Lucene search
K

1117 matches found

CVE
CVE
added 2026/05/20 2:12 p.m.18 views

CVE-2026-8487

CVE-2026-8487: In Progress Software MOVEit Automation, an incorrect default permissions issue allows retrieval of embedded sensitive data. Affected versions include MOVEit Automation prior to 2025.0.11 and from 2025.1.0 before 2025.1.7. CVSS metrics are provided (base scores of 7.5/6.5 depending ...

7.5CVSS5.8AI score0.0028EPSS
Exploits0References1Affected Software1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: ASoC: amd: acp: Fixed incorrect retrieval of acpchipinfo. Use devgetdrvdatadev-parent instead of devgetplatdatadev to correctly obtain members of acpchipinfo in the acp I2S driver. Previously, some members were not updated proper...

5.5CVSS5.2AI score0.00119EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/12 11:2 a.m.69 views

CVE-2026-45215 WordPress WP EasyPay plugin <= 4.3.0 - Sensitive Data Exposure vulnerability

Insertion of Sensitive Information Into Sent Data vulnerability in Saad Iqbal WP EasyPay wp-easy-pay allows Retrieve Embedded Sensitive Data.This issue affects WP EasyPay: from n/a through = 4.3.0...

5.3CVSS0.00197EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.12 views

PT-2026-40015

Insertion of Sensitive Information Into Sent Data vulnerability in Saad Iqbal WP EasyPay wp-easy-pay allows Retrieve Embedded Sensitive Data.This issue affects WP EasyPay: from n/a through = 4.3.0...

5.3CVSS5.8AI score0.00197EPSS
Exploits0References2
OSV
OSV
added 2026/05/08 10:50 p.m.11 views

GHSA-J59F-X285-69JX free5GC's NEF 3gpp-pfd-management PATCH applications/{appId} panics on UDR access failure due to nil ProblemDetails dereference

Summary free5GC's NEF PATCH /3gpp-pfd-management/v1/afId/transactions/transId/applications/appId handler panics with a nil-pointer dereference when the upstream UDR call fails AND the consumer wrapper returns err != nil together with a nil ProblemDetails. The handler's errPfdData != nil branch...

7.5CVSS5.8AI score0.0039EPSS
Exploits1References6
ATTACKERKB
ATTACKERKB
added 2026/05/07 7:37 a.m.9 views

CVE-2026-25468

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in weDevs Happy Addons for Elementor allows Retrieve Embedded Sensitive Data. This issue affects Happy Addons for Elementor: from n/a through 3.20.8...

5.3CVSS5.8AI score0.00336EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.16 views

PT-2026-38356

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in weDevs Happy Addons for Elementor allows Retrieve Embedded Sensitive Data. This issue affects Happy Addons for Elementor: from n/a through 3.20.8...

5.3CVSS5.8AI score0.00336EPSS
Exploits0References1
NVD
NVD
added 2026/05/04 3:16 p.m.7 views

CVE-2026-6500

Plaintext storage of a password vulnerability in ILM Informatique OpenConcerto allows Retrieve Embedded Sensitive Data. This issue affects OpenConcerto: 1.7.5...

4.8CVSS0.00096EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/04 2:16 p.m.8 views

CVE-2026-6500

Plaintext storage of a password vulnerability in ILM Informatique OpenConcerto allows Retrieve Embedded Sensitive Data. This issue affects OpenConcerto: 1.7.5...

4.8CVSS5.8AI score0.00096EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/05/04 2:16 p.m.19 views

CVE-2026-6500

CVE-2026-6500 concerns a plaintext password storage vulnerability in OpenConcerto 1.7.5 by ILM Informatique. The issue allows retrieval of embedded sensitive data due to unencrypted passwords stored in plaintext. The available connected records confirm affected product/version and the root cause ...

4.8CVSS5.8AI score0.00096EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/03 4:0 a.m.52 views

CVE-2026-7678 YunaiV yudao-cloud GoViewDataServiceImpl.java getDataBySQL sql injection

A vulnerability was identified in YunaiV yudao-cloud up to 2026.01. This affects the function getDataBySQL of the file yudao-module-report-biz/src/main/java/io/github/ruoyi/report/service/impl/GoViewDataServiceImpl.java. Such manipulation leads to sql injection. It is possible to launch the attac...

6.5CVSS0.00196EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/04/30 2:47 p.m.9 views

CVE-2026-42644

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPDeveloper BetterDocs betterdocs allows Retrieve Embedded Sensitive Data.This issue affects BetterDocs: from n/a through = 4.3.10...

5.3CVSS5.2AI score0.00247EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/29 2:48 p.m.6 views

CVE-2026-39686

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in bannersky BSK PDF Manager bsk-pdf-manager allows Retrieve Embedded Sensitive Data.This issue affects BSK PDF Manager: from n/a through = 3.7.2...

5.3CVSS5.2AI score0.00226EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/29 10:40 a.m.6 views

CVE-2026-42644

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPDeveloper BetterDocs betterdocs allows Retrieve Embedded Sensitive Data.This issue affects BetterDocs: from n/a through = 4.3.10...

5.3CVSS5.2AI score0.00247EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/29 10:40 a.m.6 views

EUVD-2026-26215

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPDeveloper BetterDocs betterdocs allows Retrieve Embedded Sensitive Data.This issue affects BetterDocs: from n/a through = 4.3.10...

5.3CVSS5.2AI score0.00247EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/29 12:0 a.m.7 views

PT-2026-35903

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPDeveloper BetterDocs betterdocs allows Retrieve Embedded Sensitive Data.This issue affects BetterDocs: from n/a through = 4.3.10...

5.3CVSS5.2AI score0.00247EPSS
Exploits0References1
NVD
NVD
added 2026/04/27 9:16 a.m.7 views

CVE-2026-42379

Insertion of Sensitive Information Into Sent Data vulnerability in WPDeveloper Templately allows Retrieve Embedded Sensitive Data.This issue affects Templately: from n/a through 3.6.1...

7.7CVSS0.00212EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/27 8:26 a.m.34 views

CVE-2026-42379 WordPress Templately plugin <= 3.6.1 - Sensitive Data Exposure vulnerability

Insertion of Sensitive Information Into Sent Data vulnerability in WPDeveloper Templately allows Retrieve Embedded Sensitive Data.This issue affects Templately: from n/a through 3.6.1...

7.7CVSS0.00212EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/23 8:10 p.m.37 views

CVE-2026-6376 Missing authentication for critical function in SpiceJet Online Booking System

A weakness in SpiceJet’s public booking retrieval page permits full passenger booking details to be accessed using only a PNR and last name, with no authentication or verification mechanisms. This results in exposure of extensive personal, travel, and booking metadata to any unauthenticated user...

8.7CVSS0.00497EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/21 12:0 a.m.9 views

Zeon Academy Pro SQL注入漏洞

Zeon Academy Pro is an online learning and training management platform developed by the Indian company Zeon. Zeon Academy Pro has a SQL injection vulnerability. This vulnerability stems from the parameter “phonenumber” in the file /private/continue-upload.php, which allows attackers to retrieve,...

9.3CVSS5.8AI score0.00238EPSS
Exploits0References1
Rows per page
Query Builder