CVE-2026-4117

The CalJ plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.5. This is due to a missing capability check in the CalJSettingsPage class constructor, which processes the 'save-obtained-key' operation directly from POST data without verifying that the...

CVE-2026-2515 Hostinger Reach <= 1.3.8 - Missing Authorization to Authenticated (Subscriber+) Integration API Key Update

The Hostinger Reach – AI-Powered Email Marketing for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'handleajaxaction' function in all versions up to, and including, 1.3.8. This makes it possible for authenticated...

CVE-2026-4117

The CalJ plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.5. This is due to a missing capability check in the CalJSettingsPage class constructor, which processes the 'save-obtained-key' operation directly from POST data without verifying that the...

CVE-2026-20138

In Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.7, 9.3.9, and 9.2.11, a user of a Splunk Search Head Cluster SHC deployment who holds a role with access to the Splunk internal index could view the integrationKey, secretKey, and appSecretKey secrets, generated by Duo Two-Factor...

CVE-2026-20138

In Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.7, 9.3.9, and 9.2.11, a user of a Splunk Search Head Cluster SHC deployment who holds a role with access to the Splunk internal index could view the integrationKey, secretKey, and appSecretKey secrets, generated by Duo Two-Factor...

CVE-2026-20138 Sensitive Information Disclosure in "_internal" index in Splunk Enterprise

In Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.7, 9.3.9, and 9.2.11, a user of a Splunk Search Head Cluster SHC deployment who holds a role with access to the Splunk internal index could view the integrationKey, secretKey, and appSecretKey secrets, generated by Duo Two-Factor...

PT-2026-20469

Name of the Vulnerable Software and Affected Versions Splunk Enterprise versions prior to 10.2.0 Splunk Enterprise versions prior to 10.0.2 Splunk Enterprise versions prior to 9.4.7 Splunk Enterprise versions prior to 9.3.9 Splunk Enterprise versions prior to 9.2.11 Description A user with access...

CVE-2023-0483

An issue has been discovered in GitLab affecting all versions starting from 12.1 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. It was possible for a project maintainer to extract a Datadog integration API key by modifying the site...

PT-2024-38317 · WordPress · Forminator

Name of the Vulnerable Software and Affected Versions: Forminator plugin for WordPress versions up to, and including, 1.29.1 Description: The issue allows unauthenticated attackers to extract the HubSpot integration developer API key, making unauthorized changes to the plugin's HubSpot integratio...

PT-2023-2220 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions 12.1 through 15.7.8 GitLab versions 15.8 through 15.8.4 GitLab versions 15.9 through 15.9.2 Description: An issue has been discovered in GitLab that allows a project maintainer to extract a Datadog integration API key by...