28128 matches found
CVE-2026-54841
CVE-2026-54841 affects WordPress Vitepos plugin versions
CVE-2026-54821 WordPress Visual Link Preview plugin <= 2.3.1 - Sensitive Data Exposure vulnerability
Subscriber Sensitive Data Exposure in Visual Link Preview = 2.3.1 versions...
CVE-2026-54821
The CVE-2026-54821 entry concerns the WordPress Visual Link Preview plugin, affected versions are
CVE-2026-57619
CVE-2026-57619 affects the WordPress Elementor Website Builder plugin (versions ≤ 4.1.3). The issue is a Sensitive Data Exposure vulnerability caused by the component/flow described in the sources. The CVSS 3.1 base score is 6.5 (MEDIUM) with network attack vector, low attack complexity, and priv...
EUVD-2026-39361
Contributor Sensitive Data Exposure in Elementor Website Builder = 4.1.3 versions...
CVE-2026-57619 WordPress Elementor Website Builder plugin <= 4.1.3 - Sensitive Data Exposure vulnerability
Contributor Sensitive Data Exposure in Elementor Website Builder = 4.1.3 versions...
libxslt: Processing web content may disclose sensitive information
A flaw was found in libxslt package. Processing web content may disclose sensitive information. This issue was addressed with improved memory handling...
WordPress Elementor Website Builder plugin <= 4.1.3 - Sensitive Data Exposure vulnerability
Sensitive Data Exposure vulnerability discovered by Steven Julian in WordPress Plugin Elementor Website Builder versions = 4.1.3...
CVE-2026-12053
GitLab has remediated an issue in GitLab EE affecting all versions from 19.1 before 19.1.1 that under certain conditions could have allowed a user to access sensitive information that had already been committed to a project, due to insufficient output filtering in Duo Workflows...
CVE-2026-12053
GitLab EE prior to 19.1.1 (i.e., 19.1.0) was affected by an information-disclosure issue caused by insufficient output filtering in Duo Workflows, potentially allowing a user to access sensitive data already committed to a project. The issue has been remediated by patching to 19.1.1. Impact: high...
CVE-2026-12053
GitLab has remediated an issue in GitLab EE affecting all versions from 19.1 before 19.1.1 that under certain conditions could have allowed a user to access sensitive information that had already been committed to a project, due to insufficient output filtering in Duo Workflows...
PT-2026-52207
Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 9.3 through 18.11.5 GitLab CE/EE versions 19.0 through 19.0.2 GitLab CE/EE versions 19.1 through 19.1.0 Description Insufficient filtering in a CI/CD API endpoint could allow sensitive information to be written to...
PT-2026-52568
Name of the Vulnerable Software and Affected Versions MSI NBFoundation Service version 2.0.2506.1201 Description Insecure permissions allow a remote attacker to obtain sensitive information by exploiting the 3DES-ECB encryption method. 3DES-ECB Triple Data Encryption Standard in Electronic Codebo...
PT-2026-52439
Contributor Sensitive Data Exposure in Elementor Website Builder = 4.1.3 versions...
CVE-2026-37149
GROCERY-STORE-MANAGEMENT-SYSTEM-USING-PHP-AND-MYSQL-PHPMYADMIN v1.0 was discovered to contain a SQL injection vulnerability in the scost parameter in /grocery/searchproducts.php. This vulnerability allows attackers to access sensitive database information via a crafted SQL statement...
CVE-2026-54066 SiYuan: Path Traversal via Double URL Encoding in /assets/*path (publish mode arbitrary file─read)
SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, the patch for CVE-2026-41894 "Path Traversal via Double URL Encoding" sanitized the /export/ route but the identical root cause remains in the /assets/path route. In publish mode anonymous read-only HTTP endpoint,...
CVE-2026-44022
Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. From 2.73.0 until 2.91.0, he LaTeX backend's handling of \includegraphics, \input, and \include commands lacked path containment validation. Attackers could craft malicio...
CVE-2026-9612 WhatsOrder <= 1.0.1 - Unauthenticated Sensitive Information Exposure via Predictable Invoice File URLs
The WhatsOrder – Instant Checkout for WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.1 via the yapacdevgenerateorderpdf. This makes it possible for unauthenticated attackers to extract sensitive customer PII and order...
CVE-2026-9612
The WhatsOrder – Instant Checkout for WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.1 via the yapacdevgenerateorderpdf. This makes it possible for unauthenticated attackers to extract sensitive customer PII and order...
CVE-2026-9612
The CVE-2026-9612 entry concerns the WhatsOrder – Instant Checkout for WooCommerce plugin for WordPress. Affects versions up to 1.0.1 and is caused by the yapacdev_generate_order_pdf function, which exposes sensitive customer PII and order details. Attack flow: an unauthenticated user can enumera...