CWE-540 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

Bentley Systems iTwin Platform exposed a Cesium ion access token in the source of some web pages. An unauthenticated attacker could use this token to enumerate or delete certain assets. As of 2026-03-27, the token is no longer present in th…

Dell ECS, versions 3.8.1.0 through 3.8.1.7, and Dell ObjectScale versions prior to 4.2.0.0, contains an Inclusion of Sensitive Information in Source Code vulnerability. A low privileged attacker with local access could potentially exploit t…

IBM Planning Analytics Local 2.1.0 through 2.1.14 stores sensitive information in source code could be used in further attacks against the system.

IBM Analytics Content Hub 2.0, 2.1, 2.2, and 2.3 is vulnerable to information exposure and further attacks due to an exposed JavaScript source map which could assist an attacker to read and debug JavaScript used in the application's API.

Files in the source code contain login credentials for the admin user and the property configuration password, allowing an attacker to get full access to the application.

IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 stores source code on the web server that could aid in further attacks against the system.

IBM Cognos Analytics Mobile 1.1 for iOS application could allow an attacker to reverse engineer the codebase to gain knowledge about the programming technique, interface, class definitions, algorithms and functions used due to weak obfuscat…

An issue in Loggrove v.1.0 allows a remote attacker to obtain sensitive information via the read.py component.

IBM Maximo Application Suite 8.10, 8.11, and 9.0 - Monitor Component stores source code on the web server that could aid in further attacks against the system.