| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2025-36000 | IBM WebSphere Application Server Liberty cross-site scripting | S | |
| CVE-2025-36003 | IBM Security Verify Governance Identity Manager information disclosure | S | |
| CVE-2025-36004 | IBM i privilege escalation | S | |
| CVE-2025-36005 | IBM MQ Operator information disclosure | S | |
| CVE-2025-36010 | IBM Db2 for Linux denial of service | S | |
| CVE-2025-36014 | IBM Integration Bus for z/OS code injection | S | |
| CVE-2025-36016 | IBM Process Mining HTTP open redirect | S | |
| CVE-2025-36020 | IBM Guardium Data Protection information disclosure | S | |
| CVE-2025-36023 | IBM Cloud Pak for Business Automation security bypass | S | |
| CVE-2025-36026 | IBM Datacap information disclosure | S | |
| CVE-2025-36027 | IBM Datacap clickjacking | S | |
| CVE-2025-36034 | IBM InfoSphere DataStage Flow Designer information disclosure | S | |
| CVE-2025-36038 | IBM WebSphere Application Server code execution | S | |
| CVE-2025-36039 | IBM Aspera Faspex bypass security | S | |
| CVE-2025-36040 | IBM Aspera Faspex session fixation | S | |
| CVE-2025-36041 | IBM MQ improper certificate validation | S | |
| CVE-2025-36042 | IBM QRadar SIEM cross-site scripting | S | |
| CVE-2025-36047 | IBM WebSphere Application Server Liberty denial of service | S | |
| CVE-2025-36048 | IBM webMethods Integration Sever code execution | S | |
| CVE-2025-36049 | IBM webMethods Integration Sever XML external entity injection | S | |
| CVE-2025-36050 | IBM QRadar SIEM information disclosure | S | |
| CVE-2025-36056 | IBM System Storage Virtualization Engine TS7700 cross-site scripting | S | |
| CVE-2025-36057 | IBM Cognos Analytics Mobile (iOS) authentication bypass | S | |
| CVE-2025-36062 | IBM Cognos Analytics Mobile (iOS) information disclosure | S | |
| CVE-2025-36071 | IBM Db2 denial of service | S | |
| CVE-2025-36088 | IBM TS4500 cross-site scripting | S | |
| CVE-2025-36090 | IBM Analytics Content Hub information disclosure | S | |
| CVE-2025-36097 | IBM WebSphere Application Server denial of service | S | |
| CVE-2025-36104 | IBM Storage Scale information disclosure | S | |
| CVE-2025-36106 | IBM Cognos Analytics Mobile (iOS) information disclosure | S | |
| CVE-2025-36107 | IBM Cognos Analytics Mobile (iOS) information disclosure | S | |
| CVE-2025-36114 | IBM QRadar SOAR Plugin App path traversal | S | |
| CVE-2025-36116 | IBM Db2 Mirror for i cross-site websocket hijacking | S | |
| CVE-2025-36117 | IBM Db2 Mirror for i session fixation | S | |
| CVE-2025-36119 | IBM i authentication bypass | S | |
| CVE-2025-36120 | IBM Storage Virtualize privilege escalation | S | |
| CVE-2025-36124 | IBM WebSphere Application Server Liberty bypass security | S | |
| CVE-2025-36157 | IBM Engineering Lifecycle Management incorrect authorization | S | |
| CVE-2025-36174 | IBM Integrated Analytics System file upload | S | |
| CVE-2025-36504 | BIG-IP HTTP/2 vulnerability | | |
| CVE-2025-36506 | External control of file name or path issue exists in RICOH Streamline NX V3 PC Client versions 3.5.... | | |
| CVE-2025-36512 | A denial of service vulnerability exists in the Bloomberg Comdb2 8.1 database when handling a distri... | E | |
| CVE-2025-36513 | Cross-site request forgery vulnerability exists in surveillance cameras provided by i-PRO Co., Ltd..... | | |
| CVE-2025-36519 | Unrestricted upload of file with dangerous type issue exists in WRC-2533GST2 and WRC-1167GST2. If a ... | | |
| CVE-2025-36520 | A null pointer dereference vulnerability exists in the net_connectmsg Protocol Buffer Message functi... | E | |
| CVE-2025-36521 | MicroDicom DICOM Viewer Out-of-bounds Read | S | |
| CVE-2025-36525 | BIG-IP APM PingAccess Virtual Server Vulnerability | | |
| CVE-2025-36527 | SQL Injection | | |
| CVE-2025-36528 | SQL Injection | | |
| CVE-2025-36529 | An OS command injection issue exists in multiple versions of TB-eye network recorders and AHD record... | | |
| CVE-2025-36530 | Import Path Traversal Enables Unauthorized Unsigned Plugin Installation | S | |
| CVE-2025-36535 | AutomationDirect MB-Gateway Missing Authentication for Critical Function | M | |
| CVE-2025-36537 | Incorrect Permission Assignment for Critical Resource in TeamViewer Remote Management | S | |
| CVE-2025-36539 | AVEVA PI Data Archive Uncaught Exception | S | |
| CVE-2025-36546 | F5OS Appliance Mode vulnerability | | |
| CVE-2025-36548 | A cross-site scripting (xss) vulnerability exists in the LoginWordPress loginForm cancelUri paramete... | E | |
