Information Disclosure Vulnerability in Multiple Mozilla Products (CNVD-2026-19990)

Mozilla Firefox is an open source web browser.Mozilla Firefox ESR is an extended support version of Firefox the web browser.Mozilla Thunderbird is a suite of email client software separate from the Mozilla Application Suite. An information disclosure vulnerability exists in several Mozilla produc...

PT-2026-29304

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, moderators could export CSV data for admin-restricted reports, bypassing the report visibility restrictions. This could...

IBM Concert Encryption Problem Vulnerability (CNVD-2026-16135)

IBM Concert is IBM's collaborative application lifecycle management platform. IBM Concert has a security vulnerability that stems from the use of a weaker-than-expected encryption algorithm. An attacker could exploit the vulnerability to decrypt highly sensitive information...

IBM InfoSphere Information Server Information Disclosure Vulnerability (CNVD-2026-16130)

IBM InfoSphere Information Server is IBM's enterprise-class data integration platform for integrating, cleansing and transforming data from disparate sources. An information disclosure vulnerability exists in IBM InfoSphere Information Server that stems from insufficient credential protection and...

WordPress Plugin SMTP Mailer Information Disclosure Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in the WordPress plugin SMTP Mailer, which...

VulnCheck KEV: CVE-2023-40600

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Exactly WWW EWWW Image Optimizer. It works only when debug.log is turned on.This issue affects EWWW Image Optimizer: from n/a through 7.2.0...

VulnCheck KEV: CVE-2025-32257

Exposure of Sensitive System Information Due to Uncleared Debug Information vulnerability in 1clickmigration 1 Click WordPress Migration 1-click-migration allows Retrieve Embedded Sensitive Data.This issue affects 1 Click WordPress Migration: from n/a through = 2.5.7...

Discourse 信息泄露漏洞

Discourse is Discourse open source set of open source community discussion platform. The platform includes features such as community , e-mail and chat rooms . An information disclosure vulnerability exists in Discourse, which can be exploited by attackers to cause sensitive operational data to b...

WordPress plugin Appointment Booking and Scheduler Plugin – Truebooker 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

Unspecified Vulnerability in Apple macOS (CNVD-2026-19683)

Apple macOS is a specialized operating system developed by Apple for Mac computers. Apple macOS has a security vulnerability that can be exploited by attackers to cause applications to access sensitive user data...

Parse Server 竞争条件问题漏洞

Parse Server is an open-source backend developed by the Parse Platform. It can be deployed on any infrastructure that runs Node.js. There were vulnerabilities due to concurrency issues in versions of Parse Server prior to 8.6.65 and 9.7.0-alpha.9. These vulnerabilities stemmed from the sensitive...

Tokfinity InfCode Terminal 安全漏洞

Tokfinity InfCode Terminal is a terminal tool application developed by Tokfinity, which offers command-line operations and remote connection management capabilities. There is a security vulnerability in Tokfinity InfCode Terminal, caused by defects in the command filtering mechanism, which may le...

Apple macOS Information Disclosure Vulnerability (CNVD-2026-19033)

Apple macOS is a specialized operating system developed by Apple for Mac computers. Apple macOS suffers from an information disclosure vulnerability that can be exploited by an attacker to cause an application to access sensitive user data...

ALSA-2026:6266 Moderate: libxslt security update

libxslt is a library for transforming XML files into other textual formats including HTML, plain text, and other XML representations of the underlying data using the standard XSLT stylesheet transformation mechanism. Security Fixes: libxslt: Processing web content may disclose sensitive informati...

CVE-2026-33872

elixir-nodejs provides an Elixir API for calling Node.js functions. A vulnerability in versions prior to 3.1.4 results in Cross-User Data Leakage or Information Disclosure due to a race condition in the worker protocol. The lack of request-response correlation creates a "stale response"...

EUVD-2026-17084

A vulnerability of authorization bypass through user-controlled key in the 'console-survey/api/v1/answer/EVENTID/TIMESTAMP/' endpoint. Exploiting this vulnerability would allow an unauthenticated attacker to enumerate event IDs and obtain the complete Q&A history. This publicly exposed data may...

WordPress Ultimate Member plugin <= 2.11.2 - Authenticated (Contributor+) Sensitive Information Exposure to Account Takeover via Shortcode Template Tag vulnerability

Authenticated Contributor+ Sensitive Information Exposure to Account Takeover via Shortcode Template Tag vulnerability discovered by HDH - FPT Software in WordPress Plugin Ultimate Member versions = 2.11.2...

CVE-2026-5128

...

Cleartext Transmission of Sensitive Information

Overview Affected versions of this package are vulnerable to Cleartext Transmission of Sensitive Information in the process of establishing HTTPS tunnels through a configured HTTP proxy. An attacker can intercept sensitive session cookies by performing a man-in-