CVE-2026-7636

CVE-2026-7636 affects the WordPress plugin The Slider by Soliloquy – Responsive Image Slider (versions up to and including 2.8.1). The vulnerability is a Sensitive Information Exposure via the REST/profile mechanism (map_meta_cap) that allows authenticated users with subscriber-level access or hi...

EUVD-2026-31416

The Slider by Soliloquy – Responsive Image Slider for WordPress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.8.1 via the mapmetacap. This makes it possible for authenticated attackers, with subscriber-level access and above, to extra...

CVE-2026-43646

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Wicket. This issue affects Apache Wicket: from 8.0.0 through 8.17.0, from 9.0.0 through 9.22.0, from 10.0.0 through 10.8.0. Users are recommended to upgrade to version 10.9.0, which fixes the issue...

PT-2026-1586

Name of the Vulnerable Software and Affected Versions ShareThis Dashboard for Google Analytics plugin for WordPress versions through 3.2.4 Description The plugin is susceptible to Sensitive Information Exposure. The Google Analytics client ID and client secret are stored in plaintext within the...

GE UR family Exposure of Sensitive Information to an Unauthorized Actor (CVE-2021-27422)

GE UR firmware versions prior to version 8.1x web server interface is supported on UR over HTTP protocol. It allows sensitive information exposure without authentication. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information...

USN-7602-1: Linux kernel (Xilinx ZynqMP) vulnerabilities

Michael Randrianantenaina discovered that the Bluetooth driver in the Linux Kernel contained an improper access control vulnerability. A nearby attacker could use this to connect a rougue device and possibly execute arbitrary code. CVE-2024-8805 It was discovered that the CIFS network file system...

curl: Arbitrary File Read via Unsanitized curl Usage Results in Sensitive File Exposure

Hello team, First of all, your open report policy has improved me a lot. Your very caring team has motivated me a lot. A real bug bounty program. I hope I can contribute something to you with this report.Thank you. The application uses curl in a way that allows an attacker to specify arbitrary fi...

WordPress ProfilePress Plugin < 4.15.19 Information Disclosure Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:properfraction:profilepress"; if description...

WordPress Essential Addons for Elementor plugin <= 6.0.9 - Authenticated (Author+) Sensitive Information Exposure to Privilege Escalation vulnerability

Authenticated Author+ Sensitive Information Exposure to Privilege Escalation vulnerability discovered by wesley wcraft in WordPress Plugin Essential Addons for Elementor versions = 6.0.9...

Security Bulletin: IBM Sterling Connect:Direct for UNIX is vulnerable to remote sensitive information exposure due to IBM GSKit (CVE-2023-32342)

Summary IBM GSKit is used by IBM Sterling Connect:Direct for UNIX in product configuration and data transmission. IBM Sterling Connect:Direct for UNIX is impacted by remote sensitive exposure vulnerability in IBM GSKit. IBM Sterling Connect:Direct for UNIX has upgraded IBM GSKit to version...

GHSA-X2PG-MJHR-2M5X Exposure of Sensitive Information to an Unauthorized Actor in semantic-release

Impact What kind of vulnerability is it? Who is impacted? Secrets that would normally be masked by semantic-release can be accidentally disclosed if they contain characters that are excluded from uri encoding by encodeURI. Occurrence is further limited to execution contexts where push access to t...

Sifchain: CORS Misconfiguration Leads to Sensitive Exposure on Sifchain main domain

Summary: Hello, I know that isn't in the Scope But this The Only Way I can Report With And It Belongs to the Main Domain. ==At first please see all those references given below:== References: https://hackerone.com/reports/768151 https://hackerone.com/reports/1167869...

Yelp: Multiple Vulnerabilities in (*.blog.yelp.com) - Leakage user admin Sensitive Exposure

Hi! Team @yelp, We Found Multiple Vulnerabilities in you websites , Username Admin Login Sensitive Exposure Refferals Hackerone 753725 Platforms Affected: website . https://blog.yelp.com/wp-json/ user-admin sensitive exposure . https://blog.yelp.com/wp-login.php Admin-Page disclousure Steps To...

U.S. Dept Of Defense: Bypassing CORS Misconfiguration Leads to Sensitive Exposure

Hi! Security Team @deptofdefense, It's possible to get information about the users registered such as: id, name, login name, etc. without authentication in Wordpress via API on . ███████. Description: By default Wordpress allow public access to Rest API to get informations about all users...