Canva Affinity Out-of-Bounds Read Vulnerability (CNVD-2026-15860)

Canva Affinity is a range of professional graphic design and image editing software from Canva Australia. Canva Affinity suffers from an out-of-bounds read vulnerability, which can be exploited by an attacker to perform an out-of-bounds read using a specially crafted EMF file to disclose sensitiv...

PT-2026-28549

Name of the Vulnerable Software and Affected Versions Statamic versions prior to 5.73.16 Statamic versions prior to 6.7.2 Description The markdown preview endpoint in Statamic could be manipulated to retrieve augmented data from arbitrary fieldtypes. Specifically, an authenticated control panel...

PT-2026-28299

Name of the Vulnerable Software and Affected Versions HCL Aftermarket DPC affected versions not specified Description The software is subject to a Cross-Origin Resource Sharing issue. Improper CORS configurations can lead to the exposure of sensitive user information to attackers, unauthorized...

PT-2026-28264

Ruckus Access Point products contain an arbitrary file read vulnerability in the command-line interface that allows authenticated remote attackers with administrative privileges to read arbitrary files from the underlying filesystem. Attackers can exploit this vulnerability to access sensitive...

HCL Aftermarket DPC 安全漏洞

HCL Aftermarket DPC is a digital spare parts and aftermarket management platform for HCL India. HCL Aftermarket DPC suffers from a hard-coded vulnerability that originates from hard-coded sensitive data, which can be exploited by an attacker to gain access to source code or retrieve these...

EUVD-2026-16050

OpenEMR is a free and open source electronic health records and medical practice management application. A Broken Access Control vulnerability in OpenEMR up to and including version 8.0.0.3 allows low-privilege users to view and download Ensora eRx error logs without proper authorization checks...

CVE-2025-36187

IBM Knowledge Catalog Standard Cartridge 5.0.0, 5.0.1, 5.0.2, 5.0.3, 5.1, 5.1.1, 5,1.2, 5.1.3, 5.2.0, 5.2.1 stores potentially sensitive information in log files that could be read by a local privileged user...

EUVD-2026-15976

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to exposure of sensitive information via JSON server response manipulation...

EUVD-2025-209023

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 product stores user credentials and other sensitive information in plain text which can be read by a local user...

EUVD-2025-209029

IBM Concert 1.0.0 through 2.2.0 could allow a local user to obtain sensitive information due to missing function level access control...

EUVD-2025-209033

IBM Concert 1.0.0 through 2.2.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information...

EUVD-2025-209010

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 could allow an attacker to obtain sensitive information due to insufficiently protected credentials...

EUVD-2025-209016

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 could allow an attacker to obtain sensitive information from the query string of an HTTP GET method to process a request which could be obtained using man in the middle techniques...

CVE-2025-36187

IBM Knowledge Catalog Standard Cartridge 5.0.0, 5.0.1, 5.0.2, 5.0.3, 5.1, 5.1.1, 5,1.2, 5.1.3, 5.2.0, 5.2.1 stores potentially sensitive information in log files that could be read by a local privileged user...

CVE-2025-36187 Multiple Security vulnerabilities affecting IBM Knowledge Catalog Standard Cartridge

IBM Knowledge Catalog Standard Cartridge 5.0.0, 5.0.1, 5.0.2, 5.0.3, 5.1, 5.1.1, 5,1.2, 5.1.3, 5.2.0, 5.2.1 stores potentially sensitive information in log files that could be read by a local privileged user...

CVE-2025-36187 Multiple Security vulnerabilities affecting IBM Knowledge Catalog Standard Cartridge

IBM Knowledge Catalog Standard Cartridge 5.0.0, 5.0.1, 5.0.2, 5.0.3, 5.1, 5.1.1, 5,1.2, 5.1.3, 5.2.0, 5.2.1 stores potentially sensitive information in log files that could be read by a local privileged user...

CVE-2025-36187

CVE-2025-36187 is linked to IBM Knowledge Catalog Standard Cartridge. The IBM bulletin describes a vulnerability where the product stores potentially sensitive information in log files that could be read by a local privileged user ( CWE-532: Insertion of Sensitive Information into Log File ). Aff...

CVE-2025-64648

IBM Concert 1.0.0 through 2.2.0 transmits data in clear text that could allow an attacker to obtain sensitive information using man in the middle techniques...

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the DownloadFile and DownloadFileWithHeaders functions. An attacker can cause the server to make arbitrary HTTP requests to internal network resources by supplying crafted URLs during the migration...

CVE-2026-1014

CVE-2026-1014 affects IBM InfoSphere Information Server 11.7.0.0–11.7.1.6, where sensitive information can be exposed through manipulation of JSON server responses. The underlying issue is the manipulability of JSON server responses, enabling disclosure of sensitive data (CVSS v3.1 base score 6.5...