Lucene search
+L

845 matches found

CNNVD
CNNVD
added 2026/01/26 12:0 a.m.10 views

SpringBlade security vulnerabilities

SpringBlade is a microservices development platform developed by Blade China. Version 4.5.0 of SpringBlade contains a security vulnerability. This vulnerability stems from improper access control in the importUser function, which may allow arbitrary import of sensitive user data...

9.9CVSS5.9AI score0.00296EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/01/26 12:0 a.m.13 views

PT-2026-4774

Name of the Vulnerable Software and Affected Versions SpringBlade version 4.5.0 Description A flaw exists in the importUser function that allows attackers with limited privileges to import sensitive user data without proper authorization. The issue is due to incorrect access control...

9.9CVSS5.9AI score0.00296EPSS
Exploits1References8
Cvelist
Cvelist
added 2026/01/26 12:0 a.m.34 views

CVE-2025-70982

Incorrect access control in the importUser function of SpringBlade v4.5.0 allows attackers with low-level privileges to arbitrarily import sensitive user data...

0.00296EPSS
Exploits1References3
HackRead
HackRead
added 2026/01/20 1:30 p.m.11 views

Hackathon Projects Show AI Wellness Apps Can Leak Sensitive User Info

As emotional computing applications proliferate, the security threats they face require frameworks beyond traditional approaches...

5.4AI score
Exploits0
Cvelist
Cvelist
added 2026/01/20 3:25 a.m.25 views

CVE-2025-14798 LearnPress – WordPress LMS Plugin <= 4.3.2.4 - Missing Authorization to Unauthenticated Sensitive User Information Disclosure via REST API

The LearnPress – WordPress LMS Plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 4.3.2.4 via the getitempermissionscheck function. This makes it possible for unauthenticated attackers to extract sensitive data including user first names and las...

5.3CVSS0.00246EPSS
Exploits0References3
CVE
CVE
added 2026/01/20 3:25 a.m.20 views

CVE-2025-14798

CVE-2025-14798 : LearnPress – WordPress LMS Plugin for WordPress is vulnerable to unauthenticated Sensitive Information Disclosure via REST API (via get_item_permissions_check). Affected versions: up to 4.3.2.4. Impact per sources: exposure of user first/last names, social profile links, enrollme...

5.3CVSS5.5AI score0.00246EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/01/20 3:25 a.m.6 views

CVE-2025-14798 LearnPress – WordPress LMS Plugin <= 4.3.2.4 - Missing Authorization to Unauthenticated Sensitive User Information Disclosure via REST API

The LearnPress – WordPress LMS Plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 4.3.2.4 via the getitempermissionscheck function. This makes it possible for unauthenticated attackers to extract sensitive data including user first names and las...

5.3CVSS5.5AI score0.00246EPSS
Exploits0References3
Patchstack
Patchstack
added 2026/01/19 9:54 p.m.9 views

WordPress LearnPress - WordPress LMS Plugin plugin <= 4.3.2.4 - Missing Authorization to Unauthenticated Sensitive User Information Disclosure via REST API vulnerability

WordPress LearnPress - WordPress LMS Plugin plugin = 4.3.2.4 - Missing Authorization to Unauthenticated Sensitive User Information Disclosure via REST API vulnerability discovered by andrea bocchetti in WordPress Plugin LearnPress versions = 4.3.2.4...

5.3CVSS5.5AI score0.00246EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/01/16 6:16 p.m.6 views

CVE-2025-43508

A logging issue was addressed with improved data redaction. This issue is fixed in macOS Tahoe 26.1. An app may be able to access sensitive user data...

5.5CVSS5.7AI score0.00147EPSS
Exploits0References1
NVD
NVD
added 2026/01/16 6:16 p.m.11 views

CVE-2025-43508

A logging issue was addressed with improved data redaction. This issue is fixed in macOS Tahoe 26.1. An app may be able to access sensitive user data...

5.5CVSS0.00147EPSS
Exploits0References1
CVE
CVE
added 2026/01/16 5:6 p.m.16 views

CVE-2025-43508

CVE-2025-43508 affects macOS Tahoe 26.1 where a logging issue allowed potential access to sensitive user data due to insufficient data redaction. The root cause is improper logging of sensitive information, which has been addressed with improved data redaction. The vulnerability is mitigated by t...

5.5CVSS5.6AI score0.00147EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2026/01/16 12:0 a.m.7 views

Apple macOS security vulnerabilities

Apple macOS is a proprietary operating system developed by the American company Apple for Mac computers. Versions of Apple macOS Tahoe prior to 26.1 contained a security vulnerability caused by a log-related issue, which could allow applications access to sensitive user data...

5.5CVSS6.6AI score0.00147EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/01/16 12:0 a.m.10 views

PT-2026-3267

A logging issue was addressed with improved data redaction. This issue is fixed in macOS Tahoe 26.1. An app may be able to access sensitive user data...

6AI score0.00147EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 12:30 p.m.8 views

CVE-2023-40402

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14. An app may be able to access sensitive user data...

5.5CVSS5.9AI score0.00271EPSS
Exploits0References1
CNVD
CNVD
added 2025/12/25 12:0 a.m.7 views

Apple macOS Information Disclosure Vulnerability (CNVD-2026-16059)

Apple macOS is an operating system from the American company Apple Apple. Apple macOS has an information disclosure vulnerability that can be exploited by attackers to cause access to sensitive user data...

5.5CVSS5.9AI score0.00181EPSS
Exploits0
Cvelist
Cvelist
added 2025/12/21 2:20 a.m.29 views

CVE-2025-12980 Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX <= 5.0.3 - Missing Authorization to Unauthenticated Sensitive Information Exposure

The Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the '/ultp/v2/getdynamiccontent/' REST API endpoint in all versions up to, and including, 5.0.3. This makes it possible...

7.5CVSS0.00277EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/12/19 9:29 a.m.30 views

CVE-2025-12361 myCred – Points Management System For Gamification, Ranks, Badges, and Loyalty Program <= 2.9.7.1 - Missing Authorization to Sensitive Information Exposure

The myCred – Points Management System For Gamification, Ranks, Badges, and Loyalty Program plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.9.7.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This...

4.3CVSS0.00212EPSS
Exploits0References3
CNVD
CNVD
added 2025/12/19 12:0 a.m.6 views

Apple macOS Tahoe Insufficient Authentication Vulnerability

Apple macOS Tahoe is a desktop operating system released by Apple on June 10, 2025, using the LiquidGlass design language and integrating several AI and cross-device features. Apple macOS Tahoe suffers from an insufficient authentication vulnerability that can be exploited by an attacker to cause...

5.5CVSS6.3AI score0.00204EPSS
Exploits0References1
CNVD
CNVD
added 2025/12/19 12:0 a.m.3 views

Apple macOS Tahoe Underchecked Vulnerability

Apple macOS Tahoe is a desktop operating system released by Apple on June 10, 2025, using the LiquidGlass design language and integrating several AI and cross-device features. Apple macOS Tahoe suffers from an insufficient inspection vulnerability that can be exploited by an attacker to ask for...

5.5CVSS6.5AI score0.00166EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/17 8:46 p.m.28 views

CVE-2025-43475

A logging issue was addressed with improved data redaction. This issue is fixed in iOS 26.2 and iPadOS 26.2. An app may be able to access user-sensitive data...

0.00133EPSS
Exploits0References1
Rows per page
Query Builder