CVE-2026-9650

CWE-522 Insufficiently Protected Credentials vulnerability that could cause unauthorized access and exposure of sensitive information when unauthenticated attacker accesses credentials stored within firmware or system files. With this credential an attacker could subsequently compromise the devic...

CVE-2026-54841 WordPress Vitepos plugin <= 3.4.2 - Sensitive Data Exposure vulnerability

Unauthenticated Sensitive Data Exposure in Vitepos = 3.4.2 versions...

CVE-2026-54841

CVE-2026-54841 affects WordPress Vitepos plugin versions

EUVD-2026-39369

Unauthenticated Sensitive Data Exposure in Vitepos = 3.4.2 versions...

CVE-2026-57619 WordPress Elementor Website Builder plugin <= 4.1.3 - Sensitive Data Exposure vulnerability

Contributor Sensitive Data Exposure in Elementor Website Builder = 4.1.3 versions...

CVE-2026-57619

CVE-2026-57619 affects the WordPress Elementor Website Builder plugin (versions ≤ 4.1.3). The issue is a Sensitive Data Exposure vulnerability caused by the component/flow described in the sources. The CVSS 3.1 base score is 6.5 (MEDIUM) with network attack vector, low attack complexity, and priv...

EUVD-2026-39361

Contributor Sensitive Data Exposure in Elementor Website Builder = 4.1.3 versions...

WordPress Elementor Website Builder plugin <= 4.1.3 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Steven Julian in WordPress Plugin Elementor Website Builder versions = 4.1.3...

DedeCMS 5.7.109 - Server-Side Request Forgery

Manipulation of the rssurl parameter in codo.php leads to server-side request forgery in DedeCMS version 5.7.109. id: CVE-2023-3578 info: name: DedeCMS 5.7.109 - Server-Side Request Forgery author: ritikchaddha severity: critical description: | Manipulation of the rssurl parameter in codo.php lea...

Netgear R6850 - Information Disclosure

Netgear R6850 router firmware version V1.1.0.88 contains an information leakage vulnerability in the currentsetting.htm page.This hidden interface is not protected by authentication, allowing unauthenticated attackers to access sensitive informationsuch as firmware version, model details,...

Scoold < 1.64.0 - Authentication Bypass

Scoold is a Q&A and a knowledge sharing platform for teams. A semicolon path injection vulnerability was found on the /api;/config endpoint. By appending a semicolon in the URL, attackers can bypass authentication and gain unauthorised access to sensitive configuration data. Furthermore, PUT...

TrakSYS 11.x.x - Sensitive Data Exposure

A vulnerability was found in Parsec Automation TrackSYS 11.x.x and classified as problematic. This issue affects some unknown processing of the file /TS/export/pagedefinition. The manipulation of the argument ID leads to direct request. The attack may be initiated remotely. The exploit has been...

ListingPro < 2.6.1 - Sensitive Data Disclosure

The ListingPro - WordPress Directory & Listing Theme for WordPress is vulnerable to Sensitive Data Exposure in versions before 2.6.1 via the /listingpro-plugin/functions.php file. This makes it possible for unauthenticated attackers to extract sensitive data including usernames, full names, email...

Easy Appointments <= 3.12.21 - Information Disclosure

Easy Appointments WordPress plugin = 3.12.21 contains a sensitive information exposure caused by an unauthenticated REST API endpoint /wp-json/wp/v2/eablocks/eaappointments/ registered with permissioncallback allowing unrestricted access, letting unauthenticated attackers extract sensitive custom...

WordPress JobWP Plugin <= 2.3.9 - SQL Injection

The JobWP - Job Board, Job Listing, Career Page and Recruitment Plugin plugin for WordPress is vulnerable to SQL Injection via the 'jobwpuploadresume' parameter in all versions up to, and including, 2.3.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparati...

Quttera Web Malware Scanner <= 3.4.1.48 - Sensitive Data Exposure

The Quttera Web Malware Scanner WordPress plugin before 3.4.2.1 doesn't restrict access to detailed scan logs, which allows a malicious actor to discover local paths and portions of the site's code id: CVE-2023-6065 info: name: Quttera Web Malware Scanner = 3.4.1.48 - Sensitive Data Exposure...

Joomla! Component Music Manager - Local File Inclusion

A directory traversal vulnerability in the Music Manager component for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. dot dot in the cid parameter to album.html. id: CVE-2010-2857 info: name: Joomla! Component Music Manager - Local Fil...

PraisonAI AgentOS - Information Disclosure

PraisonAI's AgentOS FastAPI application server exposes an unauthenticated GET /api/agents endpoint that lists every registered agent's name, role and the opening of its instructions system prompt. No authentication is enforced on the route, allowing a remote attacker to enumerate agent...

CVE-2026-12053

GitLab has remediated an issue in GitLab EE affecting all versions from 19.1 before 19.1.1 that under certain conditions could have allowed a user to access sensitive information that had already been committed to a project, due to insufficient output filtering in Duo Workflows...

CVE-2026-12053

GitLab EE prior to 19.1.1 (i.e., 19.1.0) was affected by an information-disclosure issue caused by insufficient output filtering in Duo Workflows, potentially allowing a user to access sensitive data already committed to a project. The issue has been remediated by patching to 19.1.1. Impact: high...