889 matches found
Information Exposure
Overview Affected versions of this package are vulnerable to Information Exposure due to the exposure of sensitive data to unauthorized actors. An attacker can access sensitive data such as database credentials by exploiting this vulnerability. Workaround This vulnerability can be mitigated by...
Information Exposure
Overview Affected versions of this package are vulnerable to Information Exposure due to the exposure of sensitive data to unauthorized actors. An attacker can access sensitive data such as database credentials by exploiting this vulnerability. Workaround This vulnerability can be mitigated by...
CVE-2026-39393
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to 0.31.4.0, the install route guard in ci4ms relies solely on a volatile cache check cache'settings' combined with .env file existence to block...
CVE-2026-39393
CVE-2026-39393 affects the ci4ms CodeIgniter 4-based CMS skeleton. Before 0.31.4.0, the install route guard uses a volatile cache check (cache('settings')) and .env existence to block setup access; if the database is temporarily unreachable during a cache miss, the guard can fail open, allowing a...
PT-2026-30802
Name of the Vulnerable Software and Affected Versions Mitsubishi Electric GENESIS64 versions prior to 10.97.3 Mitsubishi Electric ICONICS Suite versions prior to 10.97.3 Mitsubishi Electric MobileHMI versions prior to 10.97.3 Mitsubishi Electric Hyper Historian versions prior to 10.97.3 Mitsubish...
PT-2026-30801
Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric MobileHMI versions 10.97.3 and prior, Mitsubishi Electric Hyper Historian versions 10.97.3 and...
CVE-2026-35174
Chyrp Lite is an ultra-lightweight blogging engine. Prior to 2026.01, a path traversal vulnerability exists in the administration console that allows an administrator or a user with Change Settings permission to change the uploads path to any folder. This vulnerability allows the user to download...
CVE-2026-35174
Chyrp Lite is an ultra-lightweight blogging engine. Prior to 2026.01, a path traversal vulnerability exists in the administration console that allows an administrator or a user with Change Settings permission to change the uploads path to any folder. This vulnerability allows the user to download...
CVE-2026-1233
CVE-2026-1233 affects the WordPress plugin Text to Speech for WP (AI Voices by Mementor). All versions up to 1.9.8 contain hardcoded MySQL credentials for the vendor’s external telemetry server in the Mementor_TTS_Remote_Telemetry class, enabling unauthenticated actors to extract and decode these...
WordPress plugin Text to Speech for WP (AI Voices by Mementor) 信任管理问题漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...
CVE-2026-33617
An unauthenticated remote attacker can access a configuration file containing database credentials. This can result in a some loss of confidentiality, but there is no endpoint exposed to use these credentials...
EUVD-2026-18180
An unauthenticated remote attacker can access a configuration file containing database credentials. This can result in a some loss of confidentiality, but there is no endpoint exposed to use these credentials...
CVE-2026-33617
An unauthenticated remote attacker can access a configuration file containing database credentials. This can result in a some loss of confidentiality, but there is no endpoint exposed to use these credentials...
CVE-2026-33617 MB connect line mbCONNECT24 vulnerable to an unauthenticated information disclosure in the data24 Endpoint
An unauthenticated remote attacker can access a configuration file containing database credentials. This can result in a some loss of confidentiality, but there is no endpoint exposed to use these credentials...
CVE-2026-33617
CVE-2026-33617 concerns MB connect line mbCONNECT24, with vulnerability in the data24 endpoint allowing unauthenticated access to a configuration file containing database credentials. The impact is limited to confidentiality (LOW) and there is no endpoint described that uses the credentials. No e...
CVE-2026-33617
An unauthenticated remote attacker can access a configuration file containing database credentials. This can result in a some loss of confidentiality, but there is no endpoint exposed to use these credentials...
CVE-2026-33617 MB connect line mbCONNECT24 vulnerable to an unauthenticated information disclosure in the data24 Endpoint
An unauthenticated remote attacker can access a configuration file containing database credentials. This can result in a some loss of confidentiality, but there is no endpoint exposed to use these credentials...
MB Connect Line mbCONNECT24 安全漏洞
MB Connect Line mbCONNECT24 is a remote service portal developed by the German company MB Connect Line. This product supports features such as remote access, data recording, and alarm notifications. There is a security vulnerability in MB Connect Line mbCONNECT24; this vulnerability stems from th...
PT-2026-29714
An unauthenticated remote attacker can access a configuration file containing database credentials. This can result in a some loss of confidentiality, but there is no endpoint exposed to use these credentials...
CVE-2026-33486
Roadiz is a polymorphic content management system based on a node system that can handle many types of services. A vulnerability in roadiz/documents prior to versions 2.7.9, 2.6.28, 2.5.44, and 2.3.42 allows an authenticated attacker to read any file on the server's local file system that the web...