CVE-2026-40789 WordPress Amelia plugin <= 2.2 - Sensitive Data Exposure vulnerability

Unauthenticated Sensitive Data Exposure in Amelia = 2.2 versions...

CVE-2026-40789

CVE-2026-40789 affects WordPress Amelia plugin (versions

CVE-2026-39480

CVE-2026-39480 affects the WordPress plugin Backup Migration (versions

CVE-2026-39480 WordPress Backup Migration plugin <= 2.1.1 - Sensitive Data Exposure vulnerability

Unauthenticated Sensitive Data Exposure in Backup Migration = 2.1.1 versions...

CVE-2026-34891

CVE-2026-34891 concerns the WordPress IDPay Payment Gateway for WooCommerce plugin (

CVE-2026-34891 WordPress IDPay Payment Gateway for Woocommerce plugin <= 2.2.5 - Sensitive Data Exposure vulnerability

Unauthenticated Sensitive Data Exposure in IDPay Payment Gateway for Woocommerce = 2.2.5 versions...

CVE-2026-39007

An issue in Observeinc's Observe v.2026-01-28 and before allows a remote attacker to obtain sensitive information via the CSV Log export component...

CVE-2026-38812

RuoYi v4.8.2 is vulnerable to SQL Injection via the /tool/gen/createTable endpoint. The issue affects the code generation module and may allow an authenticated attacker with administrative privileges to access sensitive database information...

Security Bulletin: IBM Sterling Connect:Direct Web Services is Affected by Multiple Vulnerabilities.

Summary IBM Java is used by IBM Sterling Connect:Direct Web Services CVE-2026-34282, CVE-2026-22016, CVE-2026-23865, CVE-2026-22021, CVE-2026-22013, CVE-2026-22018, CVE-2026-22008, CVE-2026-34268, CVE-2026-22007, CVE-2026-6918. Vulnerability Details CVEID:CVE-2026-34282 DESCRIPTION: Easily...

Use of Cache Containing Sensitive Information

Overview @angular/service-worker is an Angular - service worker tooling! Affected versions of this package are vulnerable to Use of Cache Containing Sensitive Information in the request reconstruction. An attacker can access sensitive session data or cached private resources by exploiting the...

Use of Cache Containing Sensitive Information

Overview @angular/service-worker is an Angular - service worker tooling! Affected versions of this package are vulnerable to Use of Cache Containing Sensitive Information in the request reconstruction. An attacker can access sensitive session-restricted data or expose credentials by exploiting...

WordPress Static Block plugin <= 2.2 - Insecure Direct Object Reference to Authenticated (Contributor+) Sensitive Information Disclosure vulnerability

Insecure Direct Object Reference to Authenticated Contributor+ Sensitive Information Disclosure vulnerability discovered by dyingman in WordPress Plugin Static Block versions = 2.2...

CVE-2026-49064

Insertion of Sensitive Information Into Sent Data vulnerability in Stiofan GetPaid allows Retrieve Embedded Sensitive Data. This issue affects GetPaid: from n/a through 2.8.49...

CVE-2016-20076

WordPress Simple-Backup 2.7.11 contains multiple vulnerabilities that allow unauthenticated attackers to delete arbitrary files and download sensitive files by manipulating the deletebackupfile and downloadbackupfile parameters in tools.php. Attackers can exploit insufficient input validation usi...

EUVD-2026-36724

Insertion of Sensitive Information Into Sent Data vulnerability in Stiofan GetPaid allows Retrieve Embedded Sensitive Data. This issue affects GetPaid: from n/a through 2.8.49...

CVE-2026-49064 WordPress GetPaid plugin <= 2.8.49 - Sensitive Data Exposure vulnerability

Insertion of Sensitive Information Into Sent Data vulnerability in Stiofan GetPaid allows Retrieve Embedded Sensitive Data. This issue affects GetPaid: from n/a through 2.8.49...

CVE-2026-49064 WordPress GetPaid plugin <= 2.8.49 - Sensitive Data Exposure vulnerability

Insertion of Sensitive Information Into Sent Data vulnerability in Stiofan GetPaid allows Retrieve Embedded Sensitive Data. This issue affects GetPaid: from n/a through 2.8.49...

CVE-2026-49064

CVE-2026-49064 affects WordPress GetPaid plugin versions

CVE-2016-20072 BBS e-Franchise 1.1.1 WordPress Plugin SQL Injection via uid

BBS e-Franchise 1.1.1 plugin for WordPress contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the uid parameter. Attackers can craft requests to pages using the plugin's shortcode with UNION-based SQL...

CVE-2026-44188

Affects Ansible Lightspeed (and Red Hat Ansible Automation Platform context) via insufficient session expiration that allows a valid OAuth token to remain usable after logout, enabling persistent access and unauthorized read of inventories, playbooks, and config data. The connected Red Hat adviso...