6.2
CVE-2025-36364 - IBM DevOps Plan REST APIs are vulnerable to exposure of sensitive data through request query parame…
IBM DevOps Plan 3.0.0 through 3.0.5 allows web page cache to be stored locally which can be read by another user on the system.
4.3
CVE-2026-1265 - IBM InfoSphere Information Server is vulnerable due to sensitive information written to a log file
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to writing of sensitive Information in a log file.
6.5
CVE-2026-2606 - IBM webMethods API Management fails to validate user input and enables unauthorized arbitrary file …
IBM webMethods API Gateway (on-prem) 10.11 through 10.11_Fix3210.15 to 10.15_Fix2711.1 to 11.1_Fix7 IBM webMethods API Management (on-prem) fails to properly validate user-supplied input passed to the url parameter on the /createapi endpoint. An attacker can modify this parameter to use a file:// U…
5.3
CVE-2026-3484 - PhialsBasement nmap-mcp-server Nmap CLI index.ts child_process.exec command injection
A vulnerability was detected in PhialsBasement nmap-mcp-server up to bee6d23547d57ae02460022f7c78ac0893092e38. Affected by this issue is the function child_process.exec of the file src/index.ts of the component Nmap CLI Command Handler. The manipulation results in command injection. The attack may …
4.9
CVE-2026-2376 - Mirror-registry: quay: quay: server-side request forgery via open redirect vulnerability in web int…
A flaw was found in mirror-registry where an authenticated user can trick the system into accessing unintended internal or restricted systems by providing malicious web addresses. When the application processes these addresses, it automatically follows redirects without verifying the final destin…
5.2
CVE-2026-2915 - HP System Event Utility – Denial of Service
HP System Event Utility might allow denial of service with elevated arbitrary file writes. This potential vulnerability was remediated with HP System Event Utility version 3.2.16.
5.3
CVE-2026-3494 - MariaDB Server Audit Plugin Comment Handling Bypass
In MariaDB server version through 11.8.5, when server audit plugin is enabled with server_audit_events variable configured with QUERY_DCL, QUERY_DDL, or QUERY_DML filtering, if an authenticated database user invokes a SQL statement prefixed with double-hyphen (—) or hash (#) style comments, the sta…
9.3
CVE-2026-3437 - Improper Restriction of Operations within the Bounds of a Memory Buffer in Portwell Engineering Too…
An Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Portwell Engineering Toolkits version 4.8.2 could allow a local authenticated attacker to read and write to arbitrary memory via the Portwell Engineering Toolkits driver. Successful exploitation of this vuln…
5.3
CVE-2026-0540 - DOMPurify XSS via Missing Rawtext Elements in SAFE_FOR_XML
DOMPurify 3.1.3 through 3.3.1 and 2.5.3 through 2.5.8, fixed in commit 2726c74, contain a cross-site scripting vulnerability that allows attackers to bypass attribute sanitization by exploiting five missing rawtext elements (noscript, xmp, noembed, noframes, iframe) in the SAFE_FOR_XML regex. Attac…
5.1
CVE-2025-15599 - DOMPurify XSS via Textarea Rawtext Bypass in SAFE_FOR_XML
DOMPurify 3.1.3 through 3.2.6 and 2.5.3 through 2.5.8 contain a cross-site scripting vulnerability that allows attackers to bypass attribute sanitization by exploiting missing textarea rawtext element validation in the SAFE_FOR_XML regex. Attackers can include closing rawtext tags like </textarea> …