Edito CMS - Sensitive Data Leak

Web services managed by Edito CMS Content Management System in versions from 3.5 through 3.25 leak sensitive data as they allow downloading configuration files by an unauthorized user. id: CVE-2024-4836 info: name: Edito CMS - Sensitive Data Leak author: s4e-io severity: high description: | Web...

ListingPro < 2.6.1 - Sensitive Data Disclosure

The ListingPro - WordPress Directory & Listing Theme for WordPress is vulnerable to Sensitive Data Exposure in versions before 2.6.1 via the /listingpro-plugin/functions.php file. This makes it possible for unauthenticated attackers to extract sensitive data including usernames, full names, email...

Jms Blog - SQL Injection

The module Jms Blog jmsblog from Joommasters contains a Time Based SQL injection vulnerability. This module is for the PrestaShop e-commerce platform and mainly provided with joommasters PrestaShop themes id: CVE-2023-27034 info: name: Jms Blog - SQL Injection author: MaStErChO severity: critical...

CVE-2026-13022

Inappropriate implementation in Autofill in Google Chrome prior to 149.0.7827.197 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. Chromium security severity: High...

CVE-2026-56302 Capgo - Unsecured Supabase Images Bucket via Missing Row Level Security

Capgo before 12.128.2 contains an unsecured images bucket lacking any row level security controls, allowing unauthenticated attackers to read, insert, and delete stored app icons. Remote attackers can exploit this misconfiguration to delete all icons and leak sensitive app IDs and user IDs...

CVE-2026-54324

CVE-2026-54324 affects Daytona API service (NestJS) used in Daytona’s notification WebSocket gateway. The cross-tenant flaw allowed any authenticated user to join another organization’s realtime channel by binding a client-supplied organization ID to the corresponding room without verifying membe...

Hackers Claim to Leak Stolen Madison Square Garden Data

Plus: Gay bars in San Francisco using face scanners, France quits Palantir, Apple plans to change its private email, and more...

EUVD-2019-20198

Joomla! Component JoomProject 1.1.3.2 contains an information disclosure vulnerability that allows unauthenticated attackers to access sensitive user data by exploiting the projects endpoint. Attackers can send requests to index.php with option=comjpprojects&view=projects&tmpl=component&format=js...

Astra Linux – Vulnerability in WebKit2GTK

A logic issue has been resolved through improved restrictions. This issue is fixed in tvOS 14.6, iOS 14.6, iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, and watchOS 7.5. A malicious application may be able to leak sensitive user information...

Astra Linux – Vulnerability in Chromium

Inappropriate implementation in Animation in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to leak cross-origin data through a crafted HTML page...

Astra Linux – Vulnerability in openimageio

There is an information disclosure vulnerability in the DPXOutput::close function of the OpenImageIO Project, specifically in OpenImageIO v2.4.4.2. A specially crafted ImageOutput object can lead to the leakage of heap data. An attacker can provide malicious input to trigger this vulnerability...

Astra Linux – Vulnerability in Linux 5.10, Linux

Several Linux PV device frontends are vulnerable to attacks by backends that use grant table interfaces to remove access rights from resources. This can lead to potential data leaks, data corruption by malicious backends, and denial of service attacks. The backends that use these interfaces may n...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: x86/tdx: Fixed a data leak in the mmioread function. The mmioread function calls a TDVMCALL to retrieve MMIO data for a given address from the VMM. Sean noticed that mmioread inadvertently exposes the value of an initialized...

Astra Linux – Vulnerability in Chromium

Chromium: CVE-2021-30615 Cross-origin data leak in Navigation...

Astra Linux – Vulnerability in ffmpeg

A buffer overflow vulnerability exists in FFmpeg 4.2 in the movwritevideotag function, due to an out-of-bounds access in the libavformat/movenc.c file. This vulnerability could allow a remote malicious user to obtain sensitive information, cause a Denial of Service, or execute arbitrary code...

EUVD-2026-37898

In Eclipse Theia versions prior to 1.71.0, the AI chat agent processed workspace file and directory names as part of its prompt context without distinguishing them from system instructions. An attacker could craft a malicious repository with adversarial directory or file names that, when analyzed...

EUVD-2026-37841

The Event Koi Lite – Events Calendar, Event Management, RSVP, and Tickets plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.13.1 via the getevents. This makes it possible for unauthenticated attackers to extract sensitive data including...

CVE-2026-11777

Form Maker by 10Web (WordPress) 導插件 Form Maker, versions up to 1.15.43, is vulnerable to a generic SQL Injection via the name parameter due to insufficient escaping and lack of prepared statements. The vulnerability allows an authenticated attacker with administrator-level access to append additi...

SUSE CVE-2026-12469

Uninitialized Use in GPU in Google Chrome on Android prior to 149.0.7827.155 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: High...

PT-2026-50620

Name of the Vulnerable Software and Affected Versions Event Koi Lite – Events Calendar, Event Management, RSVP, and Tickets plugin for WordPress versions prior to 1.3.13.2 Description Sensitive information exposure occurs via the get events function. This allows unauthenticated attackers to extra...