CVE-2026-29933

A reflected cross-site scripting XSS vulnerability in the /index/login.html component of YZMCMS v7.4 allows attackers to execute arbitrary Javascript in the context of the user's browser via modifying the referrer value in the request header...

AlmaLinux 9 : nginx (ALSA-2026:5599)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:5599 advisory. nginx: NGINX: Data injection via man-in-the-middle attack on TLS proxied connections CVE-2026-1642 Tenable has extracted the preceding description block directly...

PT-2026-28239

SAT CFDI 3.3 contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the 'id' parameter in the signIn endpoint. Attackers can submit POST requests with boolean-based blind, stacked queries, or time-based blind SQL injection payloa...

CVE-2026-33932

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, a stored cross-site scripting vulnerability in the CCDA document preview allows an attacker who can upload or send a CCDA document to execute arbitrary JavaScript in ...

CVE-2026-4823

A flaw has been found in Enter Software Iperius Backup up to 8.7.3. Affected by this vulnerability is an unknown functionality of the component NTLM2 Handler. Executing a manipulation can lead to information disclosure. The attack is restricted to local execution. Attacks of this nature are highl...

Authorization Bypass Through User-Controlled Key

Overview n8n is a n8n Workflow Automation Tool Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key in the Source Control feature when configured to use SSH, as the SSH command disables host key verification. An attacker can intercept repository dat...

EUVD-2026-15954

n8n's Source Control SSH Configuration Uses StrictHostKeyChecking=no...

CVE-2026-4823 Enter Software Iperius Backup NTLM2 information disclosure

A flaw has been found in Enter Software Iperius Backup up to 8.7.3. Affected by this vulnerability is an unknown functionality of the component NTLM2 Handler. Executing a manipulation can lead to information disclosure. The attack is restricted to local execution. Attacks of this nature are highl...

EUVD-2025-209035

IBM Concert 1.0.0 through 2.2.0 transmits data in clear text that could allow an attacker to obtain sensitive information using man in the middle techniques...

EUVD-2025-209016

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 could allow an attacker to obtain sensitive information from the query string of an HTTP GET method to process a request which could be obtained using man in the middle techniques...

CVE-2025-64648 Multiple Vulnerabilities in IBM Concert Software

IBM Concert 1.0.0 through 2.2.0 transmits data in clear text that could allow an attacker to obtain sensitive information using man in the middle techniques...

CVE-2025-64648

CVE-2025-64648 affects IBM Concert versions 1.0.0–2.2.0, where data is transmitted in clear text, enabling an attacker to obtain sensitive information via man-in-the-middle techniques. The CVSS/metrics indicate a Network attack vector, high confidentiality impact, no integrity/availability impact...

CVE-2025-64648 Multiple Vulnerabilities in IBM Concert Software

IBM Concert 1.0.0 through 2.2.0 transmits data in clear text that could allow an attacker to obtain sensitive information using man in the middle techniques...

CVE-2025-64648

IBM Concert 1.0.0 through 2.2.0 transmits data in clear text that could allow an attacker to obtain sensitive information using man in the middle techniques...

CVE-2026-33249 NATS: Message tracing can be redirected to arbitrary subject

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Starting in version 2.11.0 and prior to versions 2.11.15 and 2.12.6, a valid client which uses message tracing headers can indicate that the trace messages can be sent to an arbitrary valid subject,...

CVE-2025-14808 IBM InfoSphere Information Server is vulnerable due to disclosure of sensitive information

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 could allow an attacker to obtain sensitive information from the query string of an HTTP GET method to process a request which could be obtained using man in the middle techniques...

CVE-2025-14808

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 could allow an attacker to obtain sensitive information from the query string of an HTTP GET method to process a request which could be obtained using man in the middle techniques...

CVE-2025-14808

Summary: CVE-2025-14808 affects IBM InfoSphere Information Server 11.7.0.0–11.7.1.6. The issue allows information disclosure by reading sensitive data from the query string of an HTTP GET request, potentially exploitable via man‑in‑the‑middle techniques. The root cause is disclosure through the q...

CVE-2025-14808 IBM InfoSphere Information Server is vulnerable due to disclosure of sensitive information

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 could allow an attacker to obtain sensitive information from the query string of an HTTP GET method to process a request which could be obtained using man in the middle techniques...

CVE-2026-33219 NATS is vulnerable to pre-auth DoS through WebSockets client service

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, a malicious client which can connect to the WebSockets port can cause unbounded memory use in the nats-server before authentication; this requires sending a...