PT-2026-41827

The Fortis for WooCommerce WordPress plugin before 1.3.1 may leak sensitive API keys to unauthenticated attackers, allowing them to query Fortis' API and retrieve sensitive customer information, like past orders, PII, etc...

CVE-2026-7864 Exposure of Sensitive Information to an Unauthorized Actor

SEPPmail Secure Email Gateway before version 15.0.4 exposes server environment variables through an unauthenticated endpoint in the new GINA UI, allowing remote attackers to obtain sensitive system information...

Tenable Nessus 后置链接漏洞

Tenable Nessus is a vulnerability scanning software developed by the American company Tenable. Tenable Nessus has a backlink vulnerability, which allows attackers to create connection points, enabling them to delete any file with SYSTEM privileges. This vulnerability could potentially be exploite...

Festo MSE6 安全漏洞

MSE6-D2M-5000-CBUS-S-RG-BAR-VCB-AGD,MSE6-E2M-5000-FB13-AGD,MSE6-E2M-5000-FB37-AGD and so on are industrial control components. A denial of service vulnerability exists in several festo products, which can be exploited by attackers to gain control of a server...

NEC Platforms Aterm Series 安全漏洞

The NEC Platforms Aterm Series is a series of wireless router and network device products developed by the Japanese company NEC. The NEC Platforms Aterm Series contains security vulnerabilities, which stem from lack of authorization. These vulnerabilities may allow attackers to access device...

Apple macOS 安全漏洞

Apple macOS is a specialized operating system developed by Apple for Mac computers. A security vulnerability exists in Apple macOS, which stems from improper handling of temporary files, and can be exploited by an attacker to cause an application to access sensitive user data...

Apple macOS 安全漏洞

Apple macOS is a specialized operating system developed by Apple for Mac computers. Apple macOS has a security vulnerability that can be exploited by attackers to cause applications to access sensitive user data...

Apple多款产品 安全漏洞

Apple iOS, among others, are products of the American company Apple. Apple iOS is an operating system developed for mobile devices. Apple macOS is a dedicated operating system designed specifically for Mac computers. Apple iPadOS is an operating system for iPad tablets. Several of Apple’s product...

Microsoft Azure IoT Explorer 安全漏洞

Microsoft Azure IoT Explorer is a free and open-source desktop application developed by Microsoft Corporation. There are security vulnerabilities present in Microsoft Azure IoT Explorer. Attackers can exploit these vulnerabilities to obtain sensitive information...

CVE-2025-70829

An information exposure vulnerability in Datart v1.0.0-rc.3 allows authenticated attackers to access sensitive data via a custom H2 JDBC connection string...

SAP Support Tools Plug-In 安全漏洞

SAP Support Tools Plug-In is a basic component plugin developed by the German company SAP. The SAP Support Tools Plug-In has a security vulnerability; this vulnerability stems from the lack of authorization checks in the function modules. This could allow authenticated attackers to call specific...

Malicious Chrome extensions can spy on your ChatGPT chats

Researchers discovered 16 malicious browser extensions for Google Chrome and Microsoft Edge that steal ChatGPT session tokens, giving attackers access to accounts, including conversation history and metadata. The 16 malicious extensions 15 for Chrome and 1 for Edge claim to improve and optimize...

Huawei HarmonyOS Memo Module Privilege Control Vulnerability

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A privilege control vulnerability exists in the Huawei HarmonyOS memo module, which can be exploited by an attacker to compromise confidentiality...

GO-2025-4197 Mattermost Server exposes OAuth personal access tokens to attackers in github.com/mattermost/mattermost-server

Mattermost Server exposes OAuth personal access tokens to attackers in github.com/mattermost/mattermost-server...

EUVD-2025-200144

Improper export of android application components in Dynamic Lockscreen prior to SMR Dec-2025 Release 1 allows local attackers to access files with Dynamic Lockscreen's privilege...

CVE-2025-21080

The CVE-2025-21080 issue affects Samsung Android devices with Dynamic Lockscreen, where improper export of Android app components could allow a local attacker to access files under the Lockscreen app privileges. The Red Hat/NVD entries describe the same vulnerability, with impact limited to confi...

Linux Distros Unpatched Vulnerability : CVE-2021-3426

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - There's a flaw in Python 3's pydoc. A local or adjacent attacker who discovers or is able to convince another local or adjacent user to start a pydoc server cou...

CVE-2025-41337 Missing Authorization vulnerability in CanalDenuncia.app

A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameter 'web' in '/backend/api/buscarSSOParametros.php'...

CVE-2025-41336 Missing Authorization vulnerability in CanalDenuncia.app

A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameter 'web' in '/backend/api/buscarConfiguracionParametros.php'...

CVE-2025-52625

CVE-2025-52625 affects HCL AION 2.0. A vulnerability described as a Cacheable SSL Page Found issue could allow attackers with access to the device or browser to view cached data, exposing credentials, system identifiers, or internal file paths. Root cause specifics, affected components beyond the...