6585 matches found
CVE-2026-61977
The CVE-2026-61977 entry concerns the WordPress JetSearch plugin (JetSearch) vulnerable to Exposure of Sensitive System Information to an Unauthorized Control Sphere, allowing retrieval of embedded sensitive data. Affected: WordPress JetSearch plugin versions up to 3.6.1.2. Root cause details are...
CVE-2026-61977 WordPress JetSearch plugin <= 3.6.1.2 - Sensitive Data Exposure vulnerability
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Crocoblock JetSearch jet-search allows Retrieve Embedded Sensitive Data.This issue affects JetSearch: from n/a through = 3.6.1.2...
CVE-2026-61975 WordPress JetReviews plugin <= 3.0.1 - Sensitive Data Exposure vulnerability
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Crocoblock JetReviews jet-reviews allows Retrieve Embedded Sensitive Data.This issue affects JetReviews: from n/a through = 3.0.1...
CVE-2026-61976
CVE-2026-61976 affects Crocoblock JetBlocks For Elementor (WordPress plugin) up to version 1.5.0. The vulnerability is described as an Exposure of Sensitive System Information to an Unauthorized Control Sphere, enabling retrieval of embedded sensitive data. CVSS 3.1 metrics indicate a Network att...
CVE-2026-61975
CVE-2026-61975 affects the WordPress JetReviews plugin (Crocoblock) up to version 3.0.1. The issue is Exposure of Sensitive System Information to an Unauthorized Control Sphere, allowing retrieval of embedded sensitive data from JetReviews. The NVD entries describe the vulnerability but do not pr...
CVE-2026-13116
CVE-2026-13116 affects the PDF Invoices & Packing Slips for WooCommerce plugin (WordPress) ≤ 5.14.0. Issue: Insecure Direct Object Reference via generate_document_shortcode caused by missing validation on a user-controlled key. Consequence: authenticated attackers with contributor+ access can min...
EUVD-2026-43128
The Mux Video Uploader plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.1.4 via the muxvideoenqueuesettingsscript. This makes it possible for authenticated attackers, with subscriber-level access and above, to extract sensitive data...
CVE-2026-21041
Improper access control in SamsungSEAgentService prior to SMR Jul-2026 Release 1 allows local attackers to access sensitive information...
EUVD-2026-42800
The Chat Help – Click to Chat Button & Form plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.1.3 via the REST API endpoints /wp-json/chat-help/v1/leads and /wp-json/chat-help/v1/leads/id. This is due to the plugin not performing any...
CVE-2026-15291 Chat Help – Click to Chat Button & Form <= 3.1.3 - Missing Authorization to Unauthenticated Sensitive Information Exposure
The Chat Help – Click to Chat Button & Form plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.1.3 via the REST API endpoints /wp-json/chat-help/v1/leads and /wp-json/chat-help/v1/leads/id. This is due to the plugin not performing any...
EUVD-2026-42527
The Backup and Staging by WP Time Capsule plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.22.26 via the downloadrecentdecryptedfilewptc. This makes it possible for authenticated attackers, with subscriber-level access and above, to...
CVE-2026-8996
The Backup and Staging by WP Time Capsule plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.22.26 via the downloadrecentdecryptedfilewptc. This makes it possible for authenticated attackers, with subscriber-level access and above, to...
Apache Tomcat: Apache Tomcat: Missing Encryption of Sensitive Data due to EncryptInterceptor bypass
A flaw was found in Apache Tomcat. This vulnerability, categorized as Missing Encryption of Sensitive Data, arises from a bypass in the EncryptInterceptor, a component designed to ensure data encryption. This bypass, introduced as a fix for CVE-2026-29146, allows sensitive data to remain...
CVE-2026-44025 Fluentd: Exposure of Sensitive Information via Monitor Agent API
Fluentd collects events from various data sources and writes them to files, RDBMS, NoSQL, IaaS, SaaS, Hadoop and so on. Prior to 1.19.3, Fluentd's Monitor Agent plugin inmonitoragent exposes internal metrics and plugin information via a REST API, and responses from /api/plugins.json and related...
SUSE-SU-2026:2804-1 Security update for kubevirt
This update for kubevirt fixes the following issues: - CVE-2026-9804: Symlink escape in the VMExport dir handler let an attacker controlling an exported PVC read sensitive files TLS keys, tokens, service-account creds from the exporter pod. bsc1266733 - CVE-2025-14525: A VM reporting many...
WordPress WooCommerce PDF Invoice Builder plugin <= 2.0.8 - Sensitive Data Exposure vulnerability
Sensitive Data Exposure vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin WooCommerce PDF Invoice Builder versions = 2.0.8...
CVE-2026-6280
Exposure of sensitive information due to incompatible policies vulnerability in NOMYSOFT Informatics Education and Consulting Inc. Nomysem allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Nomysem: through 08072026. NOTE: The vendor was contacted early about this...
CVE-2026-6280 Improper Access Control in Nomysoft Informatics' Nomysem
Exposure of sensitive information due to incompatible policies vulnerability in NOMYSOFT Informatics Education and Consulting Inc. Nomysem allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Nomysem: through 08072026. NOTE: The vendor was contacted early about this...
EUVD-2026-42209
Exposure of sensitive information due to incompatible policies vulnerability in NOMYSOFT Informatics Education and Consulting Inc. Nomysem allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Nomysem: through 08072026. NOTE: The vendor was contacted early about this...
CVE-2026-6280
Exposure of sensitive information due to incompatible policies vulnerability in NOMYSOFT Informatics Education and Consulting Inc. Nomysem allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Nomysem: through 08072026. NOTE: The vendor was contacted early about this...