Lucene search
+L

12129 matches found

CVE
CVE
added 6 hours ago8 views

CVE-2026-13765

The CVE-2026-13765 entry concerns the LearnPress WordPress LMS Plugin (versions up to 4.4.1). The connected document indicates a root cause of Inadequate access control in REST endpoints, specifically /lp/v1/users/check-answer and /start-quiz, leading to unauthenticated Sensitive Information Expo...

7.5CVSS6AI score
Exploits0References14
EUVD
EUVD
added 6 hours ago6 views

EUVD-2026-45132

The pCloud WP Backup plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.0.3 via the wp2pclajaxprocessrequestinner. This makes it possible for authenticated attackers, with subscriber-level access and above, to extract force generation of a...

6.5CVSS6.1AI score
Exploits0References7
EUVD
EUVD
added yesterday5 views

EUVD-2026-44924

HCL DFXAnalytics is affected by an Internal File Path Disclosure vulnerability. The application dashboard inadvertently leaks sensitive information regarding its internal file structure and directory paths through unhandled error messages, system logs, or debugging output, which could allow a...

5.3CVSS6.1AI score
Exploits0References1
Nuclei
Nuclei
added yesterday77 views

TerraMaster TOS < 4.2.30 Server Information Disclosure

TerraMaster NAS devices running TOS prior to version 4.2.30 are vulnerable to information disclosure. id: CVE-2022-24990 info: name: TerraMaster TOS 4.2.30 Server Information Disclosure author: dwisiswant0 severity: high description: TerraMaster NAS devices running TOS prior to version 4.2.30 are...

9.8CVSS7.1AI score0.8405EPSS
Exploits9References5
Nuclei
Nuclei
added yesterday43 views

WordPress Varnish/Nginx Proxy Caching <= 1.8.3 - Information Exposure

Razvan Stanga Varnish/Nginx Proxy Caching = 1.8.3 contains an insertion of sensitive information into sent data vulnerability caused by improper handling of embedded sensitive data, letting attackers retrieve sensitive information, exploit requires crafted requests. id: CVE-2025-62126 info: name:...

5.3CVSS6.1AI score0.00659EPSS
Exploits0References3
Nuclei
Nuclei
added yesterday33 views

Trinity Audio <= 5.21.0 - Information Exposure

The Trinity Audio Text to Speech AI audio player to convert content into audio plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.21.0 via the /admin/inc/phpinfo.php file that gets created on install. This makes it possible for...

5.3CVSS6.1AI score0.00937EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday57 views

WAVLINK WN530H4 M30H4.V5030.190403 - Information Disclosure

WAVLINK WN530H4 M30H4.V5030.190403 contains an information disclosure vulnerability in the /cgi-bin/ExportAllSettings.sh endpoint. This can allow an attacker to leak router settings, including cleartext login details, DNS settings, and other sensitive information without authentication. id:...

7.5CVSS7AI score0.07401EPSS
Exploits0References5
Nuclei
Nuclei
added yesterday12 views

WordPress File Manager <= 7.2.1 - Directory Traversal

File Manager and File Manager Pro plugins for WordPress versions up to 7.2.1 and 8.3.4 contain a directory traversal caused by the 'target' parameter in mkfilefoldermanageractioncallbackshortcode, letting attackers read arbitrary files and upload files outside designated directories, exploit...

9.9CVSS7.1AI score0.06009EPSS
Exploits0References2
Nuclei
Nuclei
added yesterday102 views

Label Studio - Sensitive Information Exposure

An attacker can construct a filter chain to filter tasks based on sensitive fields for all user accounts on the platform by exploiting Django's Object Relational Mapper ORM. Since the results of query can be manipulated by the ORM filter, an attacker can leak these sensitive fields character by...

7.5CVSS6.7AI score0.04055EPSS
Exploits3References3
Nuclei
Nuclei
added yesterday59 views

Contest Gallery - Broken Access Control

Contest Gallery from n/a through 23.1.2 contains an exposure of sensitive information to an unauthorized actor caused by insufficient access controls, letting attackers access sensitive data, exploit requires no specific conditions. id: CVE-2024-43283 info: name: Contest Gallery - Broken Access...

