CVE-2026-32865

OPEXUS eComplaint and eCASE before version 10.1.0.0 include the secret verification code in the HTTP response when requesting a password reset via 'ForcePasswordReset.aspx'. An attacker who knows an existing user's email address can reset the user's password and security questions. Existing...

CVE-2025-13616 DataStage on Cloud Pak for Data is vulnerable to sensitive information leak due to HTTP response

IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 returns sensitive information in an HTTP response that could be used in further attacks against the system...

CVE-2025-13691

IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 returns sensitive information in an HTTP response that could be used to impersonate other users in the system...

CVE-2025-54956

CVE-2025-54956 affects the R package gh (pre-1.5.0). The vulnerability arises when an HTTP response is constructed to include the request’s Authorization header, potentially exposing credentials. Several connected advisories confirm the issue and provide mitigations: Debian LTS DLA-4378-1 notes a...

PYSEC-2024-310

Sentry is an error tracking and performance monitoring platform. Version 24.11.0, and only version 24.11.0, is vulnerable to a scenario where a specific error message generated by the Sentry platform could include a plaintext Client ID and Client Secret for an application integration. The Client ...