CVE-2025-30412

The CVE-2025-30412 entry concerns a sensitive data disclosure and manipulation due to improper authentication affecting Acronis Cyber Protect 16 (Linux, Windows) before build 39938 and Acronis Cyber Protect 15 (Linux, Windows) before build 41800. The vulnerability involves failure to enforce auth...

CVE-2025-30412

Sensitive data disclosure and manipulation due to improper authentication. The following products are affected: Acronis Cyber Protect 16 Linux, Windows before build 39938, Acronis Cyber Protect 15 Linux, Windows before build 41800...

CVE-2025-27903

IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 IBM Db2 Recovery Expert for Linux, UNIX and Windows transmits data in a cleartext communication channel that could allow an attacker to obtain sensitive information using man in the middle techniques...

CVE-2026-20141

In Splunk Enterprise versions below 10.0.2, 10.0.3, 9.4.8, and 9.3.9, a low-privileged user who does not hold the "admin" Splunk role could access the Splunk Monitoring Console App endpoints due to an improper access control. This could lead to a sensitive information disclosure.The Monitoring...

CVE-2026-20141

In Splunk Enterprise versions below 10.0.2, 10.0.3, 9.4.8, and 9.3.9, a low-privileged user who does not hold the "admin" Splunk role could access the Splunk Monitoring Console App endpoints due to an improper access control. This could lead to a sensitive information disclosure.The Monitoring...

CVE-2026-20141

The advisory for CVE-2026-20141 describes an improper access control in the Splunk Monitoring Console App affecting Splunk Enterprise versions below 10.0.2, 10.0.3, 9.4.8, and 9.3.9. A low-privilege user without the admin role could access Monitoring Console endpoints, leading to potential sensit...

CVE-2025-15520 RegistrationMagic <= 6.0.7.2 - Subscriber+ Sensitive Data Disclosure

The RegistrationMagic WordPress plugin before 6.0.7.2 checks nonces but not capabilities, allowing for the disclosure of some sensitive data to subscribers and above...

CVE-2025-15520 RegistrationMagic <= 6.0.7.2 - Subscriber+ Sensitive Data Disclosure

The RegistrationMagic WordPress plugin before 6.0.7.2 checks nonces but not capabilities, allowing for the disclosure of some sensitive data to subscribers and above...

WordPress PopupKit plugin <= 2.2.0 - Missing Authorization to Sensitive Information Disclosure and Data Deletion vulnerability

Missing Authorization to Sensitive Information Disclosure and Data Deletion vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin PopupKit versions = 2.2.0...

Ilevia EVE X1 Server

RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary shell commands and the disclosure of sensitive system information. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these...

MediaWiki 安全漏洞

MediaWiki is a free and open-source wiki engine developed by the Wikimedia Foundation in the United States. This product can be used to deploy internal knowledge management and content management systems. Versions of MediaWiki prior to 1.39.14, 1.43.4, and 1.44.1 contain security vulnerabilities...

CVE-2025-1395

Generation of Error Message Containing Sensitive Information vulnerability in Codriapp Innovation and Software Technologies Inc. HeyGarson allows Fuzzing for application mapping.This issue affects HeyGarson: through 30012026. NOTE: The vendor was contacted several times to verifying fixing proces...

CVE-2026-23564 Transmission of Unencrypted Data in Content Distribution Service

A vulnerability in TeamViewer DEX Client former 1E Client - Content Distribution Service NomadBranch.exe prior version 26.1 for Windows allows an attacker on the adjacent network to cause normally encrypted UDP traffic to be sent in cleartext. This can result in disclosure of sensitive informatio...

CVE-2026-23564

A vulnerability in TeamViewer DEX Client former 1E Client - Content Distribution Service NomadBranch.exe prior version 26.1 for Windows allows an attacker on the adjacent network to cause normally encrypted UDP traffic to be sent in cleartext. This can result in disclosure of sensitive informatio...

AZL-75527 CVE-2025-11065 affecting package moby-cli for versions less than 24.0.9-8

A flaw was found in github.com/go-viper/mapstructure/v2, in the field processing component using mapstructure.WeakDecode. This vulnerability allows information disclosure through detailed error messages that may leak sensitive input values via malformed user-supplied data processed in...

MiracleLinux 9 : linux-firmware-20230310-134.el9.ML.1 (AXSA:2023-6270:05)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-6270:05 advisory. This package includes firmware files required for some devices to operate. CVE-2023-20593 An issue in Zen 2 CPUs, under specific microarchitectural...

Odine GateKeeper SQL injection vulnerability

Odine GateKeeper is a voice fraud detection software developed by the Turkish company Odine. Version 1.0 of Odine GateKeeper contains an SQL injection vulnerability. This vulnerability stems from an SQL injection vulnerability in the trafficCycle API endpoint, which may lead to the disclosure of...

CVE-2026-23746

Entrust Instant Financial Issuance IFI On Premise software formerly referred to as CardWizard versions 5.x, prior to 6.10.5, and prior to 6.11.1 contain an insecure .NET Remoting exposure in the SmartCardController service DCG.SmartCardControllerService.exe. The service registers a TCP remoting...

CVE-2023-49950

The Jinja templating in Logpoint SIEM 6.10.0 through 7.x before 7.3.0 does not correctly sanitize log data being displayed when using a custom Jinja template in the Alert view. A remote attacker can craft a cross-site scripting XSS payload and send it to any system or device that sends logs to th...

CVE-2018-18657

An issue was discovered in Arcserve Unified Data Protection UDP through 6.5 Update 4. There is a DDI-VRT-2018-18 Unauthenticated Sensitive Information Disclosure via /gateway/services/EdgeServiceImpl issue...