845 matches found
SpringBlade security vulnerabilities
SpringBlade is a microservices development platform developed by Blade China. Version 4.5.0 of SpringBlade contains a security vulnerability. This vulnerability stems from improper access control in the importUser function, which may allow arbitrary import of sensitive user data...
PT-2026-4774
Name of the Vulnerable Software and Affected Versions SpringBlade version 4.5.0 Description A flaw exists in the importUser function that allows attackers with limited privileges to import sensitive user data without proper authorization. The issue is due to incorrect access control...
CVE-2025-70982
Incorrect access control in the importUser function of SpringBlade v4.5.0 allows attackers with low-level privileges to arbitrarily import sensitive user data...
Hackathon Projects Show AI Wellness Apps Can Leak Sensitive User Info
As emotional computing applications proliferate, the security threats they face require frameworks beyond traditional approaches...
CVE-2025-14798 LearnPress – WordPress LMS Plugin <= 4.3.2.4 - Missing Authorization to Unauthenticated Sensitive User Information Disclosure via REST API
The LearnPress – WordPress LMS Plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 4.3.2.4 via the getitempermissionscheck function. This makes it possible for unauthenticated attackers to extract sensitive data including user first names and las...
CVE-2025-14798
CVE-2025-14798 : LearnPress – WordPress LMS Plugin for WordPress is vulnerable to unauthenticated Sensitive Information Disclosure via REST API (via get_item_permissions_check). Affected versions: up to 4.3.2.4. Impact per sources: exposure of user first/last names, social profile links, enrollme...
CVE-2025-14798 LearnPress – WordPress LMS Plugin <= 4.3.2.4 - Missing Authorization to Unauthenticated Sensitive User Information Disclosure via REST API
The LearnPress – WordPress LMS Plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 4.3.2.4 via the getitempermissionscheck function. This makes it possible for unauthenticated attackers to extract sensitive data including user first names and las...
WordPress LearnPress - WordPress LMS Plugin plugin <= 4.3.2.4 - Missing Authorization to Unauthenticated Sensitive User Information Disclosure via REST API vulnerability
WordPress LearnPress - WordPress LMS Plugin plugin = 4.3.2.4 - Missing Authorization to Unauthenticated Sensitive User Information Disclosure via REST API vulnerability discovered by andrea bocchetti in WordPress Plugin LearnPress versions = 4.3.2.4...
CVE-2025-43508
A logging issue was addressed with improved data redaction. This issue is fixed in macOS Tahoe 26.1. An app may be able to access sensitive user data...
CVE-2025-43508
A logging issue was addressed with improved data redaction. This issue is fixed in macOS Tahoe 26.1. An app may be able to access sensitive user data...
CVE-2025-43508
CVE-2025-43508 affects macOS Tahoe 26.1 where a logging issue allowed potential access to sensitive user data due to insufficient data redaction. The root cause is improper logging of sensitive information, which has been addressed with improved data redaction. The vulnerability is mitigated by t...
Apple macOS security vulnerabilities
Apple macOS is a proprietary operating system developed by the American company Apple for Mac computers. Versions of Apple macOS Tahoe prior to 26.1 contained a security vulnerability caused by a log-related issue, which could allow applications access to sensitive user data...
PT-2026-3267
A logging issue was addressed with improved data redaction. This issue is fixed in macOS Tahoe 26.1. An app may be able to access sensitive user data...
CVE-2023-40402
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14. An app may be able to access sensitive user data...
Apple macOS Information Disclosure Vulnerability (CNVD-2026-16059)
Apple macOS is an operating system from the American company Apple Apple. Apple macOS has an information disclosure vulnerability that can be exploited by attackers to cause access to sensitive user data...
CVE-2025-12980 Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX <= 5.0.3 - Missing Authorization to Unauthenticated Sensitive Information Exposure
The Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the '/ultp/v2/getdynamiccontent/' REST API endpoint in all versions up to, and including, 5.0.3. This makes it possible...
CVE-2025-12361 myCred – Points Management System For Gamification, Ranks, Badges, and Loyalty Program <= 2.9.7.1 - Missing Authorization to Sensitive Information Exposure
The myCred – Points Management System For Gamification, Ranks, Badges, and Loyalty Program plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.9.7.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This...
Apple macOS Tahoe Insufficient Authentication Vulnerability
Apple macOS Tahoe is a desktop operating system released by Apple on June 10, 2025, using the LiquidGlass design language and integrating several AI and cross-device features. Apple macOS Tahoe suffers from an insufficient authentication vulnerability that can be exploited by an attacker to cause...
Apple macOS Tahoe Underchecked Vulnerability
Apple macOS Tahoe is a desktop operating system released by Apple on June 10, 2025, using the LiquidGlass design language and integrating several AI and cross-device features. Apple macOS Tahoe suffers from an insufficient inspection vulnerability that can be exploited by an attacker to ask for...
CVE-2025-43475
A logging issue was addressed with improved data redaction. This issue is fixed in iOS 26.2 and iPadOS 26.2. An app may be able to access user-sensitive data...