MediaWiki 信息泄露漏洞

MediaWiki is a free and open-source wiki engine developed by the Wikimedia Foundation in the United States. This product can be used to deploy internal knowledge management and content management systems. Versions of MediaWiki prior to 1.43.7, 1.44.4, and 1.45.2 contained a vulnerability that led...

PT-2026-39895

Name of the Vulnerable Software and Affected Versions Valtimo versions 12.4.0 through 12.32.0 Valtimo versions 13.0.0 through 13.25.0 Description The LoggingRestClientCustomizer in the web module automatically intercepts all outgoing HTTP calls made via Spring's RestClient and logs the full reque...

PT-2026-39831

A race condition was addressed with additional validation. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. An app may be able to access sensitive user data...

PT-2026-39844

Name of the Vulnerable Software and Affected Versions iOS versions prior to 18.7.9 iOS versions prior to 26.5 iPadOS versions prior to 18.7.9 iPadOS versions prior to 26.5 macOS Sequoia versions prior to 15.7.7 macOS Sonoma versions prior to 14.8.7 macOS Tahoe versions prior to 26.5 visionOS...

📄 S2M Forgot Password Endpoint Token Exposure

This Python script demonstrates a security assessment targeting a forgot-password API endpoint in a digital payment platform operated by S2M, a company specializing in secure electronic transactions and payment processing solutions. The script sends a crafted POST request using a known email...

WordPress Bookly plugin <= 27.4 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Tiago Ventura @perses in WordPress Plugin Bookly versions = 27.4...

CVE-2025-15634

A missing authorization vulnerability in HCL BigFix WebUI allows an authenticated user without proper permissions to view sensitive environmental information via direct URL access to the unauthorized page...

CVE-2025-15634

CVE-2025-15634: In HCL BigFix WebUI, a missing authorization flaw lets an authenticated user with LOW privileges view sensitive environmental information via direct URL access to an unauthorized page. Impact: confidentiality (environmental data) exposed; attack vector: network; complexity: low; r...

Use of Cache Containing Sensitive Information

Overview hono is an Ultrafast web framework for the Edges Affected versions of this package are vulnerable to Use of Cache Containing Sensitive Information through the cache process in the cache middleware. An attacker can cause responses to be cached or served incorrectly by sending requests tha...

CVE-2026-41520

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.17.15, 1.18.9, and 1.19.3, the output of cilium-bugtool can contain sensitive data when the tool is run against Cilium deployments with WireGuard encryption enabled. This issue has been...

CVE-2026-41520 Cillium exposes sensitive information included in the cilium-bugtool debug archive

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.17.15, 1.18.9, and 1.19.3, the output of cilium-bugtool can contain sensitive data when the tool is run against Cilium deployments with WireGuard encryption enabled. This issue has been...

EUVD-2026-28845

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.17.15, 1.18.9, and 1.19.3, the output of cilium-bugtool can contain sensitive data when the tool is run against Cilium deployments with WireGuard encryption enabled. This issue has been...

CVE-2026-41520

CVE-2026-41520 affects Cilium’s bugtool output. Prior to versions 1.17.15, 1.18.9, and 1.19.3, running cilium-bugtool against deployments with WireGuard encryption can reveal sensitive data in the bug archive. The issue is addressed in the patched releases: 1.17.15, 1.18.9, and 1.19.3. The CVSS-d...

CVE-2026-41495

n8n-MCP (n8n-mcp) before v2.47.11 logs sensitive data from POST /mcp when running in HTTP transport mode. The issue records request metadata (notably Authorization bearer tokens, per-tenant API keys from x-n8n-key, and JSON-RPC payloads) in server logs regardless of authentication outcome; access...

CVE-2026-41495 n8n-MCP Logs Sensitive Request Data on Unauthorized /mcp Requests

n8n-MCP is an MCP server that provides AI assistants access to n8n node documentation, properties, and operations. Prior to version 2.47.11, when n8n-mcp runs in HTTP transport mode, incoming requests to the POST /mcp endpoint had their request metadata written to server logs regardless of the...

Cleartext Storage of Sensitive Information

Overview electerm is an open-sourced terminal/ssh/telnet/serialport/sftp client Affected versions of this package are vulnerable to Cleartext Storage of Sensitive Information in the getConstants process, which serializes the entire process.env object and exposes it to the renderer context as...

CVE-2026-7864 Exposure of Sensitive Information to an Unauthorized Actor

SEPPmail Secure Email Gateway before version 15.0.4 exposes server environment variables through an unauthenticated endpoint in the new GINA UI, allowing remote attackers to obtain sensitive system information...

Improper Authentication

github.com/mattermost/mattermost-server is vulnerable to improper authentication. The vulnerability is due to the failure to enforce multi-factor authentication on WebSocket connections, which allows an unauthenticated attacker to access sensitive information through WebSocket events...

Alkacon OpenCms allows remote unauthenticated attackers to obtain sensitive information

Alkacon OpenCms before 10.5.1 allows remote unauthenticated attackers to obtain sensitive information via a cmis-online/query XXE attack on a Chemistry servlet...

CVE-2023-42344

Alkacon OpenCms before 10.5.1 allows remote unauthenticated attackers to obtain sensitive information via a cmis-online/query XXE attack on a Chemistry servlet...