Lucene search
+L

392 matches found

Positive Technologies
Positive Technologies
added 2026/01/23 12:0 a.m.7 views

PT-2026-4384

Name of the Vulnerable Software and Affected Versions webpushr versions through 4.38.0 Description A flaw exists in webpushr webpushr-web-push-notifications that could allow retrieval of embedded sensitive data. This issue relates to the exposure of sensitive system information to an unauthorized...

5.3AI score0.00305EPSS
Exploits0References3
NVD
NVD
added 2026/01/22 5:16 p.m.3 views

CVE-2025-67954

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Dimitri Grassi Salon booking system salon-booking-system allows Retrieve Embedded Sensitive Data.This issue affects Salon booking system: from n/a through = 10.30.3...

6.5CVSS0.00355EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/01/22 12:0 a.m.7 views

PT-2026-4002

Name of the Vulnerable Software and Affected Versions sizam REHub Framework versions prior to 19.9.9.4 Description A flaw exists in the sizam REHub Framework, specifically in the rehub-framework component, that allows for the retrieval of embedded sensitive data. This results in the exposure of...

5.2AI score0.00314EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/01/22 12:0 a.m.6 views

PT-2026-4070

Name of the Vulnerable Software and Affected Versions ThemeHunk Contact Form & Lead Form Elementor Builder versions through 2.0.1 Description A flaw exists in ThemeHunk Contact Form & Lead Form Elementor Builder that could allow retrieval of embedded sensitive data. The issue is related to the...

5.3AI score0.00355EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/01/09 12:0 a.m.4 views

PT-2026-2000

Name of the Vulnerable Software and Affected Versions Langflow affected versions not specified Description A flaw exists in Langflow that allows remote attackers to execute arbitrary code. Authentication is not required for exploitation. The issue stems from the inclusion of functionality from an...

9.8CVSS9AI score0.10371EPSS
Exploits8References20
Zero Day Initiative
Zero Day Initiative
added 2026/01/09 12:0 a.m.11 views

(0Day) Langflow exec_globals Inclusion of Functionality from Untrusted Control Sphere Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Langflow. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the execglobals parameter provided to the validate endpoint. The issue results...

9.8CVSS7.6AI score0.10371EPSS
Exploits8
RedhatCVE
RedhatCVE
added 2026/01/08 3:14 a.m.6 views

CVE-2025-31051

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in EngoTheme Plant - Gardening & Houseplants WordPress Theme allows Retrieve Embedded Sensitive Data.This issue affects Plant - Gardening & Houseplants WordPress Theme: from n/a through 1.0.0...

5.3CVSS8.5AI score0.00196EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2026/01/07 2:31 p.m.174 views

Exploit for Inclusion of Functionality from Untrusted Control Sphere in Sudo_Project Sudo

CVE-2025-32463...

9.3CVSS7AI score0.47467EPSS
Exploits70
RedhatCVE
RedhatCVE
added 2026/01/01 4:27 p.m.13 views

CVE-2025-62114

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in marcelotorres Download Media Library download-media-library allows Retrieve Embedded Sensitive Data.This issue affects Download Media Library: from n/a through = 0.2.1...

5.3CVSS5.9AI score0.00196EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/31 4:30 p.m.5 views

EUVD-2025-206017

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Digages Direct Payments WP allows Retrieve Embedded Sensitive Data.This issue affects Direct Payments WP: from n/a through 1.3.0...

4.3CVSS6.3AI score0.00272EPSS
Exploits0References2
NVD
NVD
added 2025/12/31 4:15 p.m.8 views

CVE-2025-62143

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in nicashmu Post Video Players video-playlist-and-gallery-plugin allows Retrieve Embedded Sensitive Data.This issue affects Post Video Players: from n/a through = 1.163...

4.3CVSS0.0018EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/31 3:49 p.m.6 views

EUVD-2025-206027

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in nicashmu Post Video Players allows Retrieve Embedded Sensitive Data.This issue affects Post Video Players: from n/a through 1.163...

4.3CVSS6.3AI score0.0018EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/12/31 3:49 p.m.4 views

CVE-2025-62143 WordPress Post Video Players plugin <= 1.163 - Sensitive Data Exposure vulnerability

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in nicashmu Post Video Players allows Retrieve Embedded Sensitive Data.This issue affects Post Video Players: from n/a through 1.163...

4.3CVSS6.5AI score0.0018EPSS
Exploits0References1
CVE
CVE
added 2025/12/31 3:49 p.m.15 views

CVE-2025-62143

Technical details about CVE-2025-62143 are not provided in the supplied documents. The connected Wordfence report does not specify affected versions or remediation. Monitor for updates from vendors/security researchers for confirmed impact, exploitability, and fixes.

4.3CVSS5.9AI score0.0018EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/31 12:0 a.m.8 views

PT-2025-54362

Name of the Vulnerable Software and Affected Versions Marcelo Torres Download Media Library versions through 0.2.1 Description A flaw exists in Marcelo Torres Download Media Library that allows the retrieval of embedded sensitive data, leading to exposure of sensitive system information to an...

5.3CVSS6.2AI score0.00196EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/12/31 12:0 a.m.6 views

PT-2025-54367

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in nicashmu Post Video Players allows Retrieve Embedded Sensitive Data.This issue affects Post Video Players: from n/a through 1.163...

4.3CVSS6.8AI score0.0018EPSS
Exploits0References2
Snyk
Snyk
added 2025/12/26 6:30 a.m.3 views

Exposure of Sensitive System Information to an Unauthorized Control Sphere

Overview Affected versions of this package are vulnerable to Exposure of Sensitive System Information to an Unauthorized Control Sphere via the lastlogintime sort order in the explore/users page. An attacker can obtain sensitive information about users' login times by querying the user exploratio...

6.9CVSS6.5AI score0.00328EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/12/25 1:23 p.m.4 views

CVE-2025-68606

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPXPO PostX ultimate-post allows Retrieve Embedded Sensitive Data.This issue affects PostX: from n/a through = 5.0.3...

5.3CVSS6.9AI score0.00201EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/25 1:23 p.m.5 views

CVE-2025-68576

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Virusdie Virusdie virusdie allows Retrieve Embedded Sensitive Data.This issue affects Virusdie: from n/a through = 1.1.6...

4.3CVSS6.9AI score0.00215EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/25 1:23 p.m.6 views

CVE-2025-68494

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Leap13 Premium Addons for Elementor premium-addons-for-elementor allows Retrieve Embedded Sensitive Data.This issue affects Premium Addons for Elementor: from n/a through = 4.11.53...

5.3CVSS6.9AI score0.00305EPSS
Exploits0References1
Rows per page
Query Builder