Lucene search
K

712 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 10:45 a.m.8 views

CVE-2022-0709

The Booking Package WordPress plugin before 1.5.29 requires a token for exporting the ical representation of it's booking calendar, but this token is returned in the json response to unauthenticated users performing a booking, leading to a sensitive data disclosure vulnerability...

7.5CVSS6.6AI score0.01594EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:15 a.m.8 views

CVE-2022-23466

teler is an real-time intrusion detection and threat alert dashboard. teler prior to version 2.0.0-rc.4 is vulnerable to DOM-based cross-site scripting XSS in the teler dashboard. When teler requests messages from the event stream on the /events endpoint, the log data displayed on the dashboard a...

5.4CVSS5.5AI score0.00384EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:47 a.m.8 views

CVE-2025-23781

Insertion of Sensitive Information Into Sent Data vulnerability in Web Mumbai WM Options Import Export wm-options-import-export allows Retrieve Embedded Sensitive Data.This issue affects WM Options Import Export: from n/a through = 1.0.1...

7.5CVSS7.2AI score0.00584EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:33 a.m.6 views

CVE-2024-39636

Deserialization of Untrusted Data vulnerability in CodeSolz Better Find and Replace.This issue affects Better Find and Replace: from n/a through 1.6.1...

8.3CVSS6.9AI score0.00378EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:18 a.m.7 views

CVE-2025-1528

The Search & Filter Pro plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'getmetavalues' function in all versions up to, and including, 2.5.19. This makes it possible for authenticated attackers, with Subscriber-level access and above, to...

4.3CVSS6.7AI score0.00235EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:17 a.m.11 views

CVE-2025-1483

The LTL Freight Quotes – GlobalTranz Edition plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the engtzwdsavedropship AJAX endpoint in all versions up to, and including, 2.3.12. This makes it possible for unauthenticated attackers to...

5.3CVSS6.7AI score0.00283EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/06 11:14 a.m.6 views

CVE-2025-68029

Insertion of Sensitive Information Into Sent Data vulnerability in WP Swings Wallet System for WooCommerce wallet-system-for-woocommerce allows Retrieve Embedded Sensitive Data.This issue affects Wallet System for WooCommerce: from n/a through = 2.7.3...

6.3CVSS5.9AI score0.00168EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/01 2:18 p.m.3 views

CVE-2025-59003

Insertion of Sensitive Information Into Sent Data vulnerability in inkthemescom ColorWay colorway allows Retrieve Embedded Sensitive Data.This issue affects ColorWay: from n/a through = 4.2.3...

5.8CVSS5.9AI score0.00192EPSS
Exploits0References1
NVD
NVD
added 2025/12/31 4:15 p.m.18 views

CVE-2025-59136

Insertion of Sensitive Information Into Sent Data vulnerability in Efí Bank Gerencianet Oficial woo-gerencianet-official allows Retrieve Embedded Sensitive Data.This issue affects Gerencianet Oficial: from n/a through = 3.1.3...

5.3CVSS0.00626EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/31 3:36 p.m.4 views

EUVD-2025-206012

Insertion of Sensitive Information Into Sent Data vulnerability in Razvan Stanga Varnish/Nginx Proxy Caching allows Retrieve Embedded Sensitive Data.This issue affects Varnish/Nginx Proxy Caching: from n/a through 1.8.3...

5.3CVSS6.4AI score0.00659EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/29 7:26 a.m.10 views

Security Bulletin: Vulnerability in form-data affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in form-data has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information...

9.4CVSS5.6AI score0.01735EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/29 4:20 a.m.7 views

Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses Insufficiently Random Values vulnerability in form-data.

Summary Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses Insufficiently Random Values vulnerability in form-data.This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-7783 DESCRIPTION: Use of Insufficiently...

9.4CVSS5.4AI score0.01735EPSS
Exploits1Affected Software1
Vulnrichment
Vulnrichment
added 2025/12/24 12:31 p.m.2 views

CVE-2025-68516 WordPress Tablesome plugin <= 1.1.35.1 - Sensitive Data Exposure vulnerability

Insertion of Sensitive Information Into Sent Data vulnerability in Essekia Tablesome tablesome allows Retrieve Embedded Sensitive Data.This issue affects Tablesome: from n/a through = 1.1.35.1...

5CVSS6.5AI score0.00183EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/19 7:33 a.m.4 views

CVE-2025-49919

Insertion of Sensitive Information Into Sent Data vulnerability in DigitalME eRoom eroom-zoom-meetings-webinar allows Retrieve Embedded Sensitive Data.This issue affects eRoom: from n/a through = 1.5.6...

5.8CVSS5.9AI score0.00163EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/17 10:1 a.m.9 views

Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in form-data

Summary Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in form-data Vulnerability Details CVEID:CVE-2025-7783 DESCRIPTION: Use of Insufficiently Random Values vulnerability in form-data allows HTTP Parameter Pollution HPP. This vulnerability is associated...

9.4CVSS6.6AI score0.01735EPSS
Exploits1Affected Software1
Positive Technologies
Positive Technologies
added 2025/12/16 12:0 a.m.5 views

PT-2025-51413

Name of the Vulnerable Software and Affected Versions Nitesh Ultimate Auction versions through 4.3.2 Description A flaw exists in Nitesh Ultimate Auction that allows the retrieval of embedded sensitive data due to insertion of sensitive information into sent data. Recommendations Update Nitesh...

5.3CVSS6.3AI score0.0024EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/09 2:7 p.m.6 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses form-data-4.0.0.tgz, form-data-4.0.1.tgz, form-data-4.0.3.tgz which are vulnerable to CVE-2025-7783.

Summary IBM Maximo Application Suite - Monitor Component uses form-data-4.0.0.tgz, form-data-4.0.1.tgz, form-data-4.0.3.tgz which are vulnerable to CVE-2025-7783. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2025-7783 DESCRIPTION: Use of...

9.4CVSS6.7AI score0.01735EPSS
Exploits1Affected Software1
Positive Technologies
Positive Technologies
added 2025/12/09 12:0 a.m.3 views

PT-2025-50027

Insertion of Sensitive Information Into Sent Data vulnerability in Metagauss EventPrime eventprime-event-calendar-management allows Retrieve Embedded Sensitive Data.This issue affects EventPrime: from n/a through = 4.2.4.1...

6.9AI score0.00215EPSS
Exploits0References2
CNVD
CNVD
added 2025/11/25 12:0 a.m.3 views

WordPress ELEX WordPress HelpDesk & Customer Ticketing System plugin unauthorized data modification vulnerability

WordPress ELEX WordPress HelpDesk & Customer Ticketing System plugin is a helpdesk and customer work order system plugin for WordPress websites designed to help businesses or individuals efficiently manage customer support requests. WordPress ELEX WordPress HelpDesk & Customer Ticketing System...

4.3CVSS6.8AI score0.00164EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2025/11/19 5:43 p.m.10 views

Security Bulletin: Security vulnerability in form-data may affect IBM Business Automation Workflow - CVE-2025-7783

Summary IBM Business Automation Workflow references a vulnerable copy of the form-data open source library. Vulnerability Details CVEID:CVE-2025-7783 DESCRIPTION: Use of Insufficiently Random Values vulnerability in form-data allows HTTP Parameter Pollution HPP. This vulnerability is associated...

9.4CVSS6.5AI score0.01735EPSS
Exploits1Affected Software2
Rows per page
Query Builder