CVE-2026-44692

CVE-2026-44692 affects the Sharp CMS package for Laravel. Prior to version 9.22.0, the generic download endpoint authorizes access only to the selected Sharp entity but then reads the target disk and path from request parameters, allowing an authenticated user who can view one valid record to dow...

EUVD-2026-36118

Sharp is a content management framework built for Laravel as a package. Prior to version 9.22.0, Sharp exposes a generic download endpoint that authorizes access only to the supplied Sharp entity instance, but then reads the target storage disk and path from request parameters. Because the...

Linux Distros Unpatched Vulnerability : CVE-2026-1556

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Information disclosure in the file URI processing of File Field Paths in Drupal File Field Paths 7.x prior to 7.1.3 on Drupal 7.x allows authenticated users to...

WordPress Core <= 6.9.1 - Missing Authorization to Authenticated (Author+) Sensitive Information Disclosure vulnerability

Missing Authorization to Authenticated Author+ Sensitive Information Disclosure vulnerability discovered by Vitaly Simonovich in WordPress core versions = 6.9.1...

WordPress GreenShift - Animation and Page Builder Blocks plugin <= 12.5.7 - Authenticated (Subscriber+) Information Disclosure of AI API Keys vulnerability

WordPress GreenShift - Animation and Page Builder Blocks plugin = 12.5.7 - Authenticated Subscriber+ Information Disclosure of AI API Keys vulnerability discovered by ISMAILSHADOW in WordPress Plugin Greenshift versions = 12.5.7...

WordPress Tutor LMS plugin <= 3.9.5 - Authenticated (Subscriber+) Information Disclosure in Coupon Details via 'tutor_coupon_details' AJAX Action vulnerability

Authenticated Subscriber+ Information Disclosure in Coupon Details via 'tutorcoupondetails' AJAX Action vulnerability discovered by Supakiad S. m3ez - E-CQURITY Thailand in WordPress Plugin Tutor LMS versions = 3.9.5...

CVE-2025-30662

Symlink following in the installer for the Zoom Workplace VDI Plugin macOS Universal installer before version 6.3.14, 6.4.14, and 6.5.10 in their respective tracks may allow an authenticated user to conduct a disclosure of information via network access...

Linux Distros Unpatched Vulnerability : CVE-2016-9449

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The taxonomy module in Drupal 7.x before 7.52 and 8.x before 8.2.3 might allow remote authenticated users to obtain sensitive information about taxonomy terms b...

microcode_ctl: Exposure of sensitive information

Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution for some Intel AtomR processors may allow an authenticated user to potentially enable information disclosure via local access...

CVE-2024-51984 Authenticated disclosure of external service passwords via pass-back attack affecting multiple models from Brother Industries, Ltd, FUJIFILM Business Innovation, Ricoh, Toshiba Tec, and Konica Minolta, Inc.

An authenticated attacker can reconfigure the target device to use an external service such as LDAP or FTP controlled by the attacker. If an existing password is present for an external service, the attacker can force the target device to authenticate to an attacker controlled device using the...

CVE-2020-13424

The XCloner component before 3.5.4 for Joomla! allows Authenticated Local File Disclosure...

WordPress DethemeKit For Elementor plugin <= 2.1.8 - Authenticated (Contributor+) Protected Post Disclosure vulnerability

Authenticated Contributor+ Protected Post Disclosure vulnerability discovered by Webbernaut in WordPress Plugin DethemeKit For Elementor versions = 2.1.8...

WordPress Post Duplicator plugin <= 2.36 - Authenticated (Contributor+) Protected Post Disclosure vulnerability

Authenticated Contributor+ Protected Post Disclosure vulnerability discovered by Webbernaut in WordPress Plugin Post Duplicator versions = 2.36...

WordPress Button Block plugin <= 1.1.5 - Authenticated (Contributor+) Post Disclosure via Post Duplication vulnerability

Authenticated Contributor+ Post Disclosure via Post Duplication vulnerability discovered by Webbernaut in WordPress Plugin Button Block versions = 1.1.5...

CVE-2023-4896 Authenticated Disclosure of Sensitive Information in AirWave Management Platform

A vulnerability exists which allows an authenticated attacker to access sensitive information on the AirWave Management Platform web-based management interface. Successful exploitation allows the attacker to gain access to some data that could be further exploited to laterally access devices...

CVE-2023-4896 Authenticated Disclosure of Sensitive Information in AirWave Management Platform

A vulnerability exists which allows an authenticated attacker to access sensitive information on the AirWave Management Platform web-based management interface. Successful exploitation allows the attacker to gain access to some data that could be further exploited to laterally access devices...

PT-2023-4646 · Zoom · Zoom

Name of the Vulnerable Software and Affected Versions: Zoom versions prior to 5.14.10 Description: The issue is related to the client-side enforcement of server-side security in Zoom clients, which may allow an authenticated user to enable information disclosure via network access. This could...

CVE-2022-41614

Insufficiently protected credentials in the IntelR ON Event Series Android application before version 2.0 may allow an authenticated user to potentially enable information disclosure via local access...

PT-2022-25331 · Unknown · Application

Name of the Vulnerable Software and Affected Versions: Application affected versions not specified Description: The issue allows authenticated information disclosure, enabling administrators to view unsalted user passwords. This could lead to the compromise of plaintext passwords via offline...

CVE-2021-29450 WordPress Authenticated disclosure of password-protected posts and pages

Wordpress is an open source CMS. One of the blocks in the WordPress editor can be exploited in a way that exposes password-protected posts and pages. This requires at least contributor privileges. This has been patched in WordPress 5.7.1, along with the older affected versions via minor releases...