Lucene search
K

68 matches found

NVD
NVD
added 18 hours ago4 views

CVE-2026-13230

An information disclosure vulnerability was identified in TP-Link Kasa EC70 v4 and EC71 v4 in the local discovery mechanism, which exposes sensitive geolocation information without requiring authentication. This issue allows an attacker on the same local network to retrieve geolocation-related da...

5.3CVSS
Exploits0References5
Cvelist
Cvelist
added 19 hours ago10 views

CVE-2026-13230 Information Disclosure Vulnerability in Local Discovery Response in TP-Link Kasa EC70 and EC71

An information disclosure vulnerability was identified in TP-Link Kasa EC70 v4 and EC71 v4 in the local discovery mechanism, which exposes sensitive geolocation information without requiring authentication. This issue allows an attacker on the same local network to retrieve geolocation-related da...

5.3CVSS
Exploits0References5
CVE
CVE
added 19 hours ago12 views

CVE-2026-13230

The CVE-2026-13230 entry concerns TP-Link Kasa EC70 v4 and EC71 v4. The issue lies in the local discovery mechanism, where geolocation-related data can be retrieved without authentication. Affects confidentiality only; no evidence of integrity or availability impact is reported. Exploitation cont...

5.3CVSS6.1AI score
Exploits0References5
EUVD
EUVD
added 19 hours ago7 views

EUVD-2026-44577

An information disclosure vulnerability was identified in TP-Link Kasa EC70 v4 and EC71 v4 in the local discovery mechanism, which exposes sensitive geolocation information without requiring authentication. This issue allows an attacker on the same local network to retrieve geolocation-related da...

5.3CVSS6.1AI score
Exploits0References5
NVD
NVD
added 5 days ago8 views

CVE-2026-15291

The Chat Help – Click to Chat Button & Form plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.1.3 via the REST API endpoints /wp-json/chat-help/v1/leads and /wp-json/chat-help/v1/leads/id. This is due to the plugin not performing any...

7.5CVSS0.0047EPSS
Exploits0References6
EUVD
EUVD
added 5 days ago7 views

EUVD-2026-42800

The Chat Help – Click to Chat Button & Form plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.1.3 via the REST API endpoints /wp-json/chat-help/v1/leads and /wp-json/chat-help/v1/leads/id. This is due to the plugin not performing any...

7.5CVSS5.9AI score0.0047EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 5 days ago6 views

CVE-2026-15291

The Chat Help – Click to Chat Button & Form plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.1.3 via the REST API endpoints /wp-json/chat-help/v1/leads and /wp-json/chat-help/v1/leads/id. This is due to the plugin not performing any...

7.5CVSS5.9AI score0.0047EPSS
Exploits0References7
CVE
CVE
added 5 days ago8 views

CVE-2026-15291

The CVE-2026-15291 entry concerns the WordPress plugin Chat Help – Click to Chat Button & Form, vulnerable in all versions up to and including 3.1.3 due to missing authentication/authorization on REST endpoints /wp-json/chat-help/v1/leads and /wp-json/chat-help/v1/leads/{id}. Unauthenticated atta...

7.5CVSS5.9AI score0.0047EPSS
Exploits0References6
NVD
NVD
added 2026/07/08 2:17 p.m.8 views

CVE-2026-56298

Capgo before 12.128.2 fails to strip EXIF metadata from images uploaded via the app information endpoint, exposing sensitive geolocation data. Attackers can upload images containing EXIF metadata to extract geographic location information and other embedded metadata from uploaded files...

5.3CVSS0.00187EPSS
Exploits0References2
CVE
CVE
added 2026/07/08 1:49 p.m.10 views

CVE-2026-56298

Capgo CVE-2026-56298 affects Capgo prior to 12.128.2, where the app information image upload endpoint does not strip EXIF metadata, exposing geolocation and embedded metadata. Root cause: failure to strip EXIF during upload. Impact: potential leakage of geographic location data. Remediation: upgr...

