CVE-2026-50244

The Naxclow platform exposes a registration endpoint that accepts signed requests containing a batch prefix and an arbitrary caller-supplied account identifier, without validating any ownership relationship. Each call mints a new sequential device identifier and returns the current high-water...

CVE-2026-27579

CollabPlatform is a full-stack, real-time doc collaboration platform. In all versions of CollabPlatform, the Appwrite project used by the application is misconfigured to allow arbitrary origins in CORS responses while also permitting credentialed requests. An attacker-controlled domain can issue...

CVE-2026-27579

CollabPlatform is a full-stack, real-time doc collaboration platform. In all versions of CollabPlatform, the Appwrite project used by the application is misconfigured to allow arbitrary origins in CORS responses while also permitting credentialed requests. An attacker-controlled domain can issue...

CVE-2026-27579

CollabPlatform is affected by a CORS misconfiguration in the Appwrite component that allows arbitrary origins to make credentialed requests. This enables an attacker-controlled domain to issue authenticated cross-origin requests and read sensitive user data (emails, account identifiers, MFA statu...

CVE-2026-27579 CollabPlatform : CORS Misconfiguration Allows Arbitrary Origin With Credentials Leading to Authenticated Account Data Exposure

CollabPlatform is a full-stack, real-time doc collaboration platform. In all versions of CollabPlatform, the Appwrite project used by the application is misconfigured to allow arbitrary origins in CORS responses while also permitting credentialed requests. An attacker-controlled domain can issue...

CVE-2025-11754

The GDPR Cookie Consent plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'gdpr/v1/settings' REST API endpoint in all versions up to, and including, 4.1.2. This makes it possible for unauthenticated attackers to retrieve sensitive plugin...

CVE-2025-11754

The GDPR Cookie Consent plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'gdpr/v1/settings' REST API endpoint in all versions up to, and including, 4.1.2. This makes it possible for unauthenticated attackers to retrieve sensitive plugin...

CVE-2025-11754 Cookie Banner, Cookie Consent, Consent Log, Cookie Scanner, Script Blocker (for GDPR, CCPA & ePrivacy) : WP Cookie Consent <= 4.1.2 - Missing Authorization to Sensitive Information Exposure

The GDPR Cookie Consent plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'gdpr/v1/settings' REST API endpoint in all versions up to, and including, 4.1.2. This makes it possible for unauthenticated attackers to retrieve sensitive plugin...

CVE-2025-11754

The GDPR Cookie Consent plugin for WordPress (CVE-2025-11754) is vulnerable due to a missing capability check on the gdpr/v1/settings REST API endpoint in all versions up to and including 4.1.2. This allows unauthenticated attackers to retrieve sensitive plugin data, including API tokens, email a...

CVE-2025-15436

creationtimestamp| type| source ---|---|--- 2026-01-02 18:54:45+00:00| seen| Telegram/Ixvst1zhHfk7lKUhI5B29IEUYLZOT2b0wkW9xa8GvuAtM 2026-01-02 21:56:08+00:00| seen| Telegram/Zv5tNHIYABHF73295PLurMceTZF9dstOvAEjjio6JFd40 2026-01-02 21:56:46+00:00| published-proof-of-concept|...

WhatWeb Scanner 0.6.3

WhatWeb is a next-generation web scanner. WhatWeb recognizes web technologies including content management systems CMS, blogging platforms, statistic/analytics packages, JavaScript libraries, web servers, and embedded devices. WhatWeb has over 1800 plugins, each to recognize something different...

EUVD-2025-29192

Malicious code in bioql PyPI...

CVE-2025-50110

An issue was discovered in the method push.lite.avtech.com.AvtechLib.GetHttpsResponse in AVTECH EagleEyes Lite 2.0.0, the GetHttpsResponse method transmits sensitive information - including internal server URLs, account IDs, passwords, and device tokens - as plaintext query parameters over HTTPS...

CVE-2025-50110

An issue was discovered in the method push.lite.avtech.com.AvtechLib.GetHttpsResponse in AVTECH EagleEyes Lite 2.0.0, the GetHttpsResponse method transmits sensitive information - including internal server URLs, account IDs, passwords, and device tokens - as plaintext query parameters over HTTPS...

PT-2025-37565

Name of the Vulnerable Software and Affected Versions: AVTECH EagleEyes Lite version 2.0.0 Description: The GetHttpsResponse method transmits sensitive information – including internal server URLs, account IDs, passwords, and device tokens – as plaintext query parameters over HTTPS. The affected...

CVE-2025-50110

An issue was discovered in the method push.lite.avtech.com.AvtechLib.GetHttpsResponse in AVTECH EagleEyes Lite 2.0.0, the GetHttpsResponse method transmits sensitive information - including internal server URLs, account IDs, passwords, and device tokens - as plaintext query parameters over HTTPS...

CVE-2025-50110

CVE-2025-50110 affects AVTECH EagleEyes Lite 2.0.0. The GetHttpsResponse method transmits sensitive data (internal server URLs, account IDs, passwords, device tokens) as plaintext in URL query parameters over HTTPS, creating a cleartext leakage risk and credential exposure. The vulnerability is d...

Cleartext Transmission Of Sensitive Information

github.com/go-acme/lego is vulnerable to Cleartext Transmission of Sensitive Information. The vulnerability is due to the library not enforcing HTTPS when communicating with Certificate Authorities CAs, which allows attackers to intercept ACME protocol operations and access sensitive details like...

WhatWeb Scanner 0.6.2

WhatWeb is a next-generation web scanner. WhatWeb recognizes web technologies including content management systems CMS, blogging platforms, statistic/analytics packages, JavaScript libraries, web servers, and embedded devices. WhatWeb has over 1800 plugins, each to recognize something different...

RHSA-2025:7165

creationtimestamp| type| source ---|---|--- 2025-05-13 14:30:42+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/16122 2026-04-06 15:19:47+00:00| seen| Telegram/zfToAAWf8eWnJ7ba07A0EZZiZLhP55gYdeGjYzJA6KMcCw 2026-04-06 15:20:12+00:00| seen| Telegram/0sUuWW8J84hCZb1n0MF5lAvDyk6dii4XfiqOlA0c3Bj-P...