Microsoft: >> Windows Security Vulnerabilities
IBM InfoSphere Information 11.7 Server authenticated user to obtain sensitive information when a detailed technical error message is returned in a request. This information could be used in further attacks against the system.
CVSS Score
4.3
EPSS Score
0.0
Published
2025-04-23
IBM InfoSphere Information 11.7 Server does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system.
CVSS Score
6.3
EPSS Score
0.001
Published
2025-04-23
CVE-2025-34028
The Commvault Command Center Innovation Release allows an unauthenticated actor to upload ZIP files that represent install packages that, when expanded by the target server, are vulnerable to path traversal vulnerability that can result in Remote Code Execution via malicious JSP.
This issue affects Command Center Innovation Release: 11.38.0 to 11.38.20. The vulnerability is fixed in 11.38.20 with SP38-CU20-433 and SP38-CU20-436 and also fixed in 11.38.25 with SP38-CU25-434 and SP38-CU25-438.
Known exploited
CVSS Score
10.0
EPSS Score
0.639
Published
2025-04-22
IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.
CVSS Score
4.1
EPSS Score
0.0
Published
2025-04-22
IBM Sterling Connect:Direct Web Services 6.1.0, 6.2.0, and 6.3.0 could allow an authenticated user to spoof the identity of another user due to improper authorization which could allow the user to bypass access restrictions.
CVSS Score
6.3
EPSS Score
0.0
Published
2025-04-18
IBM Sterling Connect:Direct Web Services 6.1.0, 6.2.0, and 6.3.0
does not invalidate session after a browser closure which could allow an authenticated user to impersonate another user on the system.
CVSS Score
6.3
EPSS Score
0.0
Published
2025-04-18
Heap buffer overflow in Codecs in Google Chrome on Windows prior to 135.0.7049.95 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)
CVSS Score
8.8
EPSS Score
0.0
Published
2025-04-16
IBM Aspera Console 3.4.0 through 3.4.4
uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
CVSS Score
5.9
EPSS Score
0.0
Published
2025-04-14
IBM Aspera Console 3.4.0 through 3.4.4 could disclose sensitive information in HTTP headers that could be used in further attacks against the system.
CVSS Score
5.3
EPSS Score
0.0
Published
2025-04-14
IBM Aspera Console 3.4.0 through 3.4.4 allows passwords to be reused when a new user logs into the system.
CVSS Score
3.1
EPSS Score
0.0
Published
2025-04-14