28034 matches found
WordPress Riaxe Product Customizer plugin <= 2.4 - Unauthenticated Sensitive Information Disclosure via '/orders' REST API Endpoint vulnerability
Unauthenticated Sensitive Information Disclosure via '/orders' REST API Endpoint vulnerability discovered by Kai Aizen in WordPress Plugin Riaxe Product Customizer versions = 2.4...
CVE-2026-4788
IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.37 stores sensitive information in log files that could be read by a local user...
EUVD-2026-19984
Improper removal of sensitive information before storage or transfer vulnerability in The Wikimedia Foundation Mediawiki - CentralAuth Extension allows Resource Leak Exposure.This issue affects non release branches...
CVE-2026-4788
IBM Tivoli Netcool Impact versions 7.1.0.0–7.1.0.37 store sensitive information in log files that could be read by a local user, per multiple sources. IBM’s advisory fixes the issue in 7.1.0.38 (FP38) or later; remediation requires upgrading to 7.1.0.38+. The CVSS information from IBM indicates a...
CVE-2026-4788 Multiple Vulnerabilities affect IBM Tivoli Netcool Impact
IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.37 stores sensitive information in log files that could be read by a local user...
kube-router: BGP Peer Passwords Exposed in Logs at Verbose Logging Level
Summary When kube-router is configured with per-node BGP peer passwords using the kube-router.io/peer.passwords node annotation, and verbose logging is enabled --v=2 or higher, the raw Kubernetes node annotation map is logged verbatim — including the base64-encoded BGP MD5 passwords. Anyone with...
PT-2026-31271
Name of the Vulnerable Software and Affected Versions The Tribal versions n/a through 1.3.4 Description The Tribal plugin contains a flaw that allows retrieval of embedded sensitive data due to insertion of sensitive information into sent data. Recommendations Update The Tribal to a version great...
WordPress plugin BSK PDF Manager 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...
WordPress plugin Doofinder for WooCommerce 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...
PT-2026-31115
CVE-2026-39469 Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Softaculous PageLayer pagelayer allows Retrieve Embedded Sensitive https://t.co/Fm53Dsw2q6… https://t.co/j6jFQU02DR...
WordPress plugin Instantio 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
WordPress plugin PageLayer 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...
WordPress plugin DirectoryPress 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application plugin. The WordPre...
CI4MS 授权问题漏洞
CI4MS is an open-source blog page management tool developed by Ci4MS. Versions of CI4MS prior to 0.31.4.0 contained a vulnerability related to authorization issues, which allowed attackers to access sensitive system information...
WordPress plugin Sunshine Photo Cart 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There wa...
WordPress plugin 12 Step Meeting List 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...
WordPress plugin RepairBuddy 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
PT-2026-31149
Insertion of Sensitive Information Into Sent Data vulnerability in Doofinder Doofinder for WooCommerce doofinder-for-woocommerce allows Retrieve Embedded Sensitive Data.This issue affects Doofinder for WooCommerce: from n/a through = 2.10.13...
PT-2026-31096
The Riaxe Product Customizer plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.4 via the '/wp-json/InkXEProductDesignerLite/orders' REST API endpoint. The endpoint is registered with 'permission callback' set to ' return true', meaning no...
PT-2026-31273
Name of the Vulnerable Software and Affected Versions RT-Theme 18 | Extensions versions through 2.5 Description An issue exists in RT-Theme 18 | Extensions that allows retrieval of embedded sensitive data due to insertion of sensitive information into sent data. Recommendations Update RT-Theme 18...