| CVE-2025-36557 | BIG-IP HTTP vulnerability | | |
| CVE-2025-36558 | KUNBUS Revolution Pi Improper Neutralization of Server-Side Includes (SSI) Within a Web Page | S | |
| CVE-2025-36560 | Server-side request forgery vulnerability exists in a-blog cms multiple versions. If this vulnerabil... | | |
| CVE-2025-36563 | Reflected cross-site scripting vulnerability exists in multiple versions of PowerCMS. If a product a... | | |
| CVE-2025-36564 | Dell Encryption Admin Utilities versions prior to 11.10.2 contain an Improper Link Resolution vulner... | | |
| CVE-2025-36572 | Dell PowerStore, version(s) 4.0.0.0, contain(s) an Use of Hard-coded Credentials vulnerability in th... | | |
| CVE-2025-36573 | Dell Smart Dock Firmware, versions prior to 01.00.08.01, contain an Insertion of Sensitive Informati... | | |
| CVE-2025-36574 | Dell Wyse Management Suite, versions prior to WMS 5.2, contain an Absolute Path Traversal vulnerabil... | | |
| CVE-2025-36575 | Dell Wyse Management Suite, versions prior to WMS 5.2, contain an Exposure of Sensitive Information ... | | |
| CVE-2025-36576 | Dell Wyse Management Suite, versions prior to WMS 5.2, contain a Cross-Site Request Forgery (CSRF) v... | | |
| CVE-2025-36577 | Dell Wyse Management Suite, versions prior to WMS 5.2, contain an Improper Neutralization of Input D... | | |
| CVE-2025-36578 | Dell Wyse Management Suite, versions prior to WMS 5.2, contain an Incorrect Authorization vulnerabil... | | |
| CVE-2025-36580 | Dell Wyse Management Suite, versions prior to WMS 5.2, contain an Improper Neutralization of Input D... | | |
| CVE-2025-36581 | Dell PowerEdge Platform version(s) 14G AMD BIOS v1.25.0 and prior, contain(s) an Access of Memory Lo... | | |
| CVE-2025-36582 | Dell NetWorker, versions 19.12.0.1 and prior, contains a Selection of Less-Secure Algorithm During N... | | |
| CVE-2025-36593 | Dell OpenManage Network Integration, versions prior to 3.8, contains an Authentication Bypass by Cap... | | |
| CVE-2025-36594 | Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions ... | | |
| CVE-2025-36595 | Dell Unisphere for PowerMax vApp, version(s) 9.2.4.x, contain(s) an Improper Neutralization of Direc... | | |
| CVE-2025-36599 | Dell PowerFlex Manager VM, versions prior to 4.6.2.1, contains an Insertion of Sensitive Information... | | |
| CVE-2025-36600 | Dell Client Platform BIOS contains an Improper Access Control Applied to Mirrored or Aliased Memory ... | | |
| CVE-2025-36603 | Dell AppSync, version(s) 4.6.0.0, contains an Improper Restriction of XML External Entity Reference ... | | |
| CVE-2025-36604 | Dell Unity, version(s) 5.5 and prior, contain(s) an Improper Neutralization of Special Elements used... | | |
| CVE-2025-36605 | Dell Unity, version(s) 5.5 and prior, contain(s) an Improper Neutralization of Input During Web Page... | | |
| CVE-2025-36606 | Dell Unity, version(s) 5.5 and prior, contain(s) an OS Command Injection Vulnerability in its svc_nf... | | |
| CVE-2025-36607 | Dell Unity, version(s) 5.5 and prior, contain(s) an OS Command Injection Vulnerability in its svc_na... | | |
| CVE-2025-36608 | Dell SmartFabric OS10 Software, versions prior to 10.6.0.5, contains an Improper Restriction of XML ... | | |
| CVE-2025-36609 | Dell SmartFabric OS10 Software, versions prior to 10.6.0.5, contains a Use of Hard-coded Password vu... | | |
| CVE-2025-36611 | Dell Encryption and Dell Security Management Server, versions prior to 11.11.0, contain an Improper ... | | |
| CVE-2025-36612 | SupportAssist for Business PCs, version(s) 4.5.3 and prior, contain(s) an Incorrect Privilege Assign... | | |
| CVE-2025-36613 | SupportAssist for Home PCs versions 4.6.3 and prior and SupportAssist for Business PCs versions 4.5.... | | |
| CVE-2025-36625 | Log Poisoning in Nessus | S | |
| CVE-2025-36630 | Local Privilege Escalation | S | |
| CVE-2025-36631 | Local Privilege Escalation | S | |
| CVE-2025-36632 | Local Privilege Escalation | S | |
| CVE-2025-36633 | Local Privilege Escalation | S | |
| CVE-2025-36727 | SimpleHelp Inclusion of functionality from untrusted control sphere | | |
| CVE-2025-36728 | SimpleHelp Cross Site Request Forgery | | |
| CVE-2025-36729 | RACOM M!DGE2 Privilege Escalation via SDK Testing Endpoint | | |
| CVE-2025-36845 | An issue was discovered in Eveo URVE Web Manager 27.02.2025. The endpoint /_internal/redirect.php al... | | |
| CVE-2025-36846 | An issue was discovered in Eveo URVE Web Manager 27.02.2025. The application exposes a /_internal/pc... | | |
| CVE-2025-36852 | Build Cache Poisoning via Untrusted Pull Requests | |