4.7
CVE-2026-34561 - CI4MS: System Settings (Social Media Management) Full Platform Compromise & Full Account Takeover fβ¦
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input within System Settings β Social Media Management. Multiple configβ¦
9.1
CVE-2026-34560 - CI4MS: Logs Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application renders user-controlled input unsafely within the logs interface. If any stored XSS payload exists within logged dβ¦
9.1
CVE-2026-34559 - CI4MS: Blogs Tags Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input when creating or editing blog tags. An attacker can inject a maliβ¦
3.1
CVE-2026-2475 - Security Vulnerabilities have been found in IBM Verify Identity Access and IBM Security Verify Acceβ¦
IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 could allow a remote attacker to conduct phishing attacks, caused by an opeβ¦
8.7
CVE-2026-34543 - OpenEXR: Heap information disclosure in PXR24 decompression via unchecked decompressed size (undo_pβ¦
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From version 3.4.0 to before version 3.4.8, sensitive information from heap memory may be leaked through the decoded pixel data (information disclosure). β¦
8.4
CVE-2026-34544 - OpenEXR: integer overflow to OOB write in uncompress_b44_impl()
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From version 3.4.0 to before version 3.4.8, a crafted B44 or B44A EXR file can cause an out-of-bounds write in any application that decodes it via exr_decβ¦
4.3
CVE-2026-4820 - IBM Maximo Application Suite was vulnerable to because Cookie ltpatoken2_<workspace_name> was not sβ¦
IBM Maximo Application Suite 9.1, 9.0, 8.11, and 8.10 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the β¦
8.4
CVE-2026-34545 - OpenEXR: integer overflow lead to OOB in HTJ2K decoder
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From version 3.4.0 to before version 3.4.7, an attacker providing a crafted .exr file with HTJ2K compression and a channel width of 32768 can write controβ¦
4.1
CVE-2025-36373 - Incorrect administrative access control in IBM DataPower Gateway
IBM DataPower Gateway 10.6CD 10.6.1.0 through 10.6.5.0 and IBM DataPower Gateway 10.5.0 10.5.0.0 through 10.5.0.20 and IBM DataPower Gateway 10.6.0 10.6.0.0 through 10.6.0.8 IBM DataPower Gateway could disclose sensitive system information from other domains to an administrative user.
5.9
CVE-2025-13916 - Multiple vulnerabilities have been addressed in IBM Aspera Shares
IBM Aspera Shares 1.9.9 through 1.11.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information