CVE-2026-8995 Poll Maker by AYS <= 6.3.7 - Authenticated (Subscriber+) Sensitive Information Exposure in 'ays_poll_get_user_information' AJAX Action

The Poll Maker – Versus Polls, Anonymous Polls, Image Polls plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to and including 6.3.7. This is due to insufficient access controls on the 'ayspollgetuserinformation' AJAX action, which serializes and returns the...

CVE-2026-42425

OpenKM 6.3.12 contains an unrestricted SQL-Execution vulnerability exploitable by authenticated administrators via the DatabaseQuery interface. Attackers can send crafted SQL in the qs parameter to /admin/DatabaseQuery to read sensitive data (e.g., usernames and password hashes from the OKM_USER ...

EUVD-2026-31199

Plane is an open-source project management tool. In versions 1.3.0 and below, SavedAnalyticEndpoint passes the user-controlled segment query parameter directly to a Django F expression without validation unlike the regular AnalyticsEndpoint, which checks against an allowlist, causing ORM Field...

CVE-2026-31071

API endpoints in LalanaChami Pharmacy Management System commit 5c3d028 lack authentication middleware. Unauthenticated remote attackers can exploit this to dump all user records including bcrypt password hashes via /api/user/getUserData, modify drug inventory, and access private medical...

CVE-2026-6659

A flaw was found in Crypt::PasswdMD5 for Perl. This component generates insecure random values for cryptographic salts, which are used to strengthen password hashes. The built-in rand function, used for generating these salts, is predictable and not suitable for cryptographic purposes. This...

CVE-2026-42610 Grav: Sensitive Information Disclosure via Accounts Service Bypass

Grav is a file-based Web platform. Prior to 2.0.0-beta.2, a low-privileged user EX: Content Editor with only pages.update permissions can bypass the existing Twig sandbox restrictions by utilizing the grav'accounts' service. Attacker can programmatically load administrative user objects and extra...

Masa CMS 跨站请求伪造漏洞

Masa CMS is a digital experience platform operated by Masa CMS organization. Versions of Masa CMS 7.5.2 and earlier contained a cross-site request forgeing vulnerability. This vulnerability stemmed from the createBundle method in csettings.cfc, which did not properly validate the anti-CSRF token...

Astra Linux - уязвимость в 389-ds-base

A flaw was discovered in the ‘deref’ plugin of 389-ds-base, where it could use the ‘search’ permission to display attribute values. In some configurations, this could allow an authenticated attacker to view private attributes, such as password hashes...

CVE-2026-39340

ChurchCRM prior to 7.1.0 contains a SQL injection in PropertyTypeEditor.php (administration for Person/Family Properties). Replacing legacyFilterInput() (strips HTML and escapes SQL) with sanitizeText() (strips HTML only) causes user-supplied Name/Description values to be concatenated into raw IN...

CVE-2026-27634

Piwigo is an open source photo gallery application for the web. Prior to version 16.3.0, the four date filter parameters fmindateavailable, fmaxdateavailable, fmindatecreated, fmaxdatecreated in wsstdimagesqlfilter are concatenated directly into SQL without any escaping or type validation. This...

CVE-2025-55043

MuraCMS through 10.1.10 contains a CSRF vulnerability in the bundle creation functionality csettings.cfc createBundle method that allows unauthenticated attackers to force administrators to create and save site bundles containing sensitive data to publicly accessible directories. This vulnerabili...

SUSE CVE-2025-13821

Mattermost versions 11.1.x = 11.1.2, 10.11.x = 10.11.9, 11.2.x = 11.2.1 fail to sanitize sensitive data in WebSocket messages which allows authenticated users to exfiltrate password hashes and MFA secrets via profile nickname updates or email verification events. Mattermost Advisory ID:...

EUVD-2025-208469

An unauthenticated remote attacker can use firmware images to extract password hashes and brute force plaintext passwords of accounts with limited access...

CVE-2025-41711

CVE-2025-41711 describes an unauthenticated remote disclosure risk where an attacker can use firmware images to extract password hashes and brute-force plaintext passwords of accounts with limited access. The connected sources (RH Red Hat, EUVD/ENISA, NVD, CVE listing, and related enrichments) co...

CVE-2026-30847 Wekan Credential Leak via notificationUsers Publication Exposes Password Hashes and Session Tokens

Wekan is an open source kanban tool built with Meteor. In versions 8.31.0 through 8.33, the notificationUsers publication in Wekan publishes user documents with no field filtering, causing the ReactiveCache.getUsers call to return all fields including highly sensitive data such as bcrypt password...

Sensitive Data Exposure

Apache Superset is vulnerable to Sensitive Data Exposure. The vulnerability is due to improper serialization of sensitive fields in the API response, where authenticated users with low privileges can retrieve sensitive user information, including password hashes, email addresses, and login...

BIT-SUPERSET-2026-23983 Apache Superset: Sensitive Data Exposure via REST API (disabled by default)

A Sensitive Data Exposure vulnerability exists in Apache Superset allowing authenticated users to retrieve sensitive user information. The Tag endpoint disabled by default allows users to retrieve a list of objects associated with a specific tag. When these associated objects include Users, the A...

EUVD-2026-7398

Pimcore is an Open Source Data & Experience Management Platform. In versions up to and including 11.5.14.1 and 12.3.2, the filter query parameter in the dependency listing endpoints is JSON-decoded and the value field is concatenated directly into RLIKE clauses without sanitization or parameteriz...

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure via the WebSocket component. An attacker can obtain sensitive information, including password hashes and MFA secrets, by triggering profile nickname updates or email verification events. Remediation Upgrade...

CVE-2025-13821

Mattermost versions 11.1.x = 11.1.2, 10.11.x = 10.11.9, 11.2.x = 11.2.1 fail to sanitize sensitive data in WebSocket messages which allows authenticated users to exfiltrate password hashes and MFA secrets via profile nickname updates or email verification events. Mattermost Advisory ID:...