EUVD-2026-36058

Sensitive Data Exposure vulnerability in Erlang OTP inets httpcresponse module allows Retrieve Embedded Sensitive Data. The httpc client forwards the Authorization and Proxy-Authorization request headers to redirect targets without checking whether the redirect crosses an origin boundary...

CVE-2026-48856

Sensitive Data Exposure vulnerability in Erlang OTP inets httpcresponse module allows Retrieve Embedded Sensitive Data. The httpc client forwards the Authorization and Proxy-Authorization request headers to redirect targets without checking whether the redirect crosses an origin boundary...

EEF-CVE-2026-48856 httpc leaks Authorization header to cross-origin redirect targets

Summary Sensitive Data Exposure vulnerability in Erlang OTP inets httpc\response module allows Retrieve Embedded Sensitive Data. The httpc client forwards the Authorization and Proxy-Authorization request headers to redirect targets without checking whether the redirect crosses an origin boundary...

CVE-2026-53470 Migration-planner: getsourcedownloadurl missing organization check

A flaw was found in migration-planner. An authenticated attacker could exploit an improper access control vulnerability in the /api/v1/sources/id/image-url endpoint. This flaw allows the attacker to bypass an ownership check and obtain presigned S3 URLs for Open Virtual Appliance OVA images...

CVE-2026-53470

A flaw was found in migration-planner. An authenticated attacker could exploit an improper access control vulnerability in the /api/v1/sources/id/image-url endpoint. This flaw allows the attacker to bypass an ownership check and obtain presigned S3 URLs for Open Virtual Appliance OVA images...

WordPress JetBlog plugin <= 2.4.8 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Austin Ginder in WordPress Plugin JetBlog versions = 2.4.8...

WordPress ABC Crypto Checkout plugin <= 1.8.2 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by xwii in WordPress Plugin ABC Crypto Checkout versions = 1.8.2...

WordPress Signature Add-On for WooCommerce plugin <= 2.0 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Averon Averenkov in WordPress Plugin Signature Add-On for WooCommerce versions = 2.0...

CVE-2026-9751 Sensitive data could be written to mongod.log

The ldapQueryPassword parameter, when set through the runtime setParameter command, will log the new password to the mongod.log file in plain text...

CVE-2026-6445

A flaw exists in FlashArray Purity where insufficient filtering of certain data paths could expose sensitive information to an authenticated user with low privileges...

CVE-2026-6445

CVE-2026-6445 affects Pure Storage FlashArray Purity. The issue is insufficient filtering of certain data paths, which could expose sensitive information to an authenticated user with low privileges. Root cause described as inadequate data-path filtering; impact includes high confidentiality, int...

CVE-2026-45594

Exposure of sensitive information to an unauthorized actor in Windows Application Identity AppID Subsystem allows an authorized attacker to disclose information locally...

CVE-2026-42906

Exposure of sensitive information to an unauthorized actor in Windows Shell allows an authorized attacker to disclose information locally...

CVE-2026-42907

Exposure of sensitive information to an unauthorized actor in Windows Shell allows an authorized attacker to disclose information locally...

EUVD-2026-35596

Exposure of sensitive information to an unauthorized actor in Windows Shell allows an authorized attacker to disclose information locally...

EUVD-2026-35595

Exposure of sensitive information to an unauthorized actor in Windows Shell allows an authorized attacker to disclose information locally...

CVE-2026-42906

CVE-2026-42906 is a Windows Shell information-disclosure vulnerability. The Windows Shell component exposes sensitive information to an unauthorized actor via a local attack with low privileges required and no user interaction. The impact is confidentiality loss (C:H) while integrity/availability...

EUVD-2026-35574

Exposure of sensitive information to an unauthorized actor in Visual Studio Code allows an unauthorized attacker to disclose information over a network...

Windows Shell Information Disclosure Vulnerability

Exposure of sensitive information to an unauthorized actor in Windows Shell allows an authorized attacker to disclose information locally...

Windows Application Identity (AppID) Information Disclosure Vulnerability

Exposure of sensitive information to an unauthorized actor in Windows Application Identity AppID Subsystem allows an authorized attacker to disclose information locally...