3 matches found
CVE-2025-36373 Incorrect administrative access control in IBM DataPower Gateway
IBM DataPower Gateway 10.6CD 10.6.1.0 through 10.6.5.0 and IBM DataPower Gateway 10.5.0 10.5.0.0 through 10.5.0.20 and IBM DataPower Gateway 10.6.0 10.6.0.0 through 10.6.0.8 IBM DataPower Gateway could disclose sensitive system information from other domains to an administrative user...
CVE-2025-36373
IBM DataPower Gateway contains an information-disclosure vulnerability (CVE-2025-36373) where sensitive system information from other domains can be disclosed to an administrative user. Affected are IBM DataPower Gateway 10.6CD (10.6.1.0–10.6.5.0), 10.5.0 series (10.5.0.0–10.5.0.20), and 10.6.0 s...
CVE-2026-33915 OpenEMR Missing ACL Checks on Insurance Company API Routes
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, five insurance company REST API routes are missing the RestConfig::requestauthorizationcheck call that every other data-modifying route in the standard API uses. This...