PT-2026-40280

In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, 8.5. before 8.5.6, due to improper sanitation of user data, it allows an attacker to compose an URL, which will cause the target to execute arbitrary JavaScript code XSS on the target's machine when the target is viewing...

CVE-2024-43384

The CVE-2024-43384 entry concerns Phoenix Contact MGUARD products. Affected component: the devices’ handling/storage/transfer of sensitive data. Root cause: improper removal of sensitive information before storage or transfer, enabling exposure of the root password. Impact: a low-privileged remot...

Windows Recovery Environment Security Feature Bypass Vulnerability

Improper removal of sensitive information before storage or transfer in Windows Recovery Environment Agent allows an unauthorized attacker to bypass a security feature with a physical attack...

Zammad 安全漏洞

Zammad is a ticketing management software developed by the German company Zammad. Versions of Zammad prior to 7.0.1 and 6.5.4 contained security vulnerabilities. These vulnerabilities were due to improper cleaning of data: URI schemes by the HTML cleaner, which could allow the storage of maliciou...

CVE-2026-39937 Global vanishing does not completely remove user email

Improper removal of sensitive information before storage or transfer vulnerability in The Wikimedia Foundation Mediawiki - CentralAuth Extension allows Resource Leak Exposure. The issue has been remediated on the master branch, and in the release branches for MediaWiki versions 1.43, 1.44, and 1....

MediaWiki - CentralAuth Extension 安全漏洞

MediaWiki - CentralAuth Extension is an authentication plugin developed under open source by MediaWiki. The MediaWiki - CentralAuth Extension has a security vulnerability; this vulnerability arises from the improper removal of sensitive information during storage or transmission, which may lead t...

Improper Removal of Sensitive Information Before Storage or Transfer

Overview Affected versions of this package are vulnerable to Improper Removal of Sensitive Information Before Storage or Transfer via /ui/api/query/«queryid» and /v1/query/«queryid» endpoints. An attacker can obtain sensitive credentials by accessing the serialized query JSON after performing wri...

CVE-2026-1182

GitLab CE/EE patched CVE-2026-1182 affecting all versions: 8.14–18.7.6, 18.8–18.8.6, and 18.9–18.9.2. An authenticated user could gain unauthorized access to confidential issue titles in public projects under certain circumstances. The remediation addresses these releases; the advisory does not p...

Apache HertzBeat 安全漏洞

Apache HertzBeat is a tool developed by the Apache company that can monitor various components. Versions of Apache HertzBeat prior to 1.8.0 contained a security vulnerability, which was caused by improper data neutralization of XPath expressions, potentially leading to XPath injection attacks...

CVE-2025-36428

IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in data query logic when the RPSCAN feature is enabled...

CVE-2018-10081

CMS Made Simple CMSMS through 2.2.6 contains an admin password reset vulnerability because data values are improperly compared, as demonstrated by a hash beginning with the "0e" substring...

PT-2025-53092

Name of the Vulnerable Software and Affected Versions Kodezen LLC Academy LMS versions through 3.4.0 Description The software contains a flaw due to improper handling of user-supplied data when creating web pages, leading to a Stored Cross-site Scripting XSS condition. This allows an attacker to...

BIT-FLUX-2022-39272 Flux2 vulnerable to Denial of Service due to Improper use of metav1.Duration

Flux is an open and extensible continuous delivery solution for Kubernetes. Versions prior to 0.35.0 are subject to a Denial of Service. Users that have permissions to change Flux’s objects, either through a Flux source or directly within a cluster, can provide invalid data to fields .spec.interv...

EUVD-2025-198443

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Nelio Software Nelio Popups nelio-popups allows Stored XSS.This issue affects Nelio Popups: from n/a through = 1.3.0...

Sensitive Information Exposure

com.liferay.portal.template.freemarker is vulnerable to Sensitive Information Exposure. The vulnerability is due to improper data handling in Freemarker templates, where sensitive user data is unintentionally included in the template context, allowing an unauthorized actor to access and potential...

Zoom Clients 安全漏洞

Zoom Clients is a video conferencing application from Zoom USA. A security vulnerability exists in Zoom Clients versions prior to 6.5.10, which stems from improper removal of sensitive information and could lead to information disclosure...

Siemens SIMATIC Devices Improper Removal of Sensitive Information Before Storage or Transfer (CVE-2024-26816)

x86, relocs: relocations in .notes section. When building with CONFIGXENPV=y, .text symbols are emitted into the .notes section so that Xen can find the startupxen entry point. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information...

PT-2025-43216

Name of the Vulnerable Software and Affected Versions Rajan Vijayan WP Smart Flexslider versions through 2.5 Description The software contains a flaw related to improper handling of user-supplied data when creating web pages, which can lead to Cross-site Scripting XSS. This allows an attacker to...

EUVD-2014-7123

Malware in sbrugna...

EUVD-2018-17647

Malware in sbrugna...