Lucene search
K

259 matches found

Nuclei
Nuclei
added 12 hours ago25 views

SEH utnserver Pro/ProMAX/INU-100 20.1.22 - File Exposure

A vulnerability was identified in utnserver Pro, utnserver ProMAX, and INU-100 version 20.1.22 and earlier, impacting the file handling functions. This flaw results in authenticated file disclosure, granting unauthorized access to sensitive files and directories. Although authentication is...

8.7CVSS5.9AI score0.03692EPSS
Exploits1References3
Cvelist
Cvelist
added 2 days ago33 views

CVE-2026-12113 Appointment Booking Calendar <= 1.4.02 - Missing Authorization to Authenticated (Contributor+) Sensitive Information Disclosure

The Appointment Booking Calendar plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.02 via the cpabcappointmentsfilterlist. This makes it possible for authenticated attackers, with contributor-level access and above, to extract customer...

4.3CVSS0.00228EPSS
Exploits0References8
CVE
CVE
added 4 days ago10 views

CVE-2025-7386

The CVE-2025-7386 entry describes an information exposure vulnerability in Hitachi Storage Navigator affecting Hitachi Virtual Storage Platform models including 5100/5200/5500/5600 and their H variants (5100H/5200H/5500H/5600H), VX8, as well as G1000/G1500/F1500/VX7 families. The affected softwar...

6.8CVSS5.8AI score0.00227EPSS
Exploits0References1
OSV
OSV
added 2026/06/25 6:43 p.m.4 views

GO-2026-5235 Argo vulnerable to exposure of artifact repository credentials in github.com/argoproj/argo-workflows

Argo vulnerable to exposure of artifact repository credentials in github.com/argoproj/argo-workflows...

8.5CVSS5.8AI score0.00357EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2026/06/25 3:22 p.m.8 views

CVE-2026-48943 Joomla Extension - getk2.org - Authenticated user property mass-assignment in K2 extension for Joomla < 2.26

K2 ≤ 2.24 contains a mass-assignment defect in the K2 system user plugin plguserk2. A Registered Joomla user, by including the field K2UserForm=1 in a standard comusers profile.save POST, can write arbitrary values into the notes, image, and plugins columns of their own row in the k2users table —...

5.9AI score0.00182EPSS
Exploits0References1
CVE
CVE
added 2026/06/15 8:18 p.m.14 views

CVE-2026-40796

CVE-2026-40796 affects WordPress WPPizza plugin versions

6.5CVSS5.2AI score0.00345EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/15 8:18 p.m.6 views

EUVD-2026-36806

Subscriber Sensitive Data Exposure in WPPizza = 3.19.9 versions...

6.5CVSS5.2AI score0.00345EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.19 views

PT-2026-46181

Name of the Vulnerable Software and Affected Versions WP eMember versions prior to 10.2.3 Description An issue in the software allows the retrieval of embedded sensitive system information by an unauthorized control sphere. Recommendations Update to a version later than 10.2.2...

5.3CVSS5.5AI score0.00192EPSS
Exploits0References5
NVD
NVD
added 2026/05/20 6:16 p.m.18 views

CVE-2026-20239

In Splunk Enterprise versions below 10.2.2 and 10.0.5, and Splunk Cloud Platform versions below 10.3.2512.8, 10.2.2510.11, 10.1.2507.21, and 10.0.2503.13, a user with a role that has access to the internal index could view session cookies and response bodies that contain sensitive data...

7.5CVSS0.00485EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/12 9:2 p.m.35 views

CVE-2026-26289 Subnet Solutions PowerSYSTEM Center Incorrect Authorization

PowerSYSTEM Center REST API endpoint for device account export allows an authenticated user with limited permissions to expose sensitive information normally restricted to administrative permissions only...

8.4CVSS0.00135EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/12 3:17 p.m.9 views

CVE-2026-42498 Apache Tomcat: WebSocket authentication header exposure

Exposure of HTTP Authentication Header to unexpected hosts during WebSocket authentication vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.2 through 9.0.117, from 8.5.24 through 8.5.100, from 7.0.83 through...

5.8AI score0.00548EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/08 1:12 p.m.33 views

CVE-2026-7864 Exposure of Sensitive Information to an Unauthorized Actor

SEPPmail Secure Email Gateway before version 15.0.4 exposes server environment variables through an unauthenticated endpoint in the new GINA UI, allowing remote attackers to obtain sensitive system information...

6.9CVSS0.17015EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/06 11:49 p.m.11 views

Lemmy resend-verification endpoint exposes registered email addresses to unauthenticated users

Summary The unauthenticated resend-verification endpoint returns different responses for registered and unregistered email addresses. A malicious third party can submit candidate addresses to /api/v4/account/auth/resendverificationemail and distinguish accounts from misses. Details...

5.8AI score
Exploits0References3Affected Software1
OSV
OSV
added 2026/05/06 12:30 p.m.6 views

GHSA-JVV4-8WXX-M5R6 Apache Wicket has an Exposure of Sensitive Information to an Unauthorized Actor vulnerability

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Wicket. This issue affects Apache Wicket: from 8.0.0 through 8.17.0, from 9.0.0 through 9.22.0, from 10.0.0 through 10.8.0. Users are recommended to upgrade to version 10.9.0, which fixes the issue...

7.5CVSS5.8AI score0.00394EPSS
Exploits0References4
GithubExploit
GithubExploit
added 2026/05/02 7:37 p.m.115 views

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Openbsd Openssh

No d...

5.9CVSS6.7AI score0.88944EPSS
Exploits12
Snyk
Snyk
added 2026/04/28 10:28 p.m.6 views

Use of Cache Containing Sensitive Information

Overview Affected versions of this package are vulnerable to Use of Cache Containing Sensitive Information due to the default KeyGenerator process in the cache middleware not including query parameters when generating cache keys. An attacker can access or cause exposure of user-specific or...

6.9CVSS5.8AI score0.00251EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/04/14 12:0 a.m.5 views

PT-2026-32663

A cleartext transmission of sensitive information vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.3, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.2, FortiSOAR on-premise 7.5.0 through 7.5.1,...

5.7CVSS5.8AI score0.00148EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/09 2:23 p.m.4 views

CVE-2026-4113

An observable response discrepancy vulnerability in the SonicWall SMA1000 series appliances allows a remote attacker to enumerate SSL VPN user credentials...

5.8AI score0.00363EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/08 9:31 a.m.4 views

EUVD-2026-20178

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in POSIMYTH Nexter Blocks the-plus-addons-for-block-editor allows Retrieve Embedded Sensitive Data.This issue affects Nexter Blocks: from n/a through = 4.7.0...

5.9AI score0.0024EPSS
Exploits0References2
NVD
NVD
added 2026/04/08 9:16 a.m.3 views

CVE-2026-39564

Insertion of Sensitive Information Into Sent Data vulnerability in sunshinephotocart Sunshine Photo Cart sunshine-photo-cart allows Retrieve Embedded Sensitive Data.This issue affects Sunshine Photo Cart: from n/a through 3.6.2...

5.3CVSS0.0024EPSS
Exploits0References1
Rows per page
Query Builder