Lucene search
+L

4619 matches found

Nuclei
Nuclei
added yesterday102 views

Label Studio - Sensitive Information Exposure

An attacker can construct a filter chain to filter tasks based on sensitive fields for all user accounts on the platform by exploiting Django's Object Relational Mapper ORM. Since the results of query can be manipulated by the ORM filter, an attacker can leak these sensitive fields character by...

7.5CVSS6.7AI score0.04055EPSS
Exploits3References3
Nuclei
Nuclei
added yesterday137 views

LiteSpeed Cache <= 6.4.1 - Sensitive Information Exposure

The LiteSpeed Cache plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.4.1 through the debug.log file that is publicly exposed. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in the...

9.8CVSS8.2AI score0.83178EPSS
Exploits7References5
Nuclei
Nuclei
added yesterday68 views

TCExam <= 14.8.1 - Sensitive Information Exposure

When installed following the default/recommended settings, TCExam = 14.8.1 allowed unauthenticated users to access the /cache/backup/ directory, which includes sensitive database backup files. id: CVE-2021-20114 info: name: TCExam = 14.8.1 - Sensitive Information Exposure author: push4d severity:...

7.5CVSS7.3AI score0.05973EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday14 views

Lokomedia CMS - Local File Inclusion

A Local File Inclusion LFI vulnerability exists in Lokomedia CMS. The application allows an attacker to include files on the server that should not be accessible, potentially exposing sensitive information. id: CVE-2010-2018 info: name: Lokomedia CMS - Local File Inclusion author: r3Y3r53 severit...

5CVSS5.3AI score0.03258EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday19 views

LearnPress < 4.2.7.4 - Course Material - Information Disclosure

LearnPress – WordPress LMS Plugin contains a sensitive information exposure caused by insecure handling in class-lp-rest-material-controller.php, letting unauthenticated attackers extract paid course material, exploit requires no authentication. id: CVE-2024-11868 info: name: LearnPress 4.2.7.4 -...

5.3CVSS8.3AI score0.01131EPSS
Exploits0References1
CVE
CVE
added yesterday10 views

CVE-2026-13765

The CVE-2026-13765 entry concerns the LearnPress WordPress LMS Plugin (versions up to 4.4.1). The connected document indicates a root cause of Inadequate access control in REST endpoints, specifically /lp/v1/users/check-answer and /start-quiz, leading to unauthenticated Sensitive Information Expo...

7.5CVSS6AI score0.00388EPSS
Exploits0References14
EUVD
EUVD
added yesterday9 views

EUVD-2026-45132

The pCloud WP Backup plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.0.3 via the wp2pclajaxprocessrequestinner. This makes it possible for authenticated attackers, with subscriber-level access and above, to extract force generation of a...

6.5CVSS6.1AI score0.00287EPSS
Exploits0References7
EUVD
EUVD
added 2 days ago6 views

EUVD-2026-44924

HCL DFXAnalytics is affected by an Internal File Path Disclosure vulnerability. The application dashboard inadvertently leaks sensitive information regarding its internal file structure and directory paths through unhandled error messages, system logs, or debugging output, which could allow a...

5.3CVSS6.1AI score0.0024EPSS
Exploits0References1
Nuclei
Nuclei
added 2 days ago50 views

Jira - Local File Inclusion

Jira before version 7.13.4, from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1, allows remote attackers to access files in the Jira webroot under the META-INF directory via local file inclusion. id: CVE-2019-8442 info: name: Jira - Local File Inclusion author:...

7.5CVSS7AI score0.59832EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2 days ago5 views

CVE-2026-12434

The List category posts plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 0.95.0 via the sanitizestatus. This makes it possible for authenticated attackers, with contributor-level access and above, to extract titles, full content, excerpts,...

4.3CVSS6.1AI score0.00239EPSS
Exploits0References7
CVE
CVE
added 2 days ago9 views

CVE-2026-12434

The List category posts plugin for WordPress is vulnerable to Sensitive Information Exposure up to version 0.95.0 via sanitize_status. An authenticated attacker with contributor-level access or higher can extract titles, full content, excerpts, dates, authors, and custom-field metadata of other u...

4.3CVSS6.1AI score0.00239EPSS
Exploits0References6
NVD
NVD
added 4 days ago3 views

CVE-2026-50294

Exposure of sensitive system information to an unauthorized control sphere in Windows Kernel allows an unauthorized attacker to disclose information locally...

6.2CVSS0.00374EPSS
Exploits0References1
NVD
NVD
added 4 days ago5 views

CVE-2026-34349

Exposure of sensitive information to an unauthorized actor in Windows Media allows an authorized attacker to disclose information locally...

5.5CVSS0.00354EPSS
Exploits0References1
CVE
CVE
added 4 days ago9 views

CVE-2026-49807

Technical details are not publicly available in the provided documents. Monitor for updates.

6.2CVSS6AI score0.00374EPSS
Exploits0References1Affected Software9
CVE
CVE
added 4 days ago17 views

CVE-2026-34328

CVE-2026-34328 describes an information-disclosure issue in Windows Audio Service, allowing a local attacker with low privileges to disclose sensitive information. Affected: Windows Audio Service (Windows). Root cause details are not provided beyond the high-level description. CVSS v3.1 base scor...

5.5CVSS6AI score0.00353EPSS
Exploits0References1Affected Software10
CVE
CVE
added 4 days ago19 views

CVE-2026-33842

The CVE-2026-33842 entry describes a local information disclosure in Windows File Explorer. The vulnerability allows an authorized (low privileges) attacker to disclose sensitive information locally through the File Explorer component. Per the NVD entry, the impact is confined to confidentiality ...

5.5CVSS6AI score0.00353EPSS
Exploits0References1Affected Software13
CVE
CVE
added 4 days ago9 views

CVE-2026-50697

The CVE-2026-50697 entry concerns a vulnerability in the Windows Common Log File System Driver that could allow an attacker with local access to elevate privileges. The issue is described as exposure of sensitive information to an unauthorized actor, enabling local privilege escalation. Public de...

7.8CVSS6AI score0.00284EPSS
Exploits0References1Affected Software12
Positive Technologies
Positive Technologies
added 4 days ago4 views

PT-2026-58114

Name of the Vulnerable Software and Affected Versions Windows File Explorer affected versions not specified Description An authorized attacker can locally disclose sensitive information due to an exposure of sensitive information to an unauthorized actor within Windows File Explorer...

5.5CVSS6.1AI score0.00353EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 4 days ago4 views

PT-2026-58631

Name of the Vulnerable Software and Affected Versions Windows Win32K affected versions not specified Description Exposure of sensitive information to an unauthorized actor in Windows Win32K allows an unauthorized attacker to elevate privileges locally. This issue enables attackers to gain...

6.2CVSS6AI score0.00495EPSS
Exploits0References5
NVD
NVD
added 5 days ago5 views

CVE-2026-12385

The Smart Slider 3 plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.5.1.37 via the 'keyword' parameter. This makes it possible for authenticated attackers, with contributor-level access and above, to extract titles and full content...

4.3CVSS0.00242EPSS
Exploits0References7
Rows per page
Query Builder