object Reference (IDOR) attacks through its V2Beta API, allowing authenticated users with specific administrator roles within one organization to access and modify data belonging to other organizations. Note that this vulnerability is limited to organization-level data (name, domains, metadata). No other related data (such as users, projects, applications, etc.) is affected. This issue is fixed in version 4.6.3.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-64431
Published : Nov. 7, 2025, 7:16 p.m. | 1 hour, 5 minutes ago
Description : Zitadel is an open source identity management platform. Versions 4.0.0-rc.1 through 4.6.2 are vulnerable to secure Direct Object Reference (IDOR) attacks through its V2Beta API, allowing authenticated users with specific administrator roles within one organization to access and modify data belonging to other organizations. Note that this vulnerability is limited to organization-level data (name, domains, metadata). No other related data (such as users, projects, applications, etc.) is affected. This issue is fixed in version 4.6.3.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...