CVE-2026-32609 Glances has Incomplete Secrets Redaction: /api/v4/args Endpoint Leaks Password Hash and SNMP Credentials

Glances is an open-source system cross-platform monitoring tool. The GHSA-gh4x fix commit 5d3de60 addressed unauthenticated configuration secrets exposure on the /api/v4/config endpoints by introducing asdictsecure redaction. However, the /api/v4/args and /api/v4/args/item endpoints were not...

CVE-2026-32609 Glances has Incomplete Secrets Redaction: /api/v4/args Endpoint Leaks Password Hash and SNMP Credentials

Glances is an open-source system cross-platform monitoring tool. The GHSA-gh4x fix commit 5d3de60 addressed unauthenticated configuration secrets exposure on the /api/v4/config endpoints by introducing asdictsecure redaction. However, the /api/v4/args and /api/v4/args/item endpoints were not...

CVE-2026-32609

CVE-2026-32609 (Glances) : The issue prime in Glances is incomplete redaction of secrets on API endpoints. The GHSA-gh4x fix redacted credentials on /api/v4/config via as_dict_secure(), but endpoints /api/v4/args and /api/v4/args/{item} still exposed the full command-line namespace (vars(self.arg...

CVE-2026-2373

The Royal Addons for Elementor – Addons and Templates Kit for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.7.1049 via the getmainqueryargs function due to insufficient restrictions on which posts can be included. This makes it possib...

CVE-2026-2373

The Royal Addons for Elementor – Addons and Templates Kit for Elementor (WordPress) is affected up to version 1.7.1049. The vulnerability arises in get_main_query_args(), due to insufficient restrictions on which posts can be included, allowing unauthenticated attackers to exfiltrate contents of ...

CVE-2026-2373

The Royal Addons for Elementor – Addons and Templates Kit for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.7.1049 via the getmainqueryargs function due to insufficient restrictions on which posts can be included. This makes it possib...

CVE-2026-2373 Royal Addons for Elementor – Addons and Templates Kit for Elementor <= 1.7.1049 - Missing Authorization to Unauthenticated Custom Post Type Contents Exposure

The Royal Addons for Elementor – Addons and Templates Kit for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.7.1049 via the getmainqueryargs function due to insufficient restrictions on which posts can be included. This makes it possib...

PT-2026-25870

The Royal Addons for Elementor – Addons and Templates Kit for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.7.1049 via the get main query args function due to insufficient restrictions on which posts can be included. This makes it...

Glances has Incomplete Secrets Redaction: /api/v4/args Endpoint Leaks Password Hash and SNMP Credentials

Summary The GHSA-gh4x fix commit 5d3de60 addressed unauthenticated configuration secrets exposure on the /api/v4/config endpoints by introducing asdictsecure redaction. However, the /api/v4/args and /api/v4/args/item endpoints were not addressed by this fix. These endpoints return the complete...

GHSA-CVWP-R2G2-J824 Glances has Incomplete Secrets Redaction: /api/v4/args Endpoint Leaks Password Hash and SNMP Credentials

Summary The GHSA-gh4x fix commit 5d3de60 addressed unauthenticated configuration secrets exposure on the /api/v4/config endpoints by introducing asdictsecure redaction. However, the /api/v4/args and /api/v4/args/item endpoints were not addressed by this fix. These endpoints return the complete...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-005678)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005678 advisory. In the Linux kernel, the following vulnerability has been resolved: software node: Correct a OOB check in softwarenodegetreferenceargs softwarenodegetreferenceargs...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-005463)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005463 advisory. In the Linux kernel, the following vulnerability has been resolved: software node: Correct a OOB check in softwarenodegetreferenceargs softwarenodegetreferenceargs...

PT-2026-20964

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.2.15 Description A configuration injection issue in the Docker tool sandbox could allow dangerous Docker options bind mounts, host networking, unconfined profiles to be applied, potentially enabling container...

CVE-2025-13431

The SlimStat Analytics plugin for WordPress is vulnerable to time-based SQL Injection via the ‘args’ parameter in all versions up to, and including, 5.3.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possib...

CVE-2025-13431

The SlimStat Analytics plugin for WordPress is vulnerable to time-based SQL Injection via the ‘args’ parameter in all versions up to, and including, 5.3.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possib...

EUVD-2026-5772

A vulnerability was found in r-huijts xcode-mcp-server up to f3419f00117aa9949e326f78cc940166c88f18cb. This affects the function registerXcodeTools of the file src/tools/xcode/index.ts of the component runlldb. The manipulation of the argument args results in command injection. It is possible to...

Xcode MCP Server 命令注入漏洞

Xcode MCP Server is an Xcode-compatible context protocol server developed by R. Huijts. Xcode MCP Server has a command injection vulnerability, which stems from incorrect handling of the args parameter in the src/tools/xcode/index.ts file, potentially leading to command injection...

CVE-2025-15525

The Ajax Load More – Infinite Scroll, Load More, & Lazy Load plugin for WordPress is vulnerable to unauthorized access of data due to incorrect authorization on the parsecustomargs function in all versions up to, and including, 7.8.1. This makes it possible for unauthenticated attackers to expose...

CVE-2025-15525

CVE-2025-15525 affects the WordPress plugin “Ajax Load More – Infinite Scroll, Load More, & Lazy Load.” The vulnerability arises from incorrect authorization in the parse_custom_args() function, allowing unauthenticated users to view titles and excerpts of private, draft, pending, scheduled, and ...

CVE-2025-15525 Ajax Load More – Infinite Scroll, Lazy Load & Load More <= 7.8.1 - Incorrect Authorization to Unauthenticated Private/Draft Post Title and Excerpt Exposure

The Ajax Load More – Infinite Scroll, Load More, & Lazy Load plugin for WordPress is vulnerable to unauthorized access of data due to incorrect authorization on the parsecustomargs function in all versions up to, and including, 7.8.1. This makes it possible for unauthenticated attackers to expose...