29 matches found
CVE-2026-9011 Ditty <= 3.1.65 - Missing Authorization to Unauthenticated Sensitive Information Disclosure via ditty_init AJAX Action
The Ditty – Responsive News Tickers, Sliders, and Lists plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.1.65. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...
EUVD-2026-30686
A weakness has been identified in Sanluan PublicCMS 5.202506.d. This issue affects the function execute of the file publiccms-trade/src/main/java/com/publiccms/views/directive/trade/TradeAddressListDirective.java of the component Trade Address Query Handler. Executing a manipulation of the argume...
CVE-2026-32299
Connect-CMS is a content management system. In versions on the 1.x series up to and including 1.41.0 and versions on the 2.x series up to and including 2.41.0, an improper authorization issue in the page content retrieval feature may allow retrieval of non-public information. Versions 1.41.1 and...
CVE-2026-32299
Connect-CMS is a content management system. In versions on the 1.x series up to and including 1.41.0 and versions on the 2.x series up to and including 2.41.0, an improper authorization issue in the page content retrieval feature may allow retrieval of non-public information. Versions 1.41.1 and...
CVE-2026-2373
The Royal Addons for Elementor – Addons and Templates Kit for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.7.1049 via the getmainqueryargs function due to insufficient restrictions on which posts can be included. This makes it possib...
CVE-2026-2373 Royal Addons for Elementor – Addons and Templates Kit for Elementor <= 1.7.1049 - Missing Authorization to Unauthenticated Custom Post Type Contents Exposure
The Royal Addons for Elementor – Addons and Templates Kit for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.7.1049 via the getmainqueryargs function due to insufficient restrictions on which posts can be included. This makes it possib...
CVE-2026-2373
The Royal Addons for Elementor – Addons and Templates Kit for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.7.1049 via the getmainqueryargs function due to insufficient restrictions on which posts can be included. This makes it possib...
CVE-2026-24422 phpMyFAQ: Public API endpoints expose emails and invisible questions
phpMyFAQ is an open source FAQ web application. In versions 4.0.16 and below, multiple public API endpoints improperly expose sensitive user information due to insufficient access controls. The OpenQuestionController::list endpoint calls Question::getAll with showAll=true by default, returning...
CVE-2026-24422 phpMyFAQ: Public API endpoints expose emails and invisible questions
phpMyFAQ is an open source FAQ web application. In versions 4.0.16 and below, multiple public API endpoints improperly expose sensitive user information due to insufficient access controls. The OpenQuestionController::list endpoint calls Question::getAll with showAll=true by default, returning...
CVE-2026-24422 phpMyFAQ: Public API endpoints expose emails and invisible questions
phpMyFAQ is an open source FAQ web application. In versions 4.0.16 and below, multiple public API endpoints improperly expose sensitive user information due to insufficient access controls. The OpenQuestionController::list endpoint calls Question::getAll with showAll=true by default, returning...
CVE-2026-24422
Summary: CVE-2026-24422 affects phpMyFAQ prior to 4.0.17, where public API endpoints improperly expose sensitive user information due to insufficient access controls. The OpenQuestionController::list() uses Question::getAll() with showAll=true by default, returning non-public records (isVisible=f...
U.S. Dept Of Defense: Publicly Accessible CDN Endpoint Exposing XML Metadata (including ETag)
A publicly accessible CDN endpoint was found that returned raw XML listing of stored objects, including metadata such as Key, LastModified, Size, StorageClass, and ETag. The ETag values, which can contain object hashes, were exposed publicly. This configuration allowed reconnaissance of the...
CVE-2025-41404
Direct request 'Forced Browsing' issue exists in iroha Board versions v0.10.12 and earlier. If this vulnerability is exploited, non-public contents may be viewed by an attacker who can log in to the affected product...
CVE-2025-41404
Direct request 'Forced Browsing' issue exists in iroha Board versions v0.10.12 and earlier. If this vulnerability is exploited, non-public contents may be viewed by an attacker who can log in to the affected product...
CVE-2025-41404
Direct request 'Forced Browsing' issue exists in iroha Board versions v0.10.12 and earlier. If this vulnerability is exploited, non-public contents may be viewed by an attacker who can log in to the affected product...
CVE-2025-41404
Direct request 'Forced Browsing' issue exists in iroha Board versions v0.10.12 and earlier. If this vulnerability is exploited, non-public contents may be viewed by an attacker who can log in to the affected product...
iroha Board 安全漏洞
iroha Board is an e-learning system from iroha Japan. A security vulnerability exists in iroha Board v0.10.12 and earlier versions, which stems from a direct request issue that could allow an attacker to view non-public content...
Meta to Train AI Models Using Public U.K. Facebook and Instagram Posts
Meta has announced that it will begin training its artificial intelligence AI systems using public content shared by adult users across Facebook and Instagram in the U.K. in the coming months. "This means that our generative AI models will reflect British culture, history, and idiom, and that U.K...
PT-2024-37866 · WordPress · Wp Ulike
Name of the Vulnerable Software and Affected Versions: WP ULike versions prior to 4.7.2.1 Description: The issue arises from the WP ULike WordPress plugin's failure to properly sanitize user display names when rendering them on a public page. This can lead to potential security risks, including t...
DRUPAL-CONTRIB-2024-004
Content within Open Social can have different visibilities. It is possible for a user to create public content even when this should not be allowed. This vulnerability is mitigated by the fact that the site must have public visibility disabled on a global level...