CVE-2026-9757 GEO my WP <= 4.5.5 - Unauthenticated SQL Injection via 'swlatlng' / 'nelatlng' Parameters

The GEO my WP plugin for WordPress is vulnerable to SQL Injection via the 'swlatlng' and 'nelatlng' parameters in all versions up to, and including, 4.5.5 The parameters are read from $SERVER'QUERYSTRING' via parsestr bypassing WordPress's wpmagicquotes protection, which only covers...

CVE-2026-3691

The CVE-2026-3691 entry describes an information disclosure in the OpenClaw Client PKCE verifier within OAuth flows. Affected component is the OpenClaw client’s OAuth authorization implementation, where sensitive data is exposed in the authorization URL query string. This permits remote disclosur...

IBM InfoSphere Information Server Information Disclosure Vulnerability (CNVD-2026-16742)

IBM InfoSphere Information Server is IBM's enterprise-class data integration platform for data quality management and ETL processing. An information disclosure vulnerability exists in IBM InfoSphere Information Server that stems from a query string of an HTTP GET request that could expose sensiti...

CVE-2025-14808 IBM InfoSphere Information Server is vulnerable due to disclosure of sensitive information

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 could allow an attacker to obtain sensitive information from the query string of an HTTP GET method to process a request which could be obtained using man in the middle techniques...

PT-2026-28109

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 could allow an attacker to obtain sensitive information from the query string of an HTTP GET method to process a request which could be obtained using man in the middle techniques...

CVE-2025-69270 Spectrum session token in URL

Information Exposure Through Query Strings in GET Request vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Session Hijacking.This issue affects DX NetOps Spectrum: 24.3.8 and earlier...

RHEL 8 : httpd:2.4 (RHSA-2026:0009)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:0009 advisory. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: modmd: Apache HTTP...

EUVD-2025-37917

HCL iAutomate v6.5.1 and v6.5.2 is susceptible to a sensitive information disclosure. An HTTP GET method is used to process a request and includes sensitive information in the query string of that request. An attacker could potentially access information or resources they were not intended to see...

CVE-2025-31954

CVE-2025-31954 affects HCL iAutomate in versions 6.5.1 and 6.5.2. The root cause is using HTTP GET to process requests with sensitive information in the query string, enabling potential disclosure of limited information to an unintended party. Impact is information disclosure; no exploitation det...

PT-2025-45150

Name of the Vulnerable Software and Affected Versions HCL iAutomate versions 6.5.1 through 6.5.2 Description HCL iAutomate versions 6.5.1 and 6.5.2 have a sensitive information disclosure issue. The application uses an HTTP GET method to process requests, including sensitive information within th...

IBM TXSeries for Multiplatforms 安全漏洞

IBM TXSeries for Multiplatforms is a transaction monitoring and management software product from International Business Machines IBM designed to support distributed transaction processing on multiple platforms. A security vulnerability exists in IBM TXSeries for Multiplatforms version 10.1, which...

Dashbuilder: insecure handling of CSRF token

It has been reported that CSRF tokens are not properly handled in JBoss BPM suite dashbuilder. Old tokens generated during an active session can be used to bypass CSRF protection. In addition, the tokens are sent in query string so they can be exposed through the browser's history, referrers, web...