EUVD-2025-209035

IBM Concert 1.0.0 through 2.2.0 transmits data in clear text that could allow an attacker to obtain sensitive information using man in the middle techniques...

CVE-2025-64646

IBM Concert 1.0.0 through 2.2.0 could allow an attacker to access sensitive information in memory due to the buffer not properly clearing resources...

n8n: LDAP Email-Based Account Linking Allows Privilege Escalation and Account Takeover

Impact When LDAP authentication is enabled, n8n automatically linked an LDAP identity to an existing local account if the LDAP email attribute matched the local account's email. An authenticated LDAP user who could control their own LDAP email attribute could set it to match another user's email ...

CVE-2025-64648

IBM Concert 1.0.0 through 2.2.0 transmits data in clear text that could allow an attacker to obtain sensitive information using man in the middle techniques...

CVE-2025-64647 Multiple Vulnerabilities in IBM Concert Software

IBM Concert 1.0.0 through 2.2.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information...

CVE-2025-64647 Multiple Vulnerabilities in IBM Concert Software

IBM Concert 1.0.0 through 2.2.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information...

CVE-2025-64646 Multiple Vulnerabilities in IBM Concert Software

IBM Concert 1.0.0 through 2.2.0 could allow an attacker to access sensitive information in memory due to the buffer not properly clearing resources...

CVE-2025-36440 Multiple Vulnerabilities in IBM Concert Software

IBM Concert 1.0.0 through 2.2.0 could allow a local user to obtain sensitive information due to missing function level access control...

CVE-2025-36440 Multiple Vulnerabilities in IBM Concert Software

IBM Concert 1.0.0 through 2.2.0 could allow a local user to obtain sensitive information due to missing function level access control...

CVE-2025-36438 Multiple Vulnerabilities in IBM Concert Software

IBM Concert 1.0.0 through 2.2.0 could allow a privileged user to perform unauthorized actions due to improper restriction of channel communication to intended endpoints...

CVE-2025-36438

IBM Concert 1.0.0 through 2.2.0 could allow a privileged user to perform unauthorized actions due to improper restriction of channel communication to intended endpoints...

CVE-2025-12708 Multiple Vulnerabilities in IBM Concert Software

IBM Concert 1.0.0 through 2.2.0 contains hard-coded credentials that could be obtained by a local user...

CVE-2025-12708 Multiple Vulnerabilities in IBM Concert Software

IBM Concert 1.0.0 through 2.2.0 contains hard-coded credentials that could be obtained by a local user...

CVE-2025-70887

An issue in ralphje Signify before v.0.9.2 allows a remote attacker to escalate privileges via the signeddata.py and the context.py components...

CVE-2026-33749 n8n Vulnerable to XSS via Binary Data Inline HTML Rendering

n8n is an open source workflow automation platform. Prior to versions 1.123.27, 2.13.3, and 2.14.1, an authenticated user with permission to create or modify workflows could craft a workflow that produces an HTML binary data object without a filename. The /rest/binary-data endpoint served such...

EUVD-2026-15839

Missing Authorization vulnerability in Link Software LLC WP Terms Popup wp-terms-popup allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Terms Popup: from n/a through = 2.10.0...

@11ty/eleventy (=3.0.0-alpha.16), @agiflowai/aicode-toolkit (>=0.6.0 <=1.0.24) +60 more potentially affected by CVE-2026-33285 via liquidjs (>=10.10.0 <=10.24.0)

liquidjs NPM version =10.10.0, =0.6.0, =0.1.0, =0.0.0, =1.0.1-beta.0, =1.6.3, =3.11.0, =3.11.0, =3.11.0, =1.1.0, =15.0.0, =34.0.0 - @fahami/directus-pkce =1.0.0 and more Source cves: CVE-2026-33285 Source advisory: OSV:GHSA-9R5M-9576-7F6X...

CVE-2026-32500

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in CreativeWS MetaMax metamax allows PHP Local File Inclusion.This issue affects MetaMax: from n/a through = 1.1.4...

CVE-2026-32495

Missing Authorization vulnerability in Link Software LLC WP Terms Popup wp-terms-popup allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Terms Popup: from n/a through = 2.10.0...

CVE-2026-25458

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Select-Themes Moments moments allows PHP Local File Inclusion.This issue affects Moments: from n/a through = 2.2...