CVE-2021-47978 ProcessMaker 3.5.4 Local File Inclusion via Path Traversal

ProcessMaker 3.5.4 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting improper path traversal validation. Attackers can send requests with directory traversal sequences to access sensitive system files like /etc/passwd without...

CVE-2026-25468

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in weDevs Happy Addons for Elementor allows Retrieve Embedded Sensitive Data. This issue affects Happy Addons for Elementor: from n/a through 3.20.8...

CVE-2026-42644

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPDeveloper BetterDocs betterdocs allows Retrieve Embedded Sensitive Data.This issue affects BetterDocs: from n/a through = 4.3.10...

CVE-2025-15623 Sparx Pro Cloud Server reveals sensitive information to an unauthenticated user

Exposure of Private Personal Information to an Unauthorized Actor, : Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Sparx Systems Pty Ltd. Sparx Pro Cloud Server. Unauthenticated user can retrieve database password in plaintext in certain situations...

CVE-2026-39571

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Themefic Instantio instantio allows Retrieve Embedded Sensitive Data.This issue affects Instantio: from n/a through = 3.3.30...

PT-2026-31248

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in bannersky BSK PDF Manager bsk-pdf-manager allows Retrieve Embedded Sensitive Data.This issue affects BSK PDF Manager: from n/a through = 3.7.2...

Glances exposes the REST API without authentication

Summary Glances web server runs without authentication by default when started with glances -w, exposing REST API with sensitive system information including process command-lines containing credentials passwords, API keys, tokens to any network client. Details Root Cause: Authentication is...

CVE-2026-32372

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in RadiusTheme ShopBuilder – Elementor WooCommerce Builder Addons shopbuilder allows Retrieve Embedded Sensitive Data.This issue affects ShopBuilder – Elementor WooCommerce Builder Addons: from n/a through =...

HomeGallery 路径遍历漏洞

HomeGallery is an open-source, self-hosted web gallery developed by HomeGallery. It allows for browsing of images that are marked, mobile-friendly, and powered by AI-driven image discovery. Versions of HomeGallery prior to 1.21.0 contained a path traversal vulnerability. This vulnerability stemme...

CVE-2026-3075 WordPress Simple Ajax Chat plugin <= 20251121 - Sensitive Data Exposure vulnerability

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Jeff Starr Simple Ajax Chat simple-ajax-chat allows Retrieve Embedded Sensitive Data.This issue affects Simple Ajax Chat: from n/a through = 20251121...

DEBIAN-CVE-2026-26157

A flaw was found in BusyBox. Incomplete path sanitization in its archive extraction utilities allows an attacker to craft malicious archives that when extracted, and under specific conditions, may write to files outside the intended directory. This can lead to arbitrary file overwrite, potentiall...

UBUNTU-CVE-2026-26157

A flaw was found in BusyBox. Incomplete path sanitization in its archive extraction utilities allows an attacker to craft malicious archives that when extracted, and under specific conditions, may write to files outside the intended directory. This can lead to arbitrary file overwrite, potentiall...

CVE-2025-9986

The CVE-2025-9986 entry concerns DIGIKENT by Vadi Corporate Information Systems Ltd. Co. Affected: DIGIKENT versions up to 13092025. Issue: Exposure of Sensitive System Information to an Unauthorized Control Sphere, potentially enabling “Excavation.” Impact: confidentiality loss (High) with no de...

CVE-2026-25023

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in mdedev Run Contests, Raffles, and Giveaways with ContestsWP contest-code-checker allows Retrieve Embedded Sensitive Data.This issue affects Run Contests, Raffles, and Giveaways with ContestsWP: from n/a...

CVE-2026-24998

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPMU DEV - Your All-in-One WordPress Platform Hustle wordpress-popup allows Retrieve Embedded Sensitive Data.This issue affects Hustle: from n/a through = 7.8.9.2...

webileapps Webile 路径遍历漏洞

Webileapps Webile is an application system developed by the webileapps company. Version 1.0.1 of Webileapps contains a path traversal vulnerability. This vulnerability stems from directory traversal vulnerabilities, which may lead to access to sensitive system directories...

CVE-2026-22625

Improper handling of filenames in certain HIKSEMI NAS products may lead to the exposure of sensitive system files...

CVE-2026-22625

Improper handling of filenames in certain HIKSEMI NAS products may lead to the exposure of sensitive system files...

EUVD-2026-5037

Improper handling of filenames in certain HIKSEMI NAS products may lead to the exposure of sensitive system files...

CVE-2026-22625

Technical details for CVE-2026-22625 are not provided in the supplied documents beyond the basic description; monitor for updates from Hiksemi and Red Hat advisories.