644 matches found
CVE-2026-33872
elixir-nodejs provides an Elixir API for calling Node.js functions. A vulnerability in versions prior to 3.1.4 results in Cross-User Data Leakage or Information Disclosure due to a race condition in the worker protocol. The lack of request-response correlation creates a "stale response"...
WordPress Ninja Forms plugin <= 3.14.1 - Authenticated (Contributor+) Sensitive Information Disclosure via Block Editor Token vulnerability
Authenticated Contributor+ Sensitive Information Disclosure via Block Editor Token vulnerability discovered by Lucas Montes NiRoX in WordPress Plugin Ninja Forms versions = 3.14.1...
Dolibarr Core Discloses Sensitive Data via Authenticated Local File Inclusion in selectobject.php
Authenticated Local File Inclusion LFI via selectobject.php leading to sensitive data disclosure Target Dolibarr Core Tested on version 22.0.4 Summary A Local File Inclusion LFI vulnerability has been discovered in the core AJAX endpoint /core/ajax/selectobject.php. By manipulating the objectdesc...
GHSA-2MFJ-R695-5H9R Dolibarr Core Discloses Sensitive Data via Authenticated Local File Inclusion in selectobject.php
Authenticated Local File Inclusion LFI via selectobject.php leading to sensitive data disclosure Target Dolibarr Core Tested on version 22.0.4 Summary A Local File Inclusion LFI vulnerability has been discovered in the core AJAX endpoint /core/ajax/selectobject.php. By manipulating the objectdesc...
GHSA-HGGM-X7R9-MM7V OpenClaw is vulnerable to Path Traversal through path validation bypass
OpenClaw through 2026.3.23 fixed in commit 4797bbc contains a path traversal vulnerability in media parsing that allows attackers to read arbitrary files by bypassing path validation in the isLikelyLocalPath and isValidMedia functions. Attackers can exploit incomplete validation and the...
CVE-2025-65119
An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information...
CVE-2025-62500
An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information...
Canva Affinity Out-of-Bounds Read Vulnerability (CNVD-2026-15845)
Canva Affinity is a range of professional graphic design and image editing software from Canva Australia. Canva Affinity suffers from an out-of-bounds read vulnerability, which can be exploited by an attacker to perform an out-of-bounds read using a specially crafted EMF file to disclose sensitiv...
EUVD-2026-16050
OpenEMR is a free and open source electronic health records and medical practice management application. A Broken Access Control vulnerability in OpenEMR up to and including version 8.0.0.3 allows low-privilege users to view and download Ensora eRx error logs without proper authorization checks...
CVE-2025-14790
CVE-2025-14790 affects IBM InfoSphere Information Server (versions 11.7.0.0–11.7.1.6). The IBM bulletin describes a sensitive information disclosure due to insufficiently protected credentials (CWE-522). Impact is information exposure without exploitation details provided. Remediation: upgrade to...
Security Bulletin: IBM InfoSphere Information Server is vulnerable to disclosure of sensitive information (CVE-2025-14790)
Summary A sensitive information disclosure vulnerability in IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2025-14790 DESCRIPTION: IBM InfoSphere Information Server could allow an attacker to obtain sensitive information due to insufficiently protected credential...
EUVD-2025-208800
An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information...
EUVD-2026-12616
An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information...
CVE-2025-66503
An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information...
CVE-2025-64735
An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information...
CVE-2025-64733
An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information...
CVE-2025-62500
An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information...
CVE-2025-66000
An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information...
CVE-2025-66000
An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information...
CVE-2025-66503
Canva Affinity CVE-2025-66503 is an out-of-bounds read vulnerability in the EMF handling code. Talos documents describe it as an EMF file processing issue (EMR_POLYBEZIERTO) that can read memory outside the intended bounds, potentially causing disclosure of sensitive information. Affected product...