CVE-2026-5666

A vulnerability was detected in code-projects Online FIR System 1.0. Affected by this issue is some unknown functionality of the file /complaints.sql of the component SQL Database Backup File Handler. The manipulation results in insecure storage of sensitive information. The attack may be perform...

CVE-2026-27315

Sensitive Information Leak in cqlsh in Apache Cassandra 4.0 allows access to sensitive information, like passwords, from previously executed cqlsh command via /.cassandra/cqlshhistory local file access. Users are recommended to upgrade to version 4.0.20, which fixes this issue. -- Description:...

CVE-2026-5375

An issue that could allow a user with access to a credential to view sensitive fields through an API response has been resolved. This is an instance of CWE-200: Exposure of Sensitive Information to an Unauthorized Actor, and has an estimated CVSS score of...

CVE-2026-5375 runZero Platform API credential information leak

An issue that could allow a user with access to a credential to view sensitive fields through an API response has been resolved. This is an instance of CWE-200: Exposure of Sensitive Information to an Unauthorized Actor, and has an estimated CVSS score of...

Trane Tracer SC, Tracer SC+, and Tracer Concierge Missing Authorization (CVE-2026-28254)

A Missing Authorization vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could allow an unauthenticated attacker to access sensitive information through unprotected APIs. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more...

MediaWiki - CentralAuth Extension 安全漏洞

MediaWiki - CentralAuth Extension is an authentication plugin developed under open source by MediaWiki. The MediaWiki - CentralAuth Extension has a security vulnerability; this vulnerability arises from the improper removal of sensitive information during storage or transmission, which may lead t...

PT-2026-31033

Improper removal of sensitive information before storage or transfer vulnerability in The Wikimedia Foundation Mediawiki - CentralAuth Extension allows Resource Leak Exposure.This issue affects non release branches...

Windmill SQL注入漏洞

Windmill is a low-code development platform open-source by Windmill Labs, Inc. Versions of Windmill from 1.276.0 to 1.603.2 have a SQL injection vulnerability. This vulnerability stems from the owner parameter in the folder ownership management function, which allows for SQL injection attacks. It...

PT-2026-31041

Name of the Vulnerable Software and Affected Versions OpenSSL FIPS modules versions 3.0 through 3.6 Description Applications using RSASVE key encapsulation can send contents of an uninitialized memory buffer to a malicious peer, potentially leading to sensitive data leakage. This occurs when...

CVE-2026-5666

A vulnerability was detected in code-projects Online FIR System 1.0. Affected by this issue is some unknown functionality of the file /complaints.sql of the component SQL Database Backup File Handler. The manipulation results in insecure storage of sensitive information. The attack may be perform...

CVE-2026-5666 code-projects Online FIR System SQL Database Backup File complaints.sql sensitive information

A vulnerability was detected in code-projects Online FIR System 1.0. Affected by this issue is some unknown functionality of the file /complaints.sql of the component SQL Database Backup File Handler. The manipulation results in insecure storage of sensitive information. The attack may be perform...

CVE-2026-5666 code-projects Online FIR System SQL Database Backup File complaints.sql sensitive information

A vulnerability was detected in code-projects Online FIR System 1.0. Affected by this issue is some unknown functionality of the file /complaints.sql of the component SQL Database Backup File Handler. The manipulation results in insecure storage of sensitive information. The attack may be perform...

WordPress IDPay Payment Gateway for Woocommerce plugin <= 2.2.5 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Chawabhon Netisingha JNX03 in WordPress Plugin IDPay Payment Gateway for Woocommerce versions = 2.2.5...

CVE-2026-5650 code-projects Online Application System for Admission oas.sql sensitive information

A vulnerability was found in code-projects Online Application System for Admission 1.0. Impacted is an unknown function of the file /enrollment/database/oas.sql. Performing a manipulation results in insecure storage of sensitive information. The attack is possible to be carried out remotely. The...

WordPress Bricksforge plugin <= 3.1.8.4 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by luc in WordPress Plugin Bricksforge versions = 3.1.8.4...

Code-Projects Online Application System for Admission 安全漏洞

Code-Projects Online Application System for Admission is an online application system developed by Code-Projects. Version 1.0 of the code-projects Online Application System for Admission contains a security vulnerability. This vulnerability stems from incorrect operations with the...

Code-Projects Online FIR System 安全漏洞

Code-Projects Online FIR System is an open-source online FIR system developed by Code-Projects. Version 1.0 of the code-projects Online FIR System contains a security vulnerability. This vulnerability stems from the unsafe storage of the/complaints.sql file in the SQL database backup processing...

Keycloak 访问控制错误漏洞

Keycloak is an open-source identity and access management solution developed by Keycloak itself. Keycloak has a vulnerability related to access control, which stems from a header injection vulnerability in the user management access token endpoint. This vulnerability may lead to the disclosure of...

EUVD-2019-20111

Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the mngprofileid parameter. Attackers can send crafted requests with malicious SQL payloads in the mngprofileid parameter to extract sensitive database...

CVE-2019-25702 Kados R10 GreenBee SQL Injection via id_project Parameter

Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the idproject parameter. Attackers can send crafted requests with malicious SQL statements in the idproject parameter to extract sensitive database...