5.3CVSS5.9AI score0.00187EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/07/08 1:49 p.m.31 views

CVE-2026-56298 Capgo - EXIF Metadata Exposure in App Information Image Upload

Capgo before 12.128.2 fails to strip EXIF metadata from images uploaded via the app information endpoint, exposing sensitive geolocation data. Attackers can upload images containing EXIF metadata to extract geographic location information and other embedded metadata from uploaded files...

5.3CVSS0.00187EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/08 1:49 p.m.5 views

EUVD-2026-42256

Capgo before 12.128.2 fails to strip EXIF metadata from images uploaded via the app information endpoint, exposing sensitive geolocation data. Attackers can upload images containing EXIF metadata to extract geographic location information and other embedded metadata from uploaded files...

5.3CVSS5.9AI score0.00187EPSS
Exploits0References2
OSV
OSV
added 2026/07/08 1:49 p.m.4 views

CVE-2026-56298 Capgo - EXIF Metadata Exposure in App Information Image Upload

Capgo before 12.128.2 fails to strip EXIF metadata from images uploaded via the app information endpoint, exposing sensitive geolocation data. Attackers can upload images containing EXIF metadata to extract geographic location information and other embedded metadata from uploaded files...

5.3CVSS6.1AI score0.00187EPSS
Exploits0References4
NVD
NVD
added 2026/06/20 4:17 p.m.12 views

CVE-2026-56218

Capgo before 12.128.2 fails to strip EXIF metadata including GPS geolocation data from uploaded images, allowing information disclosure. Attackers can download uploaded images and extract precise latitude and longitude coordinates revealing user physical location at capture time...

6.9CVSS0.00205EPSS
Exploits0References2
CVE
CVE
added 2026/06/20 3:24 p.m.24 views

CVE-2026-56218

Capgo prior to 12.128.2 does not strip EXIF metadata (including GPS coordinates) from uploaded images, enabling disclosure of users’ precise location. Attackers can download images and extract coordinates at capture time. Remediation: upgrade Capgo to version 12.128.2 or later.

6.9CVSS5.8AI score0.00205EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/20 3:24 p.m.10 views

EUVD-2026-38114

Capgo before 12.128.2 fails to strip EXIF metadata including GPS geolocation data from uploaded images, allowing information disclosure. Attackers can download uploaded images and extract precise latitude and longitude coordinates revealing user physical location at capture time...

6.9CVSS5.8AI score0.00205EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/20 12:0 a.m.15 views

PT-2026-51146

Name of the Vulnerable Software and Affected Versions Capgo versions prior to 12.128.2 Description The software fails to strip EXIF metadata, which includes GPS geolocation data, from uploaded images. This leads to information disclosure, as attackers can download these images and extract precise...

6.9CVSS5.8AI score0.00205EPSS
Exploits0References8
Malwarebytes
Malwarebytes
added 2026/05/19 3:56 p.m.14 views

Biometrics, diagnoses, and bank details exposed in major healthcare breach

NYC Health + Hospitals NYC H+H posted a data breach notice about a months‑long breach via a third‑party vendor that exposed highly sensitive patient and employee data for at least 1.8 million people, including medical records, government IDs, geolocation data, and even fingerprint and palm‑print...

5.7AI score
Exploits0
Vulnrichment
Vulnrichment
added 2026/05/18 9:51 p.m.9 views

CVE-2026-27892 FacturaScripts: Unstripped Image Metadata (EXIF) Leakage via Library Module File Upload/Download

FacturaScripts is an open source accounting and invoicing software. In versions prior to 2026, the Library module stores and serves uploaded images byte-for-byte, without stripping EXIF/XMP/IPTC metadata. Any authenticated user who downloaded an image could extract the uploader's embedded metadat...

6.5CVSS5.7AI score0.00227EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.18 views

PT-2026-38611

Name of the Vulnerable Software and Affected Versions FacturaScripts versions prior to 2026 Description A sensitive information disclosure issue exists in the Library module of FacturaScripts. The application stores and serves uploaded images byte-for-byte without stripping EXIF, XMP, or IPTC...

6.5CVSS5.8AI score0.00227EPSS
Exploits0References7
Rows per page
Query Builder