The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, product names, and impact metrics.
For information on how to cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.
Legal Disclaimer:
Here is where you can read the NVD legal disclaimer.
-
CVE-2025-2866 - Improper Verification of Cryptographic Signature vulnerability in LibreOffice allows PDF Signature Spoofing by Improper Validation. In the affected versions of LibreOffice a flaw in the verification code for adbe.pkcs7.sha1 signatures could ca... read CVE-2025-2866
Published: April 27, 2025; 3:15:15 PM -0400V3.1: 5.5 MEDIUM
-
CVE-2024-31879 - IBM i 7.2, 7.3, and 7.4 could allow a remote attacker to execute arbitrary code leading to a denial of service of network ports on the system, caused by the deserialization of untrusted data. IBM X-Force ID: 287539.
Published: May 18, 2024; 12:15:47 PM -0400 -
CVE-2024-47104 - IBM i 7.4 and 7.5 is vulnerable to an authenticated user gaining elevated privilege to a physical file. A user with authority to a view can alter the based-on physical file security attributes without having object management rights to the physica... read CVE-2024-47104
Published: December 18, 2024; 6:15:05 AM -0500V3.1: 6.8 MEDIUM
-
CVE-2024-51463 - IBM i 7.3, 7.4, and 7.5 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.
Published: December 21, 2024; 9:15:21 AM -0500V3.1: 5.4 MEDIUM
-
CVE-2024-51464 - IBM i 7.3, 7.4, and 7.5 is vulnerable to bypassing Navigator for i interface restrictions. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to remotely perform operations that the user is not allo... read CVE-2024-51464
Published: December 21, 2024; 9:15:21 AM -0500 -
CVE-2024-35122 - IBM i 7.2, 7.3, 7.4, and 7.5 is vulnerable to a file level local denial of service caused by an insufficient authority requirement. A local non-privileged user can configure a referential constraint with the privileges of a user socially engineere... read CVE-2024-35122
Published: January 24, 2025; 1:15:31 PM -0500V3.1: 2.8 LOW
-
CVE-2024-52895 - IBM i 7.4 and 7.5 is vulnerable to a database access denial of service caused by a bypass of a database capabilities restriction check. A privileged bad actor can remove or otherwise impact database infrastructure files resulting in incorrect beha... read CVE-2024-52895
Published: February 14, 2025; 10:15:09 AM -0500V3.1: 6.5 MEDIUM
-
CVE-2025-36004 - IBM i 7.2, 7.3, 7.4, and 7.5 could allow a user to gain elevated privileges due to an unqualified library call in IBM Facsimile Support for i. A malicious actor could cause user-controlled code to run with administrator privilege.
Published: June 24, 2025; 11:15:27 PM -0400V3.1: 8.8 HIGH
-
CVE-2025-33122 - IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 could allow a user to gain elevated privileges due to an unqualified library call in IBM Advanced Job Scheduler for i. A malicious actor could cause user-controlled code to run with administrator privilege.
Published: June 17, 2025; 2:15:25 PM -0400V3.1: 7.5 HIGH
-
CVE-2025-3218 - IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 is vulnerable to authentication and authorization attacks due to incorrect validation processing in IBM i Netserver. A malicious actor could use the weaknesses, in conjunction with brute force authentication atta... read CVE-2025-3218
Published: May 06, 2025; 10:15:31 PM -0400V3.1: 5.4 MEDIUM
-
CVE-2025-2950 - IBM i 7.3, 7.4, 7.5, and 7.5 is vulnerable to a host header injection attack caused by improper neutralization of HTTP header content by IBM Navigator for i. An authenticated user can manipulate the host header in HTTP requests to change domain/IP... read CVE-2025-2950
Published: April 18, 2025; 11:15:58 AM -0400V3.1: 5.4 MEDIUM
-
CVE-2024-55898 - IBM i 7.2, 7.3, 7.4, and 7.5 could allow a user with the capability to compile or restore a program to gain elevated privileges due to an unqualified library call. A malicious actor could cause user-controlled code to run with administrator privil... read CVE-2024-55898
Published: February 23, 2025; 9:15:31 PM -0500V3.1: 8.5 HIGH
-
CVE-2022-39163 - IBM Cognos Controller 11.0.0 through 11.1.0 is vulnerable to a Client-Side Desync (CSD) attack where an attacker could exploit a desynchronized browser connection that could lead to further cross-site scripting (XSS) attacks.
Published: March 26, 2025; 10:15:20 AM -0400V3.1: 4.7 MEDIUM
-
CVE-2024-40702 - IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller 11.1.0 could allow an unauthorized user to obtain valid tokens to gain access to protected resources due to improper certificate validation.
Published: January 07, 2025; 11:15:33 AM -0500V3.1: 8.2 HIGH
-
CVE-2024-28778 - IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller 11.1.0 is vulnerable to exposure of Artifactory API keys. This vulnerability allows users to publish code to private packages or repositories under the name of the organization.
Published: January 07, 2025; 11:15:33 AM -0500V3.1: 6.5 MEDIUM
-
CVE-2024-25037 - IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller 11.1.0 could allow a remote attacker to obtain sensitive information when a stack trace is returned in the browser.
Published: January 07, 2025; 11:15:32 AM -0500V3.1: 4.3 MEDIUM
-
CVE-2022-22363 - IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller 11.1.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attac... read CVE-2022-22363
Published: January 07, 2025; 11:15:28 AM -0500V3.1: 4.3 MEDIUM
-
CVE-2021-20455 - IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller 11.1.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attac... read CVE-2021-20455
Published: January 07, 2025; 11:15:27 AM -0500V3.1: 3.7 LOW
-
CVE-2024-25048 - IBM MQ Appliance 9.3 CD and LTS are vulnerable to a heap-based buffer overflow, caused by improper bounds checking. A remote authenticated attacker could overflow a buffer and execute arbitrary code on the system or cause the server to crash. IBM... read CVE-2024-25048
Published: April 27, 2024; 8:15:10 AM -0400 -
CVE-2024-54173 - IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD reveals potentially sensitive information in trace files that could be read by a local user when webconsole trace is enabled.
Published: February 27, 2025; 10:15:09 PM -0500V3.1: 4.7 MEDIUM