WordPress plugin Bus Ticket Booking with Seat Reservation 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There wa...

WordPress plugin Nexter Blocks 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

PT-2026-31304

Name of the Vulnerable Software and Affected Versions Dell Elastic Cloud Storage versions 3.8.1.7 and prior Dell ObjectScale versions prior to 4.1.0.3 and version 4.2.0.0 Description Dell Elastic Cloud Storage and Dell ObjectScale contain a flaw where sensitive information may be inserted into lo...

WordPress plugin The Tribal 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application plugin. Versions of...

PT-2026-31161

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in magepeopleteam Bus Ticket Booking with Seat Reservation bus-ticket-booking-with-seat-reservation allows Retrieve Embedded Sensitive Data.This issue affects Bus Ticket Booking with Seat Reservation: from n/...

PT-2026-31300

Name of the Vulnerable Software and Affected Versions CoolerControl/coolercontrold versions prior to 4.0.0 Description Unauthenticated functionality in CoolerControl/coolercontrold allows unauthenticated attackers to view and modify potentially sensitive data via HTTP requests. Recommendations...

PT-2026-31139

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in POSIMYTH Nexter Blocks the-plus-addons-for-block-editor allows Retrieve Embedded Sensitive Data.This issue affects Nexter Blocks: from n/a through = 4.7.0...

OpenClaw 输入验证错误漏洞

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from an input validation error vulnerability that can be exploited by an attacker to cause an insecure request body to be resent in a cross-domain redirect, thereby disclosing sensitive request data or...

PT-2026-31159

Insertion of Sensitive Information Into Sent Data vulnerability in AA Web Servant 12 Step Meeting List 12-step-meeting-list allows Retrieve Embedded Sensitive Data.This issue affects 12 Step Meeting List: from n/a through = 3.19.9...

PT-2026-31164

Insertion of Sensitive Information Into Sent Data vulnerability in Ateeq Rafeeq RepairBuddy computer-repair-shop allows Retrieve Embedded Sensitive Data.This issue affects RepairBuddy: from n/a through = 4.1132...

PT-2026-31157

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Designinvento DirectoryPress directorypress allows Retrieve Embedded Sensitive Data.This issue affects DirectoryPress: from n/a through = 3.6.26...

WordPress plugin Simple History 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

PT-2026-31116

Insertion of Sensitive Information Into Sent Data vulnerability in Pär Thernström Simple History simple-history allows Retrieve Embedded Sensitive Data.This issue affects Simple History: from n/a through = 5.24.0...

CVE-2026-39937

Improper removal of sensitive information before storage or transfer vulnerability in The Wikimedia Foundation Mediawiki - CentralAuth Extension allows Resource Leak Exposure. The issue has been remediated on the master branch, and in the release branches for MediaWiki versions 1.43, 1.44, and 1....

CVE-2026-39937

Improper removal of sensitive information before storage or transfer vulnerability in The Wikimedia Foundation Mediawiki - CentralAuth Extension allows Resource Leak Exposure. The issue has been remediated on the master branch, and in the release branches for MediaWiki versions 1.43, 1.44, and 1....

CVE-2026-39937

CVE-2026-39937 concerns the Wikimedia Foundation’s MediaWiki CentralAuth Extension. The issue is an improper removal of sensitive information before storage or transfer, resulting in a Resource Leak Exposure. According to the connected documents, the vulnerability has been remediated on the maste...

CVE-2026-39937 Global vanishing does not completely remove user email

Improper removal of sensitive information before storage or transfer vulnerability in The Wikimedia Foundation Mediawiki - CentralAuth Extension allows Resource Leak Exposure. The issue has been remediated on the master branch, and in the release branches for MediaWiki versions 1.43, 1.44, and 1....

CVE-2026-39349 OrangeHRM Uses AES-ECB for Sensitive Data Encryption Enables Pattern Disclosure

OrangeHRM is a comprehensive human resource management HRM system. From 5.0 to 5.8, OrangeHRM Open Source encrypts certain sensitive fields with AES in ECB mode, which preserves block-aligned plaintext patterns in ciphertext and enables pattern disclosure against stored data. This vulnerability i...

CVE-2026-39349 OrangeHRM Uses AES-ECB for Sensitive Data Encryption Enables Pattern Disclosure

OrangeHRM is a comprehensive human resource management HRM system. From 5.0 to 5.8, OrangeHRM Open Source encrypts certain sensitive fields with AES in ECB mode, which preserves block-aligned plaintext patterns in ciphertext and enables pattern disclosure against stored data. This vulnerability i...

CVE-2026-39317

CVE-2026-39317 affects ChurchCRM prior to version 7.1.0. The vulnerability arises in SettingsIndividual.php where user‑controlled keys from the POST parameter are used directly in SQL queries without sanitization, enabling authenticated users to extract sensitive data from the database. Root caus...