PT-2026-49331

Name of the Vulnerable Software and Affected Versions grocy version 4.6.0 Description SQL injection occurs at the '/stockreports/spendings' endpoint through the product-group parameter. This allows attackers to access sensitive database information by using a crafted SQL statement. SQL injection ...

GHSA-G2MG-CGR6-VMV7 AVideo: Missing Authentication in CreatePlugin list.json.php Template Affects 21 Endpoints

Summary The AVideo CreatePlugin template for list.json.php does not include any authentication or authorization check. While the companion templates add.json.php and delete.json.php both require admin privileges, the list.json.php template was shipped without this guard. Every plugin that uses th...

CVE-2026-32405

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in xtemos WoodMart woodmart allows Retrieve Embedded Sensitive Data.This issue affects WoodMart: from n/a through = 8.3.9...

GHSA-42CR-W2GR-M54Q wger: IDOR via user-unscoped cache keys on routine API actions exposes workout data

Summary Five routine detail action endpoints check a cache before calling self.getobject. Cache keys are scoped only by pk — no user ID is included. When a victim has previously accessed their routine via the API, an attacker can retrieve the cached response for the same PK without any ownership...

CVE-2026-25231

FileRise is a self-hosted web file manager / WebDAV server. Versions prior to 3.3.0, the application contains an unauthenticated file read vulnerability due to the lack of access control on the /uploads directory. Files uploaded to this directory can be accessed directly by any user who knows or...

CVE-2026-25813 PlaciPy Exposes Sensitive Data via Application Logs

PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, The application logs highly sensitive data directly to console output without masking or redaction...

CVE-2026-24593

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Strategy11 Team AWP Classifieds another-wordpress-classifieds-plugin allows Retrieve Embedded Sensitive Data.This issue affects AWP Classifieds: from n/a through = 4.4.3...

CVE-2025-64258

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in wpweb Follow My Blog Post follow-my-blog-post allows Retrieve Embedded Sensitive Data.This issue affects Follow My Blog Post: from n/a through = 2.3.9...

WordPress plugin Masteriyo - LMS 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin... A security...

CVE-2025-67470

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Essential Plugin Portfolio and Projects portfolio-and-projects allows Retrieve Embedded Sensitive Data.This issue affects Portfolio and Projects: from n/a through = 1.5.5...

CVE-2025-62735

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Joel User Spam Remover user-spam-remover allows Retrieve Embedded Sensitive Data.This issue affects User Spam Remover: from n/a through = 1.1...

WordPress plugin Pixel Manager for WooCommerce 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plug-in. A security...

EUVD-2025-201239

Incorrect access control in the component ApiOrderService.java of platform v1.0.0 allows attackers to access sensitive information via a crafted request...

CVE-2025-27707

Exposure of sensitive information to an unauthorized actor for some Edge Orchestrator software before version 24.11.1 for IntelR TiberTM Edge Platform may allow an authenticated user to potentially enable denial of service via adjacent access...

CVE-2025-53728

CVE-2025-53728 affects Microsoft Dynamics 365 (on-premises) (version 9.1) with an information disclosure vulnerability that allows an unauthenticated network attacker to obtain sensitive data. The root cause is exposure of information to an unauthorized actor over a network. Microsoft has release...

The vulnerability of the “Termide Virtual Desktops Connection Manager” software server system, related to deficiencies in the testing mechanism for integrations, allows a hacker to disclose protected information.

The vulnerability of the “Termide Virtual Desktops Connection Manager” software suite is related to deficiencies in the testing mechanisms for integrations. Exploiting this vulnerability allows a malicious actor to disclose sensitive information...

GitLab Enterprise Edition 安全漏洞

GitLab Enterprise Edition EE is a content management system from GitLab, Inc. in the United States. A security vulnerability exists in GitLab Enterprise Edition that stems from improper privilege control and could lead to user access to sensitive project analysis data...

Mirapolis LMS 安全漏洞

Mirapolis LMS is a modern distance learning management system from Mirapolis. A security vulnerability exists in Mirapolis LMS 4.6.XX that stems from an insecure direct object reference IDOR that allows an authenticated user to expose sensitive user data by manipulating the ID parameter and...

Insurance Management System 安全漏洞

Insurance Management System is an insurance management system by Angel Jude Reyes Suarez, an individual developer. A security vulnerability exists in Insurance Management System version 1.0. An attacker could exploit the vulnerability to gain access to sensitive information...

PT-2024-5557

Name of the Vulnerable Software and Affected Versions FortiAIOps version 2.0.0 Description The issue concerns the exposure of sensitive information to unauthorized actors. An authenticated, remote attacker may retrieve sensitive information from the API endpoint or log files. This is related to a...