4.7
CVE-2026-34562 - CI4MS: System Settings (Company Information) Full Platform Compromise & Full Account Takeover for Aโฆ
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input within System Settings โ Company Information. Several administratโฆ
4.7
CVE-2026-34561 - CI4MS: System Settings (Social Media Management) Full Platform Compromise & Full Account Takeover fโฆ
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input within System Settings โ Social Media Management. Multiple configโฆ
9.1
CVE-2026-34560 - CI4MS: Logs Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application renders user-controlled input unsafely within the logs interface. If any stored XSS payload exists within logged dโฆ
9.1
CVE-2026-34559 - CI4MS: Blogs Tags Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input when creating or editing blog tags. An attacker can inject a maliโฆ
3.1
CVE-2026-2475 - Security Vulnerabilities have been found in IBM Verify Identity Access and IBM Security Verify Acceโฆ
IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 could allow a remote attacker to conduct phishing attacks, caused by an opeโฆ
8.7
CVE-2026-34543 - OpenEXR: Heap information disclosure in PXR24 decompression via unchecked decompressed size (undo_pโฆ
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From version 3.4.0 to before version 3.4.8, sensitive information from heap memory may be leaked through the decoded pixel data (information disclosure). โฆ
8.4
CVE-2026-34544 - OpenEXR: integer overflow to OOB write in uncompress_b44_impl()
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From version 3.4.0 to before version 3.4.8, a crafted B44 or B44A EXR file can cause an out-of-bounds write in any application that decodes it via exr_decโฆ
4.3
CVE-2026-4820 - IBM Maximo Application Suite was vulnerable to because Cookie ltpatoken2_<workspace_name> was not sโฆ
IBM Maximo Application Suite 9.1, 9.0, 8.11, and 8.10 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the โฆ
8.4
CVE-2026-34545 - OpenEXR: integer overflow lead to OOB in HTJ2K decoder
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From version 3.4.0 to before version 3.4.7, an attacker providing a crafted .exr file with HTJ2K compression and a channel width of 32768 can write controโฆ
4.1
CVE-2025-36373 - Incorrect administrative access control in IBM DataPower Gateway
IBM DataPower Gateway 10.6CD 10.6.1.0 through 10.6.5.0 and IBM DataPower Gateway 10.5.0 10.5.0.0 through 10.5.0.20 and IBM DataPower Gateway 10.6.0 10.6.0.0 through 10.6.0.8 IBM DataPower Gateway could disclose sensitive system information from other domains to an administrative user.