Lucene search
K

821 matches found

Cvelist
Cvelist
added 2026/03/04 1:21 a.m.32 views

CVE-2026-1980 WPBookit <= 1.0.8 - Missing Authorization to Unauthenticated Sensitive Customer Data Exposure

The WPBookit plugin for WordPress is vulnerable to unauthorized data disclosure due to a missing authorization check on the 'getcustomerlist' route in all versions up to, and including, 1.0.8. This makes it possible for unauthenticated attackers to retrieve sensitive customer information includin...

5.3CVSS0.00375EPSS
Exploits0References4
CVE
CVE
added 2026/03/04 1:21 a.m.16 views

CVE-2026-1980

CVE-2026-1980 refers to the WPBookit WordPress plugin, affecting versions up to 1.0.8. Root cause: missing authorization on the get_customer_list route, enabling unauthenticated attackers to disclose sensitive customer data (names, emails, phone numbers, dates of birth, gender). Impact: unauthori...

5.3CVSS5.9AI score0.00375EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/03/04 12:0 a.m.12 views

PT-2026-22859

The WPBookit plugin for WordPress is vulnerable to unauthorized data disclosure due to a missing authorization check on the 'get customer list' route in all versions up to, and including, 1.0.8. This makes it possible for unauthenticated attackers to retrieve sensitive customer information...

5.3CVSS5.9AI score0.00375EPSS
Exploits0References5
Patchstack
Patchstack
added 2026/03/03 11:45 p.m.6 views

WordPress WPBookit plugin <= 1.0.8 - Missing Authorization to Unauthenticated Sensitive Customer Data Exposure vulnerability

Missing Authorization to Unauthenticated Sensitive Customer Data Exposure vulnerability discovered by MD. TAREQ AHAMED JONY itztrq - Knight Squad in WordPress Plugin WPBookit versions = 1.0.8...

5.3CVSS5.9AI score0.00375EPSS
Exploits0References1Affected Software1
Malwarebytes
Malwarebytes
added 2026/02/19 11:48 a.m.8 views

Intimate products maker Tenga spilled customer data

Tenga confirmed reports published by several outlets that the company notified customers of a data breach. The Japanese manufacturer of adult products appears to have fallen victim to a phishing attack targeting one of its employees. Tenga reportedly wrote in the data breach notification: “An...

5.8AI score
Exploits0
OSV
OSV
added 2026/02/06 6:10 p.m.6 views

CVE-2025-69216 OpenSTAManager has an SQL Injection in Scadenzario Print Template

OpenSTAManager is an open source management software for technical assistance and invoicing. In 2.9.8 and earlier, an authenticated SQL injection vulnerability in OpenSTAManager's Scadenzario Payment Schedule print template allows any authenticated user to extract sensitive data from the database...

8.7CVSS5.6AI score0.00354EPSS
Exploits3References3
ATTACKERKB
ATTACKERKB
added 2026/02/06 6:10 p.m.6 views

CVE-2025-69216

OpenSTAManager is an open source management software for technical assistance and invoicing. In 2.9.8 and earlier, an authenticated SQL injection vulnerability in OpenSTAManager's Scadenzario Payment Schedule print template allows any authenticated user to extract sensitive data from the database...

8.7CVSS5.6AI score0.00354EPSS
Exploits3References2Affected Software1
Cvelist
Cvelist
added 2026/02/06 6:10 p.m.27 views

CVE-2025-69216 OpenSTAManager has an SQL Injection in Scadenzario Print Template

OpenSTAManager is an open source management software for technical assistance and invoicing. In 2.9.8 and earlier, an authenticated SQL injection vulnerability in OpenSTAManager's Scadenzario Payment Schedule print template allows any authenticated user to extract sensitive data from the database...

8.7CVSS0.00354EPSS
Exploits3References1
Vulnrichment
Vulnrichment
added 2026/02/06 6:10 p.m.4 views

CVE-2025-69216 OpenSTAManager has an SQL Injection in Scadenzario Print Template

OpenSTAManager is an open source management software for technical assistance and invoicing. In 2.9.8 and earlier, an authenticated SQL injection vulnerability in OpenSTAManager's Scadenzario Payment Schedule print template allows any authenticated user to extract sensitive data from the database...

