EUVD-2026-30599

phpMyFAQ before 4.1.2 contains an authorization bypass vulnerability in AbstractAdministrationController::userHasPermission that fails to terminate execution after sending a forbidden response. Attackers can access all permission-protected admin pages by requesting their URLs as authenticated...

GHSA-GFC2-9QMW-W7VH Glances: Cross-Origin Information Disclosure via Unauthenticated REST API (/api/4) due to Permissive CORS

Summary The Glances web server exposes a REST API /api/4/ that is accessible without authentication and allows cross-origin requests from any origin due to a permissive CORS policy Access-Control-Allow-Origin: . This allows a malicious website to read sensitive system information from a running...

EUVD-2025-209513

Exposure of Private Personal Information to an Unauthorized Actor, : Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Sparx Systems Pty Ltd. Sparx Pro Cloud Server. Unauthenticated user can retrieve database password in plaintext in certain situations...

CVE-2026-2753

An Absolute Path Traversal vulnerability exists in Navtor NavBox. The application exposes an HTTP service that fails to properly sanitize user-supplied path input. Unauthenticated remote attackers can exploit this issue by submitting requests containing absolute filesystem paths. Successful...

CVE-2026-2753

An Absolute Path Traversal vulnerability exists in Navtor NavBox. The application exposes an HTTP service that fails to properly sanitize user-supplied path input. Unauthenticated remote attackers can exploit this issue by submitting requests containing absolute filesystem paths. Successful...

CVE-2026-3010

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Microchip TimePictra allows Query System for Information.This issue affects TimePictra: from 11.0 through 11.3 SP2...

CVE-2025-13136

CVE-2025-13136 affects the WordPress plugin GSheetConnector For Ninja Forms (

WordPress GSheetConnector For Ninja Forms plugin <= 2.0.1 - Missing Authorization to Authenticated (Subscriber+) System Information Exposure vulnerability

Missing Authorization to Authenticated Subscriber+ System Information Exposure vulnerability discovered by Bhayanak Atma in WordPress Plugin Ninja Forms Google Sheet Connector versions = 2.0.1...

CVE-2025-34156

CVE-2025-34156 concerns Tibbo AggreGate Network Manager versions before 6.40.05, where an unauthenticated endpoint at /cwmp/happyaxis.jsp exposes sensitive system information. The page discloses Java system properties, server path details, and version information to unauthorized users, creating i...

CVE-2025-59575 WordPress MasterStudy LMS plugin <= 3.6.20 - Sensitive Data Exposure vulnerability

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Stylemix MasterStudy LMS masterstudy-lms-learning-management-system allows Retrieve Embedded Sensitive Data.This issue affects MasterStudy LMS: from n/a through = 3.6.20...

PT-2025-42884

Name of the Vulnerable Software and Affected Versions CityPLus versions prior to 24.29500.1.0 Description An issue exists in Beyaz Bilgisayar Software Design Industry and Trade Ltd. Co. CityPLus that allows for the detection of unpublicized web pages, potentially leading to exposure of sensitive...

EUVD-2025-33882

HCL Unica 12.1.10 can expose sensitive system information. An attacker could use this information to form an attack plan by leveraging known vulnerabilities in the application...

EUVD-2012-0248

Malware in sbrugna...

EUVD-2021-10928

Malware in sbrugna...

EUVD-2020-18285

Malware in sbrugna...

EUVD-2025-23308

Malicious code in bioql PyPI...

CVE-2025-60167

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in honzat Page Manager for Elementor page-manager-for-elementor allows Retrieve Embedded Sensitive Data.This issue affects Page Manager for Elementor: from n/a through = 2.0.5...

PT-2025-39539

Name of the Vulnerable Software and Affected Versions Shahjada Download Manager versions through 3.3.24 Description A flaw exists in Shahjada Download Manager that could allow unauthorized retrieval of embedded sensitive data, potentially exposing system information. Recommendations Update Shahja...

CVE-2025-42927 Information Disclosure due to Outdated OpenSSL Version in SAP NetWeaver AS Java (Adobe Document Service)

SAP NetWeaver AS Java application uses Adobe Document Service, installed with a vulnerable version of OpenSSL.Successful exploitation of known vulnerabilities in the outdated OpenSSL library would allow user with high system privileges to access and modify system information.This vulnerability ha...

WordPress plugin ProveSource Social Proof 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security vulnerability...