Lucene search
+L

1016 matches found

Cvelist
Cvelist
added 2026/02/24 12:52 p.m.20 views

CVE-2026-23983 Apache Superset: Sensitive Data Exposure via REST API (disabled by default)

A Sensitive Data Exposure vulnerability exists in Apache Superset allowing authenticated users to retrieve sensitive user information. The Tag endpoint disabled by default allows users to retrieve a list of objects associated with a specific tag. When these associated objects include Users, the A...

2.3CVSS0.004EPSS
Exploits0References1
OSV
OSV
added 2026/02/24 12:52 p.m.7 views

CVE-2026-23983 Apache Superset: Sensitive Data Exposure via REST API (disabled by default)

A Sensitive Data Exposure vulnerability exists in Apache Superset allowing authenticated users to retrieve sensitive user information. The Tag endpoint disabled by default allows users to retrieve a list of objects associated with a specific tag. When these associated objects include Users, the A...

2.3CVSS6AI score0.004EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/02/24 12:0 a.m.10 views

PT-2026-21681

Name of the Vulnerable Software and Affected Versions Apache Superset versions prior to 6.0.0 Description A sensitive data exposure issue exists in Apache Superset that allows authenticated users to retrieve sensitive user information. The '/api/v1/tag' API endpoint, when enabled, improperly...

6.5CVSS5.9AI score0.004EPSS
Exploits0References14
RedhatCVE
RedhatCVE
added 2026/02/23 1:30 p.m.7 views

CVE-2026-27579

CollabPlatform is a full-stack, real-time doc collaboration platform. In all versions of CollabPlatform, the Appwrite project used by the application is misconfigured to allow arbitrary origins in CORS responses while also permitting credentialed requests. An attacker-controlled domain can issue...

7.4CVSS5.6AI score0.00226EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/02/20 7:22 a.m.6 views

CVE-2025-13113

The Web Accessibility by accessiBe plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.11. This is due to the accessiberenderjsinfooter function logging the complete plugin options array to the browser console on public pages, without...

5.3CVSS5.5AI score0.00282EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/20 7:22 a.m.5 views

CVE-2025-11754

The GDPR Cookie Consent plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'gdpr/v1/settings' REST API endpoint in all versions up to, and including, 4.1.2. This makes it possible for unauthenticated attackers to retrieve sensitive plugin...

7.5CVSS5.3AI score0.00369EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/19 1:28 p.m.6 views

CVE-2026-1436

Improper Access Control IDOR in the Graylog API, version 2.2.3, which occurs when modifying the user ID in the URL. An authenticated user can access other user's profiles without proper authorization checks. Exploiting this vulnerability allows valid users of the system to be listed and sensitive...

7.1CVSS5.5AI score0.00212EPSS
Exploits0References1
CVE
CVE
added 2026/02/19 3:25 a.m.42 views

CVE-2025-13113

CVE-2025-13113 concerns the WordPress plugin “Web Accessibility by accessiBe.” The issue is an unauthenticated sensitive information exposure caused by the function accessibe_render_js_in_footer() logging the full plugin options array to the browser console on public pages. This output is not res...

5.3CVSS5.5AI score0.00282EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/02/19 3:25 a.m.33 views

CVE-2025-11754 Cookie Banner, Cookie Consent, Consent Log, Cookie Scanner, Script Blocker (for GDPR, CCPA & ePrivacy) : WP Cookie Consent <= 4.1.2 - Missing Authorization to Sensitive Information Exposure

The GDPR Cookie Consent plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'gdpr/v1/settings' REST API endpoint in all versions up to, and including, 4.1.2. This makes it possible for unauthenticated attackers to retrieve sensitive plugin...

7.5CVSS0.00369EPSS
Exploits0References3
CVE
CVE
added 2026/02/19 3:25 a.m.29 views

CVE-2025-11754

The GDPR Cookie Consent plugin for WordPress (CVE-2025-11754) is vulnerable due to a missing capability check on the gdpr/v1/settings REST API endpoint in all versions up to and including 4.1.2. This allows unauthenticated attackers to retrieve sensitive plugin data, including API tokens, email a...

7.5CVSS5.3AI score0.00369EPSS
Exploits0References3
OSV
OSV
added 2026/02/17 6:9 p.m.5 views

GO-2026-4476 Mattermost Server password reset email requests can be sent to attacker-provided email addresses in github.com/mattermost/mattermost-server

Mattermost Server password reset email requests can be sent to attacker-provided email addresses in github.com/mattermost/mattermost-server...

9.8CVSS5.5AI score0.01184EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/02/15 7:10 a.m.14 views

CVE-2025-13973

The StickEasy Protected Contact Form plugin for WordPress is vulnerable to Sensitive Information Disclosure in all versions up to, and including, 1.0.2. The plugin stores spam detection logs at a predictable publicly accessible location...

5.3CVSS5.5AI score0.00255EPSS
Exploits0References1
CVE
CVE
added 2026/02/14 3:25 a.m.21 views

CVE-2025-13973

CVE-2025-13973 affects StickEasy Protected Contact Form for WordPress. Wordfence and Red Hat/CVEs indicate an unauthenticated Sensitive Information Disclosure in all versions up to 1.0.2, where spam-detection logs are stored at wp-content/uploads/stickeasy-protected-contact-form/spcf-log.txt and ...

5.3CVSS5.5AI score0.00255EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/02/14 12:0 a.m.7 views

PT-2026-8045

The StickEasy Protected Contact Form plugin for WordPress is vulnerable to Sensitive Information Disclosure in all versions up to, and including, 1.0.2. The plugin stores spam detection logs at a predictable publicly accessible location...

5.3CVSS5.4AI score0.00255EPSS
Exploits0References6
The Hacker News
The Hacker News
added 2026/02/10 8:22 a.m.13 views

Dutch Authorities Confirm Ivanti Zero-Day Exploit Exposed Employee Contact Data

The Netherlands' Dutch Data Protection Authority AP and the Council for the Judiciary confirmed both agencies Rvdr have disclosed that their systems were impacted by cyber attacks that exploited the recently disclosed security flaws in Ivanti Endpoint Manager Mobile EPMM, according to a notice se...

9.8CVSS9AI score0.8404EPSS
Exploits6
Malwarebytes
Malwarebytes
added 2026/02/03 11:48 a.m.24 views

AT&amp;T breach data resurfaces with new risks for customers

When data resurfaces, it never comes back weaker. A newly shared dataset tied to AT&T shows just how much more dangerous an “old” breach can become once criminals have enough of the right details to work with. The dataset, privately circulated since February 2, 2026, is described as AT&T customer...

5.6AI score
Exploits0
Vulnrichment
Vulnrichment
added 2026/01/31 1:23 a.m.4 views

CVE-2025-15510 NEX-Forms – Ultimate Forms Plugin for WordPress <= 9.1.8 - Missing Authorization to Unauthenticated Sensitive Information Exposure

The NEX-Forms – Ultimate Forms Plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the NF5ExportForms class constructor in all versions up to, and including, 9.1.8. This makes it possible for unauthenticated attackers to export form configuration...

5.3CVSS5.4AI score0.00285EPSS
Exploits0References2
EUVD
EUVD
added 2026/01/31 1:23 a.m.10 views

EUVD-2025-206597

The NEX-Forms – Ultimate Forms Plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the NF5ExportForms class constructor in all versions up to, and including, 9.1.8. This makes it possible for unauthenticated attackers to export form configuration...

5.3CVSS5.9AI score0.00285EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/25 3:19 p.m.15 views

CVE-2025-13920

The WP Directory Kit plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.9 via the wdkpublicaction AJAX handler. This makes it possible for unauthenticated attackers to extract email addresses for users with Directory Kit-specific user...

5.3CVSS5.4AI score0.00669EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/01/24 12:27 p.m.33 views

CVE-2025-13920 WP Directory Kit <= 1.4.9 - Unauthenticated Email Exposure via wdk_public_action

The WP Directory Kit plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.9 via the wdkpublicaction AJAX handler. This makes it possible for unauthenticated attackers to extract email addresses for users with Directory Kit-specific user...

5.3CVSS0.00669EPSS
Exploits0References2
Rows per page
Query Builder