CVE-2026-27640 tfplan2md has Sensitive Value Exposure in Generated Reports

tfplan2md is software for converting Terraform plan JSON files into human-readable Markdown reports. Prior to version 1.26.1, a bug in tfplan2md affected several distinct rendering paths: AzApi resource body properties, AzureDevOps variable groups, Scriban template context variables, and...

CVE-2025-11758 All in One Time Clock Lite – Tracking Employee Time Has Never Been Easier <= 2.0.3 - Missing Authorization to Page Creation and Information Exposure

The All in One Time Clock Lite plugin for WordPress is vulnerable to unauthorized access due to a missing authorization check in all versions up to, and including, 2.0.3. This is due to the plugin exposing admin-level AJAX actions to unauthenticated users via wpajaxnopriv hooks, while relying onl...

CVE-2020-6214

SAP S/4HANA Financial Products Subledger, version 100, uses an incorrect authorization object in some reports. Although the affected reports are protected with other authorization objects, exploitation of the vulnerability would allow an authenticated attacker to view, change, or delete data,...

PT-2024-13996 · Janitza · Gridvis

Name of the Vulnerable Software and Affected Versions: Janitza GridVis versions 9.0.66 and earlier Description: The issue concerns the use of hard-coded credentials in the de.janitza.pasw.feature.impl.activators.PasswordEncryption password encryption function. This allows remote authenticated...

CVE-2024-21589

An Improper Access Control vulnerability in the Juniper Networks Paragon Active Assurance Control Center allows an unauthenticated network-based attacker to access reports without authenticating, potentially containing sensitive configuration information. A feature was introduced in version 3.1.0...

Juniper Networks Paragon Active Assurance Security Vulnerability

Juniper Networks Paragon Active Assurance is a programmable test and service assurance solution from Juniper Networks, Inc. It can be easily used and delivered as a SaaS solution from the cloud or deployed locally in NFV environments using software-based and traffic-generating test proxies. A...

Danfoss AK-EM100 web applications 信息泄露漏洞

Danfoss AK-EM100 web applications is a web application from Danfoss, Denmark. It provides a web-based graphical user interface to the store that allows a range of everyday users to locally or remotely monitor data, alarms, and reports on all of their refrigeration equipment. An information...

CVE-2016-2845

The Content Security Policy CSP implementation in Blink, as used in Google Chrome before 49.0.2623.75, does not ignore a URL's path component in the case of a ServiceWorker fetch, which allows remote attackers to obtain sensitive information about visited web pages by reading CSP violation report...