CVE-2026-31844

CVE-2026-31844 describes an authenticated SQL Injection (CWE-89) vulnerability in the Koha web application, exploitable by a low-privileged staff user via the displayby parameter of /cgi-bin/koha/suggestion/suggestion.pl. The issue allows arbitrary SQL queries and access to sensitive database inf...

EUVD-2026-11107

A flaw was found in Keycloak. An authenticated user with the view-users role could exploit a vulnerability in the UserResource component. By accessing a specific administrative endpoint, this user could improperly retrieve user attributes that were configured to be hidden. This unauthorized...

CVE-2026-3911

A flaw was found in Keycloak. An authenticated user with the view-users role could exploit a vulnerability in the UserResource component. By accessing a specific administrative endpoint, this user could improperly retrieve user attributes that were configured to be hidden. This unauthorized...

Authorization Bypass Through User-Controlled Key

Overview sylius/sylius is a platform for PHP, based on Symfony framework. Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via unvalidated resource IDs accepted through LiveArg parameters in multiple LiveComponents. An attacker can access...

PT-2026-24829

CVE-2026-0520 A potential vulnerability was reported in the Lenovo FileZ Android application that, under certain conditions, could allow a local authenticated user to retrieve some s… https://t.co/GakGcTOAc1...

CVE-2025-70027

An issue pertaining to CWE-918: Server-Side Request Forgery was discovered in Sunbird-Ed SunbirdEd-portal v1.13.4. This allows attackers to obtain sensitive information...

PT-2026-24583

Name of the Vulnerable Software and Affected Versions Keycloak affected versions not specified Description An issue exists in Keycloak where an authenticated user possessing the view-users role can access and retrieve user attributes intended to be hidden. This occurs through exploitation of a fl...

Lenovo Filez 安全漏洞

Lenovo Filez is an enterprise cloud storage service provided by Lenovo Corporation. Lenovo FileZ has a security vulnerability, which stems from the possibility for locally authenticated users under certain conditions to retrieve sensitive data stored in log files...

Keycloak 安全漏洞

Keycloak is an open-source identity and access management solution developed by Keycloak. There is a security vulnerability in Keycloak, which stems from a flaw in the UserResource component. This vulnerability could allow authenticated users with the view-users role to improperly retrieve user...

Palo Alto Networks Cortex XDR Broker VM 安全漏洞

Palo Alto Networks Cortex XDR Broker VM is a secure virtual machine developed by Palo Alto Networks. It integrates with Cortex XDR and can bridge networks with Cortex XDR. There is a security vulnerability in Palo Alto Networks Cortex XDR Broker VM, which stems from information leakage. This...

PT-2026-24755

An information disclosure vulnerability in Palo Alto Networks Cortex XDR® Broker VM allows an authenticated user to obtain and modify sensitive information by triggering live terminal session via Cortex UI and modifying any configuration setting. The attacker must have network access to the Broke...

Microsoft Excel Information Disclosure Vulnerability (CNVD-2026-16157)

Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft USA. An information leakage vulnerability exists in Microsoft Excel, which can be exploited by attackers to obtain sensitive information...

CVE-2025-70027

CVE-2025-70027 is linked to a Server-Side Request Forgery in the Sunbird-Ed SunbirdEd-portal v1.13.4. The connected sources identify the affected software and the attack type (SSRF) and note that attackers can obtain sensitive information. The exact root cause details, affected components beyond ...

WordPress Core <= 6.9.1 - Missing Authorization to Authenticated (Author+) Sensitive Information Disclosure vulnerability

Missing Authorization to Authenticated Author+ Sensitive Information Disclosure vulnerability discovered by Vitaly Simonovich in WordPress core versions = 6.9.1...

EUVD-2025-208511

IBM Aspera Orchestrator 3.0.0 through 4.1.2 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history...

CVE-2025-13219

IBM Aspera Orchestrator 3.0.0 through 4.1.2 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history...

Vulnerabilities fixed in Microsoft Azure

Microsoft has fixed vulnerabilities in several Azure components. A malicious party could exploit the vulnerabilities to impersonate another user, grant themselves elevated privileges or gain access to sensitive data. Azure Entra ID: |----------------|------|-------------------------------------| ...

CVE-2025-13219

CVE-2025-13219 affects IBM Aspera Orchestrator versions 3.0.0–4.1.2. The vulnerability stems from storing sensitive data in URL parameters, potentially exposing confidential information via server logs, referrer headers, or browser history. The Red Hat/IBM advisories and IBM security bulletin con...

EUVD-2026-10658

Exposure of sensitive information to an unauthorized actor in Windows Accessibility Infrastructure ATBroker.exe allows an authorized attacker to disclose information locally...

EUVD-2026-10655

Exposure of sensitive information to an unauthorized actor in Windows Shell Link Processing allows an unauthorized attacker to perform spoofing over a network...