CVE-2026-42644

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPDeveloper BetterDocs betterdocs allows Retrieve Embedded Sensitive Data.This issue affects BetterDocs: from n/a through = 4.3.10...

CVE-2026-7382

Exposure of Sensitive Information to an Unauthorized Actor, Exposure of private personal information to an unauthorized actor vulnerability in MeWare Software Development Inc. PDKS allows Excavation. This issue affects PDKS: from V16.20200313 before VMYR3.5.2025117...

EUVD-2026-26370

Exposure of Sensitive Information to an Unauthorized Actor, Exposure of private personal information to an unauthorized actor vulnerability in MeWare Software Development Inc. PDKS allows Excavation. This issue affects PDKS: from V16.20200313 before VMYR3.5.2025117...

MeWare PDKS 信息泄露漏洞

MeWare PDKS is a personnel management system for enterprise attendance and access control developed by the Turkish company MeWare. Versions of MeWare PDKS from V16.20200313 to VMYR3.5.2025117 contained an information leakage vulnerability. This vulnerability resulted from the unauthorized...

CVE-2026-39686

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in bannersky BSK PDF Manager bsk-pdf-manager allows Retrieve Embedded Sensitive Data.This issue affects BSK PDF Manager: from n/a through = 3.7.2...

WordPress Contest Gallery plugin <= 28.1.7 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Jakub Herman in WordPress Plugin Contest Gallery versions = 28.1.7...

CVE-2026-42644

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPDeveloper BetterDocs betterdocs allows Retrieve Embedded Sensitive Data.This issue affects BetterDocs: from n/a through = 4.3.10...

CVE-2026-42644

The CVE-2026-42644 entry concerns WordPress WPDeveloper BetterDocs plugin versions up to 4.3.10, with a vulnerability described as Exposure of Sensitive System Information to an Unauthorized Control Sphere and the ability to Retrieve Embedded Sensitive Data. Connected documents provide limited de...

CVE-2026-42644 WordPress BetterDocs plugin <= 4.3.10 - Sensitive Data Exposure vulnerability

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPDeveloper BetterDocs betterdocs allows Retrieve Embedded Sensitive Data.This issue affects BetterDocs: from n/a through = 4.3.10...

CVE-2026-42644 WordPress BetterDocs plugin <= 4.3.10 - Sensitive Data Exposure vulnerability

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPDeveloper BetterDocs betterdocs allows Retrieve Embedded Sensitive Data.This issue affects BetterDocs: from n/a through = 4.3.10...

CVE-2026-42518

This vulnerability exists in e-Sushrut due to disclosure of sensitive information and hardcoded AES encryption keys in client-side JavaScript. An unauthenticated remote attacker could exploit this vulnerability by accessing the client-side code to extract sensitive information and cryptographic...

CVE-2026-42517

This vulnerability exists in e-Sushrut due to the use of reversible Base64 encoding for protecting sensitive data. An authenticated attacker could exploit this vulnerability by decoding and manipulating Base64-encoded parameters in the request URL to gain unauthorized access to sensitive...

CVE-2026-42518

The CVE concerns e-Sushrut HMIS where sensitive data and hardcoded AES keys are exposed in client-side JavaScript. An unauthenticated remote attacker could access the client code to extract cryptographic keys, potentially compromising confidentiality and weakening cryptographic protections. Docum...

CVE-2026-42518

This vulnerability exists in e-Sushrut due to disclosure of sensitive information and hardcoded AES encryption keys in client-side JavaScript. An unauthenticated remote attacker could exploit this vulnerability by accessing the client-side code to extract sensitive information and cryptographic...

CVE-2026-42517

The CVE-2026-42517 entry affects the e-Sushrut HMIS system, where a vulnerability arises from using reversible Base64 encoding to protect sensitive data. The root cause is that sensitive parameters in the request URL are Base64-encoded rather than securely protected, allowing an authenticated att...

CVE-2026-42517

This vulnerability exists in e-Sushrut due to the use of reversible Base64 encoding for protecting sensitive data. An authenticated attacker could exploit this vulnerability by decoding and manipulating Base64-encoded parameters in the request URL to gain unauthorized access to sensitive...

CVE-2026-42517 Cryptographic Failure Vulnerability in e-Sushrut HMIS

This vulnerability exists in e-Sushrut due to the use of reversible Base64 encoding for protecting sensitive data. An authenticated attacker could exploit this vulnerability by decoding and manipulating Base64-encoded parameters in the request URL to gain unauthorized access to sensitive...

CVE-2026-42517 Cryptographic Failure Vulnerability in e-Sushrut HMIS

This vulnerability exists in e-Sushrut due to the use of reversible Base64 encoding for protecting sensitive data. An authenticated attacker could exploit this vulnerability by decoding and manipulating Base64-encoded parameters in the request URL to gain unauthorized access to sensitive...

CVE-2026-42514 Sensitive Data Exposure Vulnerability in e-Sushrut HMIS

This vulnerability exists in e-Sushrut due to exposure of OTPs in plaintext within API responses. A remote attacker could exploit this vulnerability by intercepting API responses containing valid OTPs. Successful exploitation of this vulnerability could allow an attacker to impersonate the target...

CVE-2026-38651

Authentication Bypass vulnerability exists in Netmaker versions prior to 1.5.0. The VerifyHostToken function in logic/jwts.go fails to validate the JWT signature when verifying host tokens. An attacker can forge a JWT signed with any arbitrary key and use it to impersonate any host in the network...