28053 matches found
CVE-2025-31983
HCL BigFix Service Management SM is affected by a security misconfiguration vulnerability due to CSP header. This could allow attackers to inject malicious scripts increasing the risk of cross-site scripting XSS and potential exposure of sensitive information...
WordPress Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin <= 1.51.1 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Disclosure vulnerability
Missing Authorization to Authenticated Subscriber+ Sensitive Information Disclosure vulnerability discovered by anhcd05 - VNPT Cyber Immunity in WordPress Plugin Forminator versions = 1.51.1...
CVE-2026-43646 Apache Wicket: crafted URLs can bypass PackageResourceGuard
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Wicket. This issue affects Apache Wicket: from 8.0.0 through 8.17.0, from 9.0.0 through 9.22.0, from 10.0.0 through 10.8.0. Users are recommended to upgrade to version 10.9.0, which fixes the issue...
CVE-2026-5753
The All-in-One WP Migration Unlimited Extension plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.83. This is due to the 'Ai1wmveSchedulesController::save' handler for 'adminpostai1wmscheduleeventsave' not verifying user capabilities before saving...
EUVD-2026-27522
The All-in-One WP Migration Unlimited Extension plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.83. This is due to the 'Ai1wmveSchedulesController::save' handler for 'adminpostai1wmscheduleeventsave' not verifying user capabilities before saving...
CVE-2026-34474
Sensitive data exposure leading to admin/WLAN credential leak in ZTE ZXHN H298A 1.1 and H108N 2.6. A crafted request to the router web interface can expose sensitive device and account information. In affected builds, the response may include the administrator password and WLAN PSK, enabling...
Cisco ISE 安全漏洞
Cisco ISE is a NAC solution developed by the American company Cisco. It is used to manage access to network resources for endpoints, users, and devices in a zero-trust architecture. Cisco ISE has a security vulnerability that stems from improper role-based access control permissions on the RADIUS...
PT-2026-38218
Name of the Vulnerable Software and Affected Versions ZTE ZXHN H298A version 1.1 ZTE H108N version 2.6 Description A crafted request to the router web interface can cause sensitive data exposure. This issue may leak device and account information, including the administrator password and WLAN...
HCL BigFix Service Management 日志信息泄露漏洞
HCL BigFix Service Management is an IT service management and asset management platform developed by the Indian company HCL. HCL BigFix Service Management has a vulnerability related to log information leakage. This vulnerability stems from ineffective access control, which may lead to unauthoriz...
Ollama GGUF Model Loader Heap Out-of-Bounds Read Vulnerability
Ollama is an open source large language model deployment and inference tool, mainly providing model loading, quantization and API interface services. The Ollama GGUF model loader suffers from a heap out-of-bounds read vulnerability that stems from the /api/create interface failing to properly...
CVE-2026-34474
Sensitive data exposure leading to admin/WLAN credential leak in ZTE ZXHN H298A 1.1 and H108N 2.6. A crafted request to the router web interface can expose sensitive device and account information. In affected builds, the response may include the administrator password and WLAN PSK, enabling...
Improper Removal of Sensitive Information Before Storage or Transfer
Overview Affected versions of this package are vulnerable to Improper Removal of Sensitive Information Before Storage or Transfer due to improper handling of namespace deletion retries. An attacker can cause residual data, such as outstanding leases and unrelated storage entries, to remain after ...
USN-8234-1: Mako vulnerability
It was discovered that Mako incorrectly handled URIs with double-slash prefixes in TemplateLookup. A remote attacker could possibly use this issue to obtain sensitive information...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via the fileName parameter during a file upload operation. An attacker can bypass intended storage boundaries and write arbitrary files to any location on the host filesystem accessible by the Java process by supplyi...
CVE-2026-6418 PaperCut NG/MF: Path Traversal in Shared Account Synchronization
An issue was discovered in the Shared Account Synchronization component of PaperCut MF version 25.0.4. The application allows administrative users to configure a source path for account data synchronization. Due to a lack of proper path validation and sanitization, an authenticated user with...
PT-2026-38083
Name of the Vulnerable Software and Affected Versions Mako versions prior to 1.1.0+ds1-1ubuntu2.1+esm1 Description Mako incorrectly handles URIs with double-slash prefixes in TemplateLookup. A remote attacker could potentially exploit this behavior to obtain sensitive information. Recommendations...
RHCOS 4 : OpenShift Container Platform 4.13.z (RHSA-2024:7941)
The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:7941 advisory. - containers/image: digest type does not guarantee valid type CVE-2024-3727 - webob: WebOb's location header normalization during...
12 Step Meeting List < 3.19.10 - Unauthenticated Information Exposure
Description The 12 Step Meeting List plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.19.9. This makes it possible for unauthenticated attackers to extract sensitive user or configuration data...
Missing Authorization
Overview Affected versions of this package are vulnerable to Missing Authorization in the authorization process. An attacker can gain unauthorized access to sensitive site, user, and role information by sending authenticated requests as a Panel user. This is only exploitable if the site is...
CVE-2026-32834
Summary: CVE-2026-32834 affects the WordPress plugin Easy PayPal Events & Tickets (version 1.3 and earlier). The vulnerability is a hardcoded authentication bypass in the QR code scanning functionality, allowing unauthenticated remote attackers to bypass hash verification by sending the hash para...