1895 matches found
EUVD-2026-33851
The Slider Revolution plugin for WordPress is vulnerable to Sensitive Information Exposure in versions 7.0.0 - 7.0.14, via the 'slider.get.full' AJAX Action. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data including raw social...
CVE-2026-9048
The Slider Revolution plugin for WordPress is vulnerable to Sensitive Information Exposure in versions 7.0.0 - 7.0.14, via the 'slider.get.full' AJAX Action. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data including raw social...
PT-2026-45882
Name of the Vulnerable Software and Affected Versions LibreChat versions prior to 0.8.4 Description Users with only VIEW access to an MCP server can retrieve decrypted admin-managed secrets. This occurs through the endpoints "/api/mcp/servers" and "/api/mcp/servers/:serverName", where the returne...
PT-2026-45713
Name of the Vulnerable Software and Affected Versions Laiser Tag versions prior to 1.2.6 Description The Laiser Tag plugin for WordPress is subject to Cross-Site Request Forgery CSRF, a flaw where an attacker tricks a victim into executing unwanted actions. This occurs due to missing or incorrect...
CVE-2026-9048 Slider Revolution 7.0.0 - 7.0.14 - Incorrect Authorization to Authenticated (Contributor+) Sensitive Information Exposure
The Slider Revolution plugin for WordPress is vulnerable to Sensitive Information Exposure in versions 7.0.0 - 7.0.14, via the 'slider.get.full' AJAX Action. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data including raw social...
CVE-2026-9048
The Slider Revolution plugin for WordPress is vulnerable to Sensitive Information Exposure in versions 7.0.0 - 7.0.14, via the 'slider.get.full' AJAX Action. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data including raw social...
CVE-2026-9048 Slider Revolution 7.0.0 - 7.0.14 - Incorrect Authorization to Authenticated (Contributor+) Sensitive Information Exposure
The Slider Revolution plugin for WordPress is vulnerable to Sensitive Information Exposure in versions 7.0.0 - 7.0.14, via the 'slider.get.full' AJAX Action. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data including raw social...
CVE-2026-9048
The Slider Revolution WordPress plugin is affected (versions 7.0.0–7.0.14). The vulnerability arises in the slider.get.full AJAX action, enabling authenticated attackers with Contributor-level access and higher to expose sensitive data stored in slider settings. Exposed data includes raw social m...
CVE-2026-9831
A race condition in the shared Extreme Platform ONE IAM Gateway API-key authentication path could, under specific high-concurrency traffic conditions, intermittently allow requests authenticated with an Extreme Platform ONE /IAM-issued API key to receive response data for another tenant. The issu...
PT-2026-45666
The Slider Revolution plugin for WordPress is vulnerable to Sensitive Information Exposure in versions 7.0.0 - 7.0.14, via the 'slider.get.full' AJAX Action. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data including raw social...
CVE-2026-9831
A race condition in the shared Extreme Platform ONE IAM Gateway API-key authentication path could, under specific high-concurrency traffic conditions, intermittently allow requests authenticated with an Extreme Platform ONE /IAM-issued API key to receive response data for another tenant. The issu...
CVE-2026-9831 ExtremeCloud IQ Cross Tenant Data Exposure via Extreme Platform One Authentication Race Condition
A race condition in the shared Extreme Platform ONE IAM Gateway API-key authentication path could, under specific high-concurrency traffic conditions, intermittently allow requests authenticated with an Extreme Platform ONE /IAM-issued API key to receive response data for another tenant. The issu...
CVE-2026-9831 ExtremeCloud IQ Cross Tenant Data Exposure via Extreme Platform One Authentication Race Condition
A race condition in the shared Extreme Platform ONE IAM Gateway API-key authentication path could, under specific high-concurrency traffic conditions, intermittently allow requests authenticated with an Extreme Platform ONE /IAM-issued API key to receive response data for another tenant. The issu...
PT-2026-44998
Name of the Vulnerable Software and Affected Versions ExtremeCloud IQ affected versions not specified Description A race condition in the shared Extreme Platform ONE IAM Gateway API-key authentication path can intermittently allow requests authenticated with an Extreme Platform ONE /IAM-issued AP...
CVE-2026-45296
OpenReplay before 1.26.0 exposes cross-tenant risks via the Python API app_apikey routes that trust a caller-provided projectKey after validating only the API key and existence of the projectKey. The authorization flow fails to bind the authenticated API key to the correct tenant, enabling an att...
CVE-2026-45296 OpenReplay: Cross-tenant information disclosure in app_apikey projectKey routes via missing tenant binding
OpenReplay is a self-hosted session replay suite. Prior to 1.26.0, OpenReplay's Python API exposes several appapikey routes that trust a caller-provided projectKey after validating only that the API key itself is valid and that the target projectKey exists. The authorization flow does not verify...
CVE-2026-45090
Dalfox is a powerful open-source XSS scanner and utility focused on automation. Prior to 2.13.0, ParameterAnalysis in pkg/scanning/parameterAnalysis.go runs two sequential worker stages that both write to the same results channel. The channel is correctly closed after the first stage completes...
CVE-2026-44213
The CVE affects the OpenTelemetry.Exporter.Instana NuGet package. Before version 1.1.0, when INSTANA_ENDPOINT_PROXY is set, the Transport.ConfigureBackendClient() code creates an HttpClient that disables TLS certificate validation, allowing a network attacker to perform a MitM on the proxy and re...
EUVD-2026-32014
The OpenTelemetry.Exporter.Instana exports telemetry to Instana backend. Prior to 1.1.0, the OpenTelemetry.Exporter.Instana NuGet package does not validate HTTPS/TLS certificates are valid when sending telemetry to a configured Instana back-end when a proxy is configured using the...
CVE-2026-44213
The OpenTelemetry.Exporter.Instana exports telemetry to Instana backend. Prior to 1.1.0, the OpenTelemetry.Exporter.Instana NuGet package does not validate HTTPS/TLS certificates are valid when sending telemetry to a configured Instana back-end when a proxy is configured using the...