U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.


The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, product names, and impact metrics.

For information on how to cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity
  • CVE-2025-2866 - Improper Verification of Cryptographic Signature vulnerability in LibreOffice allows PDF Signature Spoofing by Improper Validation. In the affected versions of LibreOffice a flaw in the verification code for adbe.pkcs7.sha1 signatures could ca... read CVE-2025-2866
    Published: April 27, 2025; 3:15:15 PM -0400

    V3.1: 5.5 MEDIUM

  • CVE-2024-31879 - IBM i 7.2, 7.3, and 7.4 could allow a remote attacker to execute arbitrary code leading to a denial of service of network ports on the system, caused by the deserialization of untrusted data. IBM X-Force ID: 287539.
    Published: May 18, 2024; 12:15:47 PM -0400

  • CVE-2024-47104 - IBM i 7.4 and 7.5 is vulnerable to an authenticated user gaining elevated privilege to a physical file. A user with authority to a view can alter the based-on physical file security attributes without having object management rights to the physica... read CVE-2024-47104
    Published: December 18, 2024; 6:15:05 AM -0500

    V3.1: 6.8 MEDIUM

  • CVE-2024-51463 - IBM i 7.3, 7.4, and 7.5 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.
    Published: December 21, 2024; 9:15:21 AM -0500

    V3.1: 5.4 MEDIUM

  • CVE-2024-51464 - IBM i 7.3, 7.4, and 7.5 is vulnerable to bypassing Navigator for i interface restrictions. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to remotely perform operations that the user is not allo... read CVE-2024-51464
    Published: December 21, 2024; 9:15:21 AM -0500

  • CVE-2024-35122 - IBM i 7.2, 7.3, 7.4, and 7.5 is vulnerable to a file level local denial of service caused by an insufficient authority requirement. A local non-privileged user can configure a referential constraint with the privileges of a user socially engineere... read CVE-2024-35122
    Published: January 24, 2025; 1:15:31 PM -0500

    V3.1: 2.8 LOW

  • CVE-2024-52895 - IBM i 7.4 and 7.5 is vulnerable to a database access denial of service caused by a bypass of a database capabilities restriction check. A privileged bad actor can remove or otherwise impact database infrastructure files resulting in incorrect beha... read CVE-2024-52895
    Published: February 14, 2025; 10:15:09 AM -0500

    V3.1: 6.5 MEDIUM

  • CVE-2025-36004 - IBM i 7.2, 7.3, 7.4, and 7.5 could allow a user to gain elevated privileges due to an unqualified library call in IBM Facsimile Support for i. A malicious actor could cause user-controlled code to run with administrator privilege.
    Published: June 24, 2025; 11:15:27 PM -0400

    V3.1: 8.8 HIGH

  • CVE-2025-33122 - IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 could allow a user to gain elevated privileges due to an unqualified library call in IBM Advanced Job Scheduler for i. A malicious actor could cause user-controlled code to run with administrator privilege.
    Published: June 17, 2025; 2:15:25 PM -0400

    V3.1: 7.5 HIGH

  • CVE-2025-3218 - IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 is vulnerable to authentication and authorization attacks due to incorrect validation processing in IBM i Netserver. A malicious actor could use the weaknesses, in conjunction with brute force authentication atta... read CVE-2025-3218
    Published: May 06, 2025; 10:15:31 PM -0400

    V3.1: 5.4 MEDIUM

  • CVE-2025-2950 - IBM i 7.3, 7.4, 7.5, and 7.5 is vulnerable to a host header injection attack caused by improper neutralization of HTTP header content by IBM Navigator for i. An authenticated user can manipulate the host header in HTTP requests to change domain/IP... read CVE-2025-2950
    Published: April 18, 2025; 11:15:58 AM -0400

    V3.1: 5.4 MEDIUM

  • CVE-2024-55898 - IBM i 7.2, 7.3, 7.4, and 7.5 could allow a user with the capability to compile or restore a program to gain elevated privileges due to an unqualified library call. A malicious actor could cause user-controlled code to run with administrator privil... read CVE-2024-55898
    Published: February 23, 2025; 9:15:31 PM -0500

    V3.1: 8.5 HIGH

  • CVE-2022-39163 - IBM Cognos Controller 11.0.0 through 11.1.0 is vulnerable to a Client-Side Desync (CSD) attack where an attacker could exploit a desynchronized browser connection that could lead to further cross-site scripting (XSS) attacks.
    Published: March 26, 2025; 10:15:20 AM -0400

    V3.1: 4.7 MEDIUM

  • CVE-2024-40702 - IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller 11.1.0 could allow an unauthorized user to obtain valid tokens to gain access to protected resources due to improper certificate validation.
    Published: January 07, 2025; 11:15:33 AM -0500

    V3.1: 8.2 HIGH

  • CVE-2024-28778 - IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller 11.1.0 is vulnerable to exposure of Artifactory API keys. This vulnerability allows users to publish code to private packages or repositories under the name of the organization.
    Published: January 07, 2025; 11:15:33 AM -0500

    V3.1: 6.5 MEDIUM

  • CVE-2024-25037 - IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller 11.1.0 could allow a remote attacker to obtain sensitive information when a stack trace is returned in the browser.
    Published: January 07, 2025; 11:15:32 AM -0500

    V3.1: 4.3 MEDIUM

  • CVE-2022-22363 - IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller 11.1.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attac... read CVE-2022-22363
    Published: January 07, 2025; 11:15:28 AM -0500

    V3.1: 4.3 MEDIUM

  • CVE-2021-20455 - IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller 11.1.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attac... read CVE-2021-20455
    Published: January 07, 2025; 11:15:27 AM -0500

    V3.1: 3.7 LOW

  • CVE-2024-25048 - IBM MQ Appliance 9.3 CD and LTS are vulnerable to a heap-based buffer overflow, caused by improper bounds checking. A remote authenticated attacker could overflow a buffer and execute arbitrary code on the system or cause the server to crash. IBM... read CVE-2024-25048
    Published: April 27, 2024; 8:15:10 AM -0400

  • CVE-2024-54173 - IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD reveals potentially sensitive information in trace files that could be read by a local user when webconsole trace is enabled.
    Published: February 27, 2025; 10:15:09 PM -0500

    V3.1: 4.7 MEDIUM

Created September 20, 2022 , Updated August 27, 2024