18041 matches found
CVE-2026-59519
CVE-2026-59519 affects the WordPress FormLayer plugin up to version 1.0.6. The issue is described as an insertion of sensitive information into sent data, allowing retrieval of embedded sensitive data. Affected component: FormLayer; root cause and exact exploit vector are not elaborated beyond th...
CVE-2026-59519 WordPress FormLayer plugin <= 1.0.6 - Sensitive Data Exposure vulnerability
Insertion of Sensitive Information Into Sent Data vulnerability in Softaculous FormLayer allows Retrieve Embedded Sensitive Data. This issue affects FormLayer: from n/a through 1.0.6...
WordPress FormLayer plugin <= 1.0.6 - Sensitive Data Exposure vulnerability
Sensitive Data Exposure vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin FormLayer versions = 1.0.6...
CVE-2026-59511 WordPress Exclusive Addons Elementor plugin <= 2.7.9.9 - Sensitive Data Exposure vulnerability
Insertion of Sensitive Information Into Sent Data vulnerability in Tim Strifler Exclusive Addons Elementor allows Retrieve Embedded Sensitive Data. This issue affects Exclusive Addons Elementor: from n/a through 2.7.9.9...
CVE-2026-59511
The CVE concerns the WordPress plugin “Exclusive Addons for Elementor” (extends Elementor). A vulnerability described as “Insertion of Sensitive Information Into Sent Data” allows retrieval of embedded sensitive data via the affected feature; it affects Exclusive Addons Elementor versions up to 2...
WordPress Exclusive Addons Elementor plugin <= 2.7.9.9 - Sensitive Data Exposure vulnerability
Sensitive Data Exposure vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin Exclusive Addons Elementor versions = 2.7.9.9...
CVE-2026-12250
The CVE-2026-12250 entry concerns Pardus Domain Joiner (TUBITAK BILGEM Software Technologies Research Institute). A vulnerability described as an Invocation of process using visible sensitive information could allow Excavation (data exposure). Affected version range: Pardus Domain Joiner 0.5.2 pr...
CVE-2026-12250 Sensitive Data Exposure in TUBITAK BILGEM's Pardus Domain Joiner
Invocation of process using visible sensitive information vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus Domain Joiner allows Excavation. This issue affects Pardus Domain Joiner: from 0.5.2 before 0.5.4...
CVE-2026-59509
CVE-2026-59509 affects cve-search: unauthenticated improper input validation in POST /fetch_cve_data lets an attacker manipulate MongoDB query parameters (collection, projected fields, regex filters) to read arbitrary application MongoDB collections, including mgmt_users (administrative usernames...
PT-2026-55801
Name of the Vulnerable Software and Affected Versions Pardus Domain Joiner versions 0.5.2 through 0.5.3 Description A flaw in the software allows the invocation of a process using visible sensitive information, which can lead to excavation of data. Recommendations Update Pardus Domain Joiner to...
CVE-2025-13475
In multi-tenanted deployments, the application consent management mechanism fails to correctly isolate consent scopes between tenants. Consent granted by a user for a specific SaaS application within one tenant can be incorrectly applied to SaaS applications with the same name in other tenants,...
EUVD-2025-210427
In multi-tenanted deployments, the application consent management mechanism fails to correctly isolate consent scopes between tenants. Consent granted by a user for a specific SaaS application within one tenant can be incorrectly applied to SaaS applications with the same name in other tenants,...
CVE-2025-13475
In multi-tenanted deployments, the application consent management mechanism fails to correctly isolate consent scopes between tenants. Consent granted by a user for a specific SaaS application within one tenant can be incorrectly applied to SaaS applications with the same name in other tenants,...
CVE-2025-13475 Cross-Tenant Access via Application Consent Mismanagement in Multiple WSO2 Products Allows Unauthorized Data Exposure
In multi-tenanted deployments, the application consent management mechanism fails to correctly isolate consent scopes between tenants. Consent granted by a user for a specific SaaS application within one tenant can be incorrectly applied to SaaS applications with the same name in other tenants,...
CVE-2026-14621
A vulnerability has been found in FederatedAI FATE up to 2.2.0. This affects the function QueuePushReqStreamObserver.initEggroll of the file java/osx/osx-broker/src/main/java/org/fedai/osx/broker/grpc/QueuePushReqStreamObserver.java of the component OSX Broker. Such manipulation of the argument...
EUVD-2026-41660
A vulnerability has been found in FederatedAI FATE up to 2.2.0. This affects the function QueuePushReqStreamObserver.initEggroll of the file java/osx/osx-broker/src/main/java/org/fedai/osx/broker/grpc/QueuePushReqStreamObserver.java of the component OSX Broker. Such manipulation of the argument...
PT-2026-55701
Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description In multi-tenanted deployments, the application consent management mechanism fails to correctly isolate consent scopes between tenants. This occurs when consent...
CVE-2026-56646
Exposure of sensitive information to an unauthorized actor in Microsoft Edge Chromium-based allows an unauthorized attacker to perform spoofing over a network...
CVE-2026-24451
Gitea 1.26.2 allows fork synchronization to continue after a parent repository changes from public to private, exposing data to a fork that should no longer be authorized...
CVE-2026-24451
Gitea 1.26.2 has an information exposure vulnerability where fork synchronization continues after the parent repo switches from public to private, allowing a fork to access data it should not be authorized to see. Connected sources identify this as affecting Gitea components through the fork sync...