PT-2026-32585

MaxKB is an open-source AI assistant for enterprise. Versions 2.7.1 and below contain a Stored Cross-Site Scripting XSS vulnerability where the frontend's MdRenderer.vue component parses custom tags from LLM responses or Application Prologue configurations, bypassing standard Markdown sanitizatio...

PT-2026-32718

CVE-2026-20928 Improper removal of sensitive information before storage or transfer in Windows Recovery Environment Agent allows an unauthorized attacker to bypass a security featur… https://t.co/pg5NOejQRf...

PT-2026-32603

Cleartext Transmission of Sensitive Information vulnerability in Apache APISIX. tencent-cloud-cls log export uses plaintext HTTP This issue affects Apache APISIX: from 2.99.0 through 3.15.0. Users are recommended to upgrade to version 3.16.0, which fixes the issue...

Microsoft Windows 资源管理错误漏洞

Microsoft Windows is an operating system used by personal devices by the American company Microsoft. There is a resource management vulnerability in Microsoft Windows Universal Plug and Play UPnP Device Host. Attackers can exploit this vulnerability to obtain sensitive information. The following...

PT-2026-32860

Name of the Vulnerable Software and Affected Versions Windows Kernel affected versions not specified Description Insertion of sensitive information into log files allows an authorized attacker to disclose information locally. Recommendations At the moment, there is no information about a newer...

Microsoft Windows Local Security Authority Subsystem Service 安全漏洞

The Microsoft Windows Local Security Authority Subsystem Service is an internal program of the American company Microsoft, responsible for implementing Windows system security policies. It verifies user identities when a computer or server is logged in, manages user password changes, and generate...

PT-2026-32552

The Material Master application does not enforce authorization checks for authenticated users when executing reports, resulting in the disclosure of sensitive information. This vulnerability has a low impact on confidentiality and does not affect integrity and availability of the system...

SAP Human Capital Management 安全漏洞

SAP Human Capital Management is a corporate human resources management and employee lifecycle management system developed by the German company SAP. There is a security vulnerability in SAP Human Capital Management. This vulnerability stems from specific messages returned by the system during...

PT-2026-32858

Name of the Vulnerable Software and Affected Versions Windows Kernel affected versions not specified Description An issue exists where sensitive information is inserted into a log file, allowing an authorized attacker to disclose information locally. This can potentially be used to bypass system...

PT-2026-32821

CVE-2026-32151 Exposure of sensitive information to an unauthorized actor in Windows Shell allows an authorized attacker to disclose information over a network. https://t.co/O48PBwBtPo...

Microsoft Windows File Explorer 信息泄露漏洞

Microsoft Windows File Explorer is a file manager application developed by the American company Microsoft. The Microsoft Windows File Explorer has a vulnerability that allows for the exposure of sensitive information. Attackers can exploit this vulnerability to obtain sensitive data. The followin...

PT-2026-32584

MaxKB is an open-source AI assistant for enterprise. Versions 2.7.1 and below contain a Stored Cross-Site Scripting XSS vulnerability that allows authenticated users to inject arbitrary HTML and JavaScript into the Application prologue Opening Remarks field by wrapping malicious payloads in tags...

Microsoft Dynamics 365 访问控制错误漏洞

Microsoft Dynamics 365 is a suite of ERP business solutions for multinational organizations from Microsoft USA. It is used for financial management, production management and business intelligence management. An information disclosure vulnerability exists in Microsoft Dynamics 365 On-Premises,...

PT-2026-32810

CVE-2026-32084 Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally. https://t.co/h229XazPDT...

CVE-2026-39709

Insertion of Sensitive Information Into Sent Data vulnerability in thetechtribe The Tribal the-tech-tribe allows Retrieve Embedded Sensitive Data.This issue affects The Tribal: from n/a through = 1.3.4...

CVE-2026-39711

Insertion of Sensitive Information Into Sent Data vulnerability in stmcan RT-Theme 18 | Extensions rt18-extensions allows Retrieve Embedded Sensitive Data.This issue affects RT-Theme 18 | Extensions: from n/a through = 2.5...

CVE-2026-39586

Insertion of Sensitive Information Into Sent Data vulnerability in Ateeq Rafeeq RepairBuddy computer-repair-shop allows Retrieve Embedded Sensitive Data.This issue affects RepairBuddy: from n/a through = 4.1132...

CVE-2026-39536

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WP Chill RSVP and Event Management rsvp allows Retrieve Embedded Sensitive Data.This issue affects RSVP and Event Management: from n/a through = 2.7.16...

CVE-2026-39473

Insertion of Sensitive Information Into Sent Data vulnerability in Pär Thernström Simple History simple-history allows Retrieve Embedded Sensitive Data.This issue affects Simple History: from n/a through = 5.24.0...

EUVD-2026-21992

Missing Authorization vulnerability allows Exposure of Sensitive Information via configuration endpoint. This issue affects Pandora FMS: from 777 through 800...