WordPress Magic Export & Import plugin < 1.2.0 - Unauthenticated PII Disclosure vulnerability

Unauthenticated PII Disclosure vulnerability discovered by Hoang Phuong in WordPress Plugin Magic Export & Import versions 1.2.0...

CVE-2026-5335

The CVE-2026-5335 affects the Magic Export & Import WordPress plugin (versions before 1.2.0). The root cause is that exported CSV files are stored at a publicly accessible location, enabling unauthenticated disclosure of sensitive user information. Affected component is the export/import facility...

CVE-2026-4106 HT Mega < 3.0.7 – Unauthenticated PII Disclosure

The HT Mega Addons for Elementor WordPress plugin before 3.0.7 contains an unauthenticated AJAX action returning some PII such as full name, city, state and country of customers who placed orders in the last 7 days...

CVE-2025-12770 New User Approve <= 3.0.9 - Unauthenticated Sensitive Information Disclosure via Type Juggling

The New User Approve plugin for WordPress is vulnerable to unauthorized data disclosure in all versions up to, and including, 3.0.9 due to insufficient API key validation using loose equality comparison. This makes it possible for unauthenticated attackers to retrieve personally identifiable...

EUVD-2016-7024

Malware in sbrugna...

CVE-2025-43008 Missing Authorization check in SAP S/4HANA HCM Portugal and SAP ERP HCM Portugal

Due to missing authorization check, an unauthorized user can view the files of other company. This might lead to disclosure of personal data of employees. There is no impact on integrity and availability...

CVE-2025-43008

CVE-2025-43008 impacts SAP ERP HCM and SAP S/4HANA HCM Portugal disclosures due to missing authorization checks. The connected sources describe an unauthorized user able to view files from other companies, leading to potential personal data exposure of employees. The root cause is lack of authori...

CVE-2024-23576

Security vulnerability in HCL Commerce 9.1.12 and 9.1.13 could allow denial of service, disclosure of user personal data, and performing of unauthorized administrative operations...

PT-2023-24621 · WordPress · Woocommerce Stripe Payment Gateway

Name of the Vulnerable Software and Affected Versions: WooCommerce Stripe Payment Gateway plugin versions prior to 7.4.1 Description: A security issue has been identified that could lead to the unauthorized disclosure of sensitive information, specifically a PII disclosure due to an unauthenticat...

PrestaShop 安全漏洞

PrestaShop is an open source e-commerce solution from PrestaShop, Inc. in the United States. The solution offers multiple payment methods, short message alerts, and product image scaling. A security vulnerability exists in PrestaShop scexportcustomers 3.6.1 and prior versions, which stems from th...

Information disclosure

OpenHarmony-v3.1.2 and prior versions had a vulnerability that telephony in communication subsystem sends public events with personal data, but the permission is not set. Malicious apps could listen to public events and obtain information such as mobile numbers and SMS data without permissions...

PT-2022-25735 · Sap · Sap Netweaver Abap Server +1

Name of the Vulnerable Software and Affected Versions: SAP NetWeaver ABAP Server and ABAP Platform affected versions not specified Description: The issue allows an unauthenticated attacker to redirect users to a malicious site due to insufficient URL validation. This could lead to the user being...

PT-2022-22327 · Tabit · Tabit

Name of the Vulnerable Software and Affected Versions: Tabit affected versions not specified Description: The issue concerns several APIs on the web system that display sensitive information without authorization, including health statements, previous bills in a specific restaurant, alcohol...

Tour de Peloton: Exposed user data

An unauthenticated user could view sensitive information for all users, and snoop on live class statistics and its attendees, despite having a private mode. TL;DR Information disclosed included: - User IDs - Instructor IDs - Group Membership - Location - Workout stats - Gender and age - If they a...

ntp:fuzz_ntpd_receive: Use-of-uninitialized-value in receive

Detailed Report: https://oss-fuzz.com/testcase?key=5684730627883008 Project: ntp Fuzzing Engine: libFuzzer Fuzz Target: fuzzntpdreceive Job Type: libfuzzermsanntp Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Crash State: receive fuzzntpdreceive.c fuzzntpdreceive.c...