Microsoft: Security Vulnerabilities
IBM Content Navigator 3.0.11, 3.0.15, and 3.1.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Score
5.4
EPSS Score
0.001
Published
2025-04-02
IBM Jazz Reporting Service 7.0.2 and 7.0.3 does not invalidate session after logout which could allow an authenticated privileged user to impersonate another user on the system.
CVSS Score
6.6
EPSS Score
0.002
Published
2025-04-02
An issue was discovered in Django 5.1 before 5.1.8 and 5.0 before 5.0.14. The NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.views.LoginView, django.contrib.auth.views.LogoutView, and django.views.i18n.set_language are subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters.
CVSS Score
5.8
EPSS Score
0.002
Published
2025-04-02
An authenticated attacker can exploit an Server-Side Request Forgery (SSRF) vulnerability in Microsoft Azure Health Bot to elevate privileges over a network.
CVSS Score
8.3
EPSS Score
0.009
Published
2025-04-01
Improper authorization in Azure Playwright allows an unauthorized attacker to elevate privileges over a network.
CVSS Score
8.1
EPSS Score
0.006
Published
2025-03-31
IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.
CVSS Score
2.7
EPSS Score
0.002
Published
2025-03-29
IBM InfoSphere Information Server 11.7 could disclose sensitive user credentials from log files during new installation of the product.
CVSS Score
4.4
EPSS Score
0.002
Published
2025-03-29
IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information that is stored locally under certain conditions.
CVSS Score
5.3
EPSS Score
0.001
Published
2025-03-29
IBM InfoSphere Information Server 11.7
could allow an authenticated to obtain sensitive username information due to an observable response discrepancy.
CVSS Score
4.3
EPSS Score
0.002
Published
2025-03-29
CVE-2025-2783
Incorrect handle provided in unspecified circumstances in Mojo in Google Chrome on Windows prior to 134.0.6998.177 allowed a remote attacker to perform a sandbox escape via a malicious file. (Chromium security severity: High)
Known exploited
CVSS Score
8.3
EPSS Score
0.381
Published
2025-03-26