Lucene search
K

18041 matches found

CVE
CVE
added 6 days ago13 views

CVE-2026-59519

CVE-2026-59519 affects the WordPress FormLayer plugin up to version 1.0.6. The issue is described as an insertion of sensitive information into sent data, allowing retrieval of embedded sensitive data. Affected component: FormLayer; root cause and exact exploit vector are not elaborated beyond th...

5.3CVSS5.9AI score0.00201EPSS
Exploits0References1
Cvelist
Cvelist
added 6 days ago28 views

CVE-2026-59519 WordPress FormLayer plugin <= 1.0.6 - Sensitive Data Exposure vulnerability

Insertion of Sensitive Information Into Sent Data vulnerability in Softaculous FormLayer allows Retrieve Embedded Sensitive Data. This issue affects FormLayer: from n/a through 1.0.6...

5.3CVSS0.00201EPSS
Exploits0References1
Patchstack
Patchstack
added 6 days ago6 views

WordPress FormLayer plugin <= 1.0.6 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin FormLayer versions = 1.0.6...

5.3CVSS5.9AI score0.00201EPSS
Exploits0Affected Software1
Cvelist
Cvelist
added 6 days ago27 views

CVE-2026-59511 WordPress Exclusive Addons Elementor plugin <= 2.7.9.9 - Sensitive Data Exposure vulnerability

Insertion of Sensitive Information Into Sent Data vulnerability in Tim Strifler Exclusive Addons Elementor allows Retrieve Embedded Sensitive Data. This issue affects Exclusive Addons Elementor: from n/a through 2.7.9.9...

5.3CVSS0.00201EPSS
Exploits0References1
CVE
CVE
added 6 days ago10 views

CVE-2026-59511

The CVE concerns the WordPress plugin “Exclusive Addons for Elementor” (extends Elementor). A vulnerability described as “Insertion of Sensitive Information Into Sent Data” allows retrieval of embedded sensitive data via the affected feature; it affects Exclusive Addons Elementor versions up to 2...

5.3CVSS5.9AI score0.00201EPSS
Exploits0References1
Patchstack
Patchstack
added 6 days ago5 views

WordPress Exclusive Addons Elementor plugin <= 2.7.9.9 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin Exclusive Addons Elementor versions = 2.7.9.9...

5.3CVSS5.9AI score0.00201EPSS
Exploits0Affected Software1
CVE
CVE
added 6 days ago14 views

CVE-2026-12250

The CVE-2026-12250 entry concerns Pardus Domain Joiner (TUBITAK BILGEM Software Technologies Research Institute). A vulnerability described as an Invocation of process using visible sensitive information could allow Excavation (data exposure). Affected version range: Pardus Domain Joiner 0.5.2 pr...

7.9CVSS5.9AI score0.00106EPSS
Exploits0References1
Cvelist
Cvelist
added 6 days ago30 views

CVE-2026-12250 Sensitive Data Exposure in TUBITAK BILGEM's Pardus Domain Joiner

Invocation of process using visible sensitive information vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus Domain Joiner allows Excavation. This issue affects Pardus Domain Joiner: from 0.5.2 before 0.5.4...

7.9CVSS0.00106EPSS
Exploits0References1
CVE
CVE
added 6 days ago23 views

CVE-2026-59509

CVE-2026-59509 affects cve-search: unauthenticated improper input validation in POST /fetch_cve_data lets an attacker manipulate MongoDB query parameters (collection, projected fields, regex filters) to read arbitrary application MongoDB collections, including mgmt_users (administrative usernames...

9.2CVSS6.2AI score0.00349EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 6 days ago11 views

PT-2026-55801

Name of the Vulnerable Software and Affected Versions Pardus Domain Joiner versions 0.5.2 through 0.5.3 Description A flaw in the software allows the invocation of a process using visible sensitive information, which can lead to excavation of data. Recommendations Update Pardus Domain Joiner to...

7.9CVSS5.9AI score0.00106EPSS
Exploits0References6
NVD
NVD
added last week9 views

CVE-2025-13475

In multi-tenanted deployments, the application consent management mechanism fails to correctly isolate consent scopes between tenants. Consent granted by a user for a specific SaaS application within one tenant can be incorrectly applied to SaaS applications with the same name in other tenants,...

7.3CVSS0.00158EPSS
Exploits0References1
EUVD
EUVD
added last week7 views

EUVD-2025-210427

In multi-tenanted deployments, the application consent management mechanism fails to correctly isolate consent scopes between tenants. Consent granted by a user for a specific SaaS application within one tenant can be incorrectly applied to SaaS applications with the same name in other tenants,...

3.5CVSS5.9AI score0.00158EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added last week8 views

CVE-2025-13475

In multi-tenanted deployments, the application consent management mechanism fails to correctly isolate consent scopes between tenants. Consent granted by a user for a specific SaaS application within one tenant can be incorrectly applied to SaaS applications with the same name in other tenants,...

3.5CVSS5.9AI score0.00158EPSS
Exploits0References2Affected Software2
Cvelist
Cvelist
added last week40 views

CVE-2025-13475 Cross-Tenant Access via Application Consent Mismanagement in Multiple WSO2 Products Allows Unauthorized Data Exposure

In multi-tenanted deployments, the application consent management mechanism fails to correctly isolate consent scopes between tenants. Consent granted by a user for a specific SaaS application within one tenant can be incorrectly applied to SaaS applications with the same name in other tenants,...

3.5CVSS0.00158EPSS
Exploits0References1
NVD
NVD
added last week7 views

CVE-2026-14621

A vulnerability has been found in FederatedAI FATE up to 2.2.0. This affects the function QueuePushReqStreamObserver.initEggroll of the file java/osx/osx-broker/src/main/java/org/fedai/osx/broker/grpc/QueuePushReqStreamObserver.java of the component OSX Broker. Such manipulation of the argument...

3.1CVSS0.00299EPSS
Exploits0References7
EUVD
EUVD
added last week9 views

EUVD-2026-41660

A vulnerability has been found in FederatedAI FATE up to 2.2.0. This affects the function QueuePushReqStreamObserver.initEggroll of the file java/osx/osx-broker/src/main/java/org/fedai/osx/broker/grpc/QueuePushReqStreamObserver.java of the component OSX Broker. Such manipulation of the argument...

3.1CVSS5.1AI score0.00299EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/07/04 12:0 a.m.10 views

PT-2026-55701

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description In multi-tenanted deployments, the application consent management mechanism fails to correctly isolate consent scopes between tenants. This occurs when consent...

3.5CVSS5.9AI score0.00158EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/07/03 8:35 p.m.5 views

CVE-2026-56646

Exposure of sensitive information to an unauthorized actor in Microsoft Edge Chromium-based allows an unauthorized attacker to perform spoofing over a network...

6.5CVSS5.9AI score0.00651EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/03 8:19 p.m.4 views

CVE-2026-24451

Gitea 1.26.2 allows fork synchronization to continue after a parent repository changes from public to private, exposing data to a fork that should no longer be authorized...

5.9AI score0.00482EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2026/07/03 8:19 p.m.19 views

CVE-2026-24451

Gitea 1.26.2 has an information exposure vulnerability where fork synchronization continues after the parent repo switches from public to private, allowing a fork to access data it should not be authorized to see. Connected sources identify this as affecting Gitea components through the fork sync...

7.5CVSS7.2AI score0.00482EPSS
Exploits0References4
Rows per page
Query Builder