7.5CVSS6.1AI score0.01104EPSS
Exploits0References2
Nuclei
Nuclei
added yesterday68 views

TCExam <= 14.8.1 - Sensitive Information Exposure

When installed following the default/recommended settings, TCExam = 14.8.1 allowed unauthenticated users to access the /cache/backup/ directory, which includes sensitive database backup files. id: CVE-2021-20114 info: name: TCExam = 14.8.1 - Sensitive Information Exposure author: push4d severity:...

7.5CVSS7AI score0.05973EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday246 views

Avada < 7.11.7 - Information Disclosure

The Avada theme for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.11.6 via the '/wp-content/uploads/fusion-forms/' directory. This makes it possible for unauthenticated attackers to extract sensitive data uploaded via an Avada created form with ...

5.3CVSS7AI score0.27997EPSS
Exploits1References4
Nuclei
Nuclei
added yesterday37 views

PrestaShop < 1.7.6.6 - Information Exposure via Upload Directory

PrestaShop versions after 1.5.0.0 and before 1.7.6.6 are vulnerable to information exposure through directory listing in the upload directory due to a missing index.php file. id: CVE-2020-15081 info: name: PrestaShop 1.7.6.6 - Information Exposure via Upload Directory author: 0xAkoko severity: lo...

5.3CVSS6.2AI score0.01648EPSS
Exploits0References3
Nuclei
Nuclei
added yesterday50 views

Jira - Local File Inclusion

Jira before version 7.13.4, from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1, allows remote attackers to access files in the Jira webroot under the META-INF directory via local file inclusion. id: CVE-2019-8442 info: name: Jira - Local File Inclusion author:...

7.5CVSS7AI score0.59832EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday98 views

Express-handlebars - Local File Inclusion

Express-handlebars is susceptible to local file inclusion because it mixes pure template data with engine configuration options through the Express render API. More specifically, the layout parameter may trigger file disclosure vulnerabilities in downstream applications. This potential...

8.6CVSS7AI score0.17988EPSS
Exploits1
Nuclei
Nuclei
added yesterday22 views

Post Grid <= 2.2.50 - Information Exposure via REST API

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in PickPlugins Post Grid Combo – 36+ Gutenberg Blocks.This issue affects Post Grid Combo – 36+ Gutenberg Blocks: from n/a through 2.2.50. id: CVE-2023-40211 info: name: Post Grid = 2.2.50 - Information Exposure via REST API...

7.5CVSS7AI score0.02041EPSS
Exploits0References3
Nuclei
Nuclei
added yesterday15 views

Vite Dev Server - Information Exposure

Vite dev server could allow reading files from the Vite project root by bypassing server.fs.deny with double forward-slash paths //. This affects exposed dev servers only. id: CVE-2023-34092 info: name: Vite Dev Server - Information Exposure author: ritikchaddha severity: high description: | Vite...

7.5CVSS7AI score0.03152EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday27 views

WAVLINK Quantum D4G (WL-WN531G3) - Information Disclosure

WAVLINK Quantum D4G WL-WN531G3 running firmware versions M31G3.V5030.201204 and M31G3.V5030.200325 has an access control issue which allows unauthenticated attackers to download configuration data and log files. id: CVE-2022-44356 info: name: WAVLINK Quantum D4G WL-WN531G3 - Information Disclosur...

7.5CVSS7AI score0.02756EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday13 views

Lokomedia CMS - Local File Inclusion

A Local File Inclusion LFI vulnerability exists in Lokomedia CMS. The application allows an attacker to include files on the server that should not be accessible, potentially exposing sensitive information. id: CVE-2010-2018 info: name: Lokomedia CMS - Local File Inclusion author: r3Y3r53 severit...

5CVSS6.1AI score0.03258EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday104 views

FXServer < v9601 - Information Exposure

Incorrect Access Control in FXServer version's v9601 and prior, for CFX.re FiveM, allows unauthenticated users to modify and read userdata via exposed api endpoint. id: CVE-2024-46310 info: name: FXServer v9601 - Information Exposure author: s4e-io severity: medium description: | Incorrect Access...

9.1CVSS6.2AI score0.02434EPSS
Exploits3References3
Rows per page
Query Builder