Lucene search
+L

6585 matches found

CVE
CVE
added 4 days ago9 views

CVE-2026-61977

The CVE-2026-61977 entry concerns the WordPress JetSearch plugin (JetSearch) vulnerable to Exposure of Sensitive System Information to an Unauthorized Control Sphere, allowing retrieval of embedded sensitive data. Affected: WordPress JetSearch plugin versions up to 3.6.1.2. Root cause details are...

5.3CVSS6.1AI score0.00197EPSS
Exploits0References1
Cvelist
Cvelist
added 4 days ago29 views

CVE-2026-61977 WordPress JetSearch plugin <= 3.6.1.2 - Sensitive Data Exposure vulnerability

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Crocoblock JetSearch jet-search allows Retrieve Embedded Sensitive Data.This issue affects JetSearch: from n/a through = 3.6.1.2...

5.3CVSS0.00197EPSS
Exploits0References1
Cvelist
Cvelist
added 4 days ago31 views

CVE-2026-61975 WordPress JetReviews plugin <= 3.0.1 - Sensitive Data Exposure vulnerability

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Crocoblock JetReviews jet-reviews allows Retrieve Embedded Sensitive Data.This issue affects JetReviews: from n/a through = 3.0.1...

5.3CVSS0.00197EPSS
Exploits0References1
CVE
CVE
added 4 days ago13 views

CVE-2026-61976

CVE-2026-61976 affects Crocoblock JetBlocks For Elementor (WordPress plugin) up to version 1.5.0. The vulnerability is described as an Exposure of Sensitive System Information to an Unauthorized Control Sphere, enabling retrieval of embedded sensitive data. CVSS 3.1 metrics indicate a Network att...

5.3CVSS6.1AI score0.00197EPSS
Exploits0References1
CVE
CVE
added 4 days ago9 views

CVE-2026-61975

CVE-2026-61975 affects the WordPress JetReviews plugin (Crocoblock) up to version 3.0.1. The issue is Exposure of Sensitive System Information to an Unauthorized Control Sphere, allowing retrieval of embedded sensitive data from JetReviews. The NVD entries describe the vulnerability but do not pr...

5.3CVSS6.1AI score0.00197EPSS
Exploits0References1
CVE
CVE
added 6 days ago11 views

CVE-2026-13116

CVE-2026-13116 affects the PDF Invoices & Packing Slips for WooCommerce plugin (WordPress) ≤ 5.14.0. Issue: Insecure Direct Object Reference via generate_document_shortcode caused by missing validation on a user-controlled key. Consequence: authenticated attackers with contributor+ access can min...

4.3CVSS6.1AI score0.00223EPSS
Exploits0References8
EUVD
EUVD
added 6 days ago7 views

EUVD-2026-43128

The Mux Video Uploader plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.1.4 via the muxvideoenqueuesettingsscript. This makes it possible for authenticated attackers, with subscriber-level access and above, to extract sensitive data...

4.3CVSS6.1AI score0.00237EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/07/10 4:58 a.m.32 views

CVE-2026-21041

Improper access control in SamsungSEAgentService prior to SMR Jul-2026 Release 1 allows local attackers to access sensitive information...

6.9CVSS0.00105EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/10 4:31 a.m.7 views

EUVD-2026-42800

The Chat Help – Click to Chat Button & Form plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.1.3 via the REST API endpoints /wp-json/chat-help/v1/leads and /wp-json/chat-help/v1/leads/id. This is due to the plugin not performing any...

7.5CVSS5.9AI score0.0047EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/07/10 4:31 a.m.32 views

CVE-2026-15291 Chat Help – Click to Chat Button & Form <= 3.1.3 - Missing Authorization to Unauthenticated Sensitive Information Exposure

The Chat Help – Click to Chat Button & Form plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.1.3 via the REST API endpoints /wp-json/chat-help/v1/leads and /wp-json/chat-help/v1/leads/id. This is due to the plugin not performing any...

7.5CVSS0.0047EPSS
Exploits0References6
EUVD
EUVD
added 2026/07/09 6:52 a.m.8 views

EUVD-2026-42527

The Backup and Staging by WP Time Capsule plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.22.26 via the downloadrecentdecryptedfilewptc. This makes it possible for authenticated attackers, with subscriber-level access and above, to...

6.5CVSS5.8AI score0.0027EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/07/09 6:52 a.m.6 views

CVE-2026-8996

The Backup and Staging by WP Time Capsule plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.22.26 via the downloadrecentdecryptedfilewptc. This makes it possible for authenticated attackers, with subscriber-level access and above, to...

6.5CVSS5.8AI score0.0027EPSS
Exploits0References9
RedHat Linux
RedHat Linux
added 2026/07/08 10:3 p.m.6 views

Apache Tomcat: Apache Tomcat: Missing Encryption of Sensitive Data due to EncryptInterceptor bypass

A flaw was found in Apache Tomcat. This vulnerability, categorized as Missing Encryption of Sensitive Data, arises from a bypass in the EncryptInterceptor, a component designed to ensure data encryption. This bypass, introduced as a fix for CVE-2026-29146, allows sensitive data to remain...

7.5CVSS7.2AI score0.21691EPSS
Exploits6References5
Cvelist
Cvelist
added 2026/07/08 9:23 p.m.38 views

CVE-2026-44025 Fluentd: Exposure of Sensitive Information via Monitor Agent API

Fluentd collects events from various data sources and writes them to files, RDBMS, NoSQL, IaaS, SaaS, Hadoop and so on. Prior to 1.19.3, Fluentd's Monitor Agent plugin inmonitoragent exposes internal metrics and plugin information via a REST API, and responses from /api/plugins.json and related...

7.5CVSS0.00482EPSS
Exploits0References4
OSV
OSV
added 2026/07/08 7:35 p.m.2 views

SUSE-SU-2026:2804-1 Security update for kubevirt

This update for kubevirt fixes the following issues: - CVE-2026-9804: Symlink escape in the VMExport dir handler let an attacker controlling an exported PVC read sensitive files TLS keys, tokens, service-account creds from the exporter pod. bsc1266733 - CVE-2025-14525: A VM reporting many...

8.7CVSS6.1AI score0.00656EPSS
Exploits0References7
Patchstack
Patchstack
added 2026/07/08 9:19 a.m.4 views

WordPress WooCommerce PDF Invoice Builder plugin <= 2.0.8 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin WooCommerce PDF Invoice Builder versions = 2.0.8...

6.5CVSS6.1AI score0.0027EPSS
Exploits0Affected Software1
NVD
NVD
added 2026/07/08 9:16 a.m.11 views

CVE-2026-6280

Exposure of sensitive information due to incompatible policies vulnerability in NOMYSOFT Informatics Education and Consulting Inc. Nomysem allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Nomysem: through 08072026. NOTE: The vendor was contacted early about this...

6.5CVSS0.00223EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/08 8:45 a.m.34 views

CVE-2026-6280 Improper Access Control in Nomysoft Informatics' Nomysem

Exposure of sensitive information due to incompatible policies vulnerability in NOMYSOFT Informatics Education and Consulting Inc. Nomysem allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Nomysem: through 08072026. NOTE: The vendor was contacted early about this...

6.5CVSS0.00223EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/08 8:45 a.m.9 views

EUVD-2026-42209

Exposure of sensitive information due to incompatible policies vulnerability in NOMYSOFT Informatics Education and Consulting Inc. Nomysem allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Nomysem: through 08072026. NOTE: The vendor was contacted early about this...

6.5CVSS5.9AI score0.00223EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/08 8:45 a.m.5 views

CVE-2026-6280

Exposure of sensitive information due to incompatible policies vulnerability in NOMYSOFT Informatics Education and Consulting Inc. Nomysem allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Nomysem: through 08072026. NOTE: The vendor was contacted early about this...

6.5CVSS5.9AI score0.00223EPSS
Exploits0References2
Rows per page
Query Builder