8.7CVSS5.8AI score0.00354EPSS
Exploits3References1
EUVD
EUVD
added 2026/02/06 6:10 p.m.5 views

EUVD-2025-206886

OpenSTAManager is an open source management software for technical assistance and invoicing. In 2.9.8 and earlier, an authenticated SQL injection vulnerability in OpenSTAManager's Scadenzario Payment Schedule print template allows any authenticated user to extract sensitive data from the database...

8.7CVSS5.6AI score0.00354EPSS
Exploits3References1
Snyk
Snyk
added 2026/02/06 6:6 p.m.5 views

SQL Injection

Overview devcode-it/openstamanager is a management software for technical assistance and electronic invoicing Affected versions of this package are vulnerable to SQL Injection via the idanagrafica parameter in the init.php file. An attacker can extract sensitive database information, including...

8.8CVSS6.1AI score0.00354EPSS
Exploits3References2
Nuclei
Nuclei
added 2026/02/04 7:0 a.m.122 views

VICIdial Sensitive Information Disclosure

VICIdial's Web Client is susceptible to information disclosure because it contains many sensitive files that can be accessed from the client side. These files contain mysqli logs, auth logs, debug information, successful and unsuccessful login attempts with their corresponding IP's, User-Agents,...

6.6AI score
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/01 9:18 a.m.9 views

CVE-2026-1431

The Booking Calendar plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the wpbcajaxWPBCFLEXTIMELINENAV function in all versions up to, and including, 10.14.13. This makes it possible for unauthenticated attackers to retrieve booking information...

5.3CVSS5.9AI score0.00264EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/01/31 12:0 a.m.8 views

PT-2026-5502

The Booking Calendar plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the wpbc ajax WPBC FLEXTIMELINE NAV function in all versions up to, and including, 10.14.13. This makes it possible for unauthenticated attackers to retrieve booking...

5.3CVSS5.9AI score0.00264EPSS
Exploits0References3
Malwarebytes
Malwarebytes
added 2026/01/22 12:2 p.m.10 views

Under Armour ransomware breach: data of 72 million customers appears on the dark web

When reports first emerged in November 2025 that sportswear giant Under Armour had been hit by the Everest ransomware group, the story sounded depressingly familiar: a big brand, a huge trove of data, and a lot of unanswered questions. Since then, the narrative around what actually happened has...

5.5AI score
Exploits0
HackRead
HackRead
added 2026/01/20 10:39 p.m.10 views

Everest Ransomware Claims McDonalds India Breach Involving Customer Data

The notorious Everest ransomware group is claiming to have breached McDonald's India, the Indian subsidiary of the American…...

5.6AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/01/18 2:26 a.m.8 views

CVE-2025-14075

The WP Hotel Booking plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2.7. This is due to the plugin exposing the 'hotelbookingfetchcustomerinfo' AJAX action to unauthenticated users without proper capability checks, relying only on a...

5.3CVSS5.5AI score0.0026EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/01/17 2:22 a.m.4 views

CVE-2025-14075

The WP Hotel Booking plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2.7. This is due to the plugin exposing the 'hotelbookingfetchcustomerinfo' AJAX action to unauthenticated users without proper capability checks, relying only on a...

5.3CVSS5.4AI score0.0026EPSS
Exploits0References6
CVE
CVE
added 2026/01/17 2:22 a.m.25 views

CVE-2025-14075

CVE-2025-14075 affects the WP Hotel Booking plugin for WordPress (versions up to and including 2.2.7). The vulnerability exposes the unauthenticated AJAX action hotel_booking_fetch_customer_info without proper capability checks, relying only on a nonce. This allows unauthenticated attackers to re...

5.3CVSS5.2AI score0.0026EPSS
Exploits0References5
EUVD
EUVD
added 2026/01/17 2:22 a.m.8 views

EUVD-2026-3156

The WP Hotel Booking plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2.7. This is due to the plugin exposing the 'hotelbookingfetchcustomerinfo' AJAX action to unauthenticated users without proper capability checks, relying only on a...

5.3CVSS5.1AI score0.0026EPSS
Exploits0References6
Rows per page
Query Builder