4619 matches found
Label Studio - Sensitive Information Exposure
An attacker can construct a filter chain to filter tasks based on sensitive fields for all user accounts on the platform by exploiting Django's Object Relational Mapper ORM. Since the results of query can be manipulated by the ORM filter, an attacker can leak these sensitive fields character by...
LiteSpeed Cache <= 6.4.1 - Sensitive Information Exposure
The LiteSpeed Cache plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.4.1 through the debug.log file that is publicly exposed. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in the...
TCExam <= 14.8.1 - Sensitive Information Exposure
When installed following the default/recommended settings, TCExam = 14.8.1 allowed unauthenticated users to access the /cache/backup/ directory, which includes sensitive database backup files. id: CVE-2021-20114 info: name: TCExam = 14.8.1 - Sensitive Information Exposure author: push4d severity:...
Lokomedia CMS - Local File Inclusion
A Local File Inclusion LFI vulnerability exists in Lokomedia CMS. The application allows an attacker to include files on the server that should not be accessible, potentially exposing sensitive information. id: CVE-2010-2018 info: name: Lokomedia CMS - Local File Inclusion author: r3Y3r53 severit...
LearnPress < 4.2.7.4 - Course Material - Information Disclosure
LearnPress – WordPress LMS Plugin contains a sensitive information exposure caused by insecure handling in class-lp-rest-material-controller.php, letting unauthenticated attackers extract paid course material, exploit requires no authentication. id: CVE-2024-11868 info: name: LearnPress 4.2.7.4 -...
CVE-2026-13765
The CVE-2026-13765 entry concerns the LearnPress WordPress LMS Plugin (versions up to 4.4.1). The connected document indicates a root cause of Inadequate access control in REST endpoints, specifically /lp/v1/users/check-answer and /start-quiz, leading to unauthenticated Sensitive Information Expo...
EUVD-2026-45132
The pCloud WP Backup plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.0.3 via the wp2pclajaxprocessrequestinner. This makes it possible for authenticated attackers, with subscriber-level access and above, to extract force generation of a...
EUVD-2026-44924
HCL DFXAnalytics is affected by an Internal File Path Disclosure vulnerability. The application dashboard inadvertently leaks sensitive information regarding its internal file structure and directory paths through unhandled error messages, system logs, or debugging output, which could allow a...
Jira - Local File Inclusion
Jira before version 7.13.4, from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1, allows remote attackers to access files in the Jira webroot under the META-INF directory via local file inclusion. id: CVE-2019-8442 info: name: Jira - Local File Inclusion author:...
CVE-2026-12434
The List category posts plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 0.95.0 via the sanitizestatus. This makes it possible for authenticated attackers, with contributor-level access and above, to extract titles, full content, excerpts,...
CVE-2026-12434
The List category posts plugin for WordPress is vulnerable to Sensitive Information Exposure up to version 0.95.0 via sanitize_status. An authenticated attacker with contributor-level access or higher can extract titles, full content, excerpts, dates, authors, and custom-field metadata of other u...
CVE-2026-50294
Exposure of sensitive system information to an unauthorized control sphere in Windows Kernel allows an unauthorized attacker to disclose information locally...
CVE-2026-34349
Exposure of sensitive information to an unauthorized actor in Windows Media allows an authorized attacker to disclose information locally...
CVE-2026-49807
Technical details are not publicly available in the provided documents. Monitor for updates.
CVE-2026-34328
CVE-2026-34328 describes an information-disclosure issue in Windows Audio Service, allowing a local attacker with low privileges to disclose sensitive information. Affected: Windows Audio Service (Windows). Root cause details are not provided beyond the high-level description. CVSS v3.1 base scor...
CVE-2026-33842
The CVE-2026-33842 entry describes a local information disclosure in Windows File Explorer. The vulnerability allows an authorized (low privileges) attacker to disclose sensitive information locally through the File Explorer component. Per the NVD entry, the impact is confined to confidentiality ...
CVE-2026-50697
The CVE-2026-50697 entry concerns a vulnerability in the Windows Common Log File System Driver that could allow an attacker with local access to elevate privileges. The issue is described as exposure of sensitive information to an unauthorized actor, enabling local privilege escalation. Public de...
PT-2026-58114
Name of the Vulnerable Software and Affected Versions Windows File Explorer affected versions not specified Description An authorized attacker can locally disclose sensitive information due to an exposure of sensitive information to an unauthorized actor within Windows File Explorer...
PT-2026-58631
Name of the Vulnerable Software and Affected Versions Windows Win32K affected versions not specified Description Exposure of sensitive information to an unauthorized actor in Windows Win32K allows an unauthorized attacker to elevate privileges locally. This issue enables attackers to gain...
CVE-2026-12385
The Smart Slider 3 plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.5.1.37 via the 'keyword' parameter. This makes it possible for authenticated attackers, with contributor-level access and above, to extract titles and full content...