CVE-2026-53470

A flaw was found in migration-planner. An authenticated attacker could exploit an improper access control vulnerability in the /api/v1/sources/id/image-url endpoint. This flaw allows the attacker to bypass an ownership check and obtain presigned S3 URLs for Open Virtual Appliance OVA images...

WordPress JetBlog plugin <= 2.4.8 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Austin Ginder in WordPress Plugin JetBlog versions = 2.4.8...

WordPress ABC Crypto Checkout plugin <= 1.8.2 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by xwii in WordPress Plugin ABC Crypto Checkout versions = 1.8.2...

WordPress Signature Add-On for WooCommerce plugin <= 2.0 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Averon Averenkov in WordPress Plugin Signature Add-On for WooCommerce versions = 2.0...

CVE-2026-9751 Sensitive data could be written to mongod.log

The ldapQueryPassword parameter, when set through the runtime setParameter command, will log the new password to the mongod.log file in plain text...

CVE-2026-6445

CVE-2026-6445 affects Pure Storage FlashArray Purity. The issue is insufficient filtering of certain data paths, which could expose sensitive information to an authenticated user with low privileges. Root cause described as inadequate data-path filtering; impact includes high confidentiality, int...

CVE-2026-6445

A flaw exists in FlashArray Purity where insufficient filtering of certain data paths could expose sensitive information to an authenticated user with low privileges...

CVE-2026-45594

Exposure of sensitive information to an unauthorized actor in Windows Application Identity AppID Subsystem allows an authorized attacker to disclose information locally...

CVE-2026-42907

Exposure of sensitive information to an unauthorized actor in Windows Shell allows an authorized attacker to disclose information locally...

CVE-2026-42906

Exposure of sensitive information to an unauthorized actor in Windows Shell allows an authorized attacker to disclose information locally...

EUVD-2026-35596

Exposure of sensitive information to an unauthorized actor in Windows Shell allows an authorized attacker to disclose information locally...

EUVD-2026-35595

Exposure of sensitive information to an unauthorized actor in Windows Shell allows an authorized attacker to disclose information locally...

CVE-2026-42906

CVE-2026-42906 is a Windows Shell information-disclosure vulnerability. The Windows Shell component exposes sensitive information to an unauthorized actor via a local attack with low privileges required and no user interaction. The impact is confidentiality loss (C:H) while integrity/availability...

EUVD-2026-35574

Exposure of sensitive information to an unauthorized actor in Visual Studio Code allows an unauthorized attacker to disclose information over a network...

Windows Hyper-V Information Disclosure Vulnerability

Exposure of sensitive information to an unauthorized actor in Windows Hyper-V allows an authorized attacker to disclose information locally...

Windows Shell Information Disclosure Vulnerability

Exposure of sensitive information to an unauthorized actor in Windows Shell allows an authorized attacker to disclose information locally...

Windows Shell Information Disclosure Vulnerability

Exposure of sensitive information to an unauthorized actor in Windows Shell allows an authorized attacker to disclose information locally...

Visual Studio Code Information Disclosure Vulnerability

Exposure of sensitive information to an unauthorized actor in Visual Studio Code allows an unauthorized attacker to disclose information over a network...

Windows Application Identity (AppID) Information Disclosure Vulnerability

Exposure of sensitive information to an unauthorized actor in Windows Application Identity AppID Subsystem allows an authorized attacker to disclose information locally...

Windows NTLM Spoofing Vulnerability

Exposure of sensitive information to an unauthorized actor in Windows NTLM allows an unauthorized attacker to perform spoofing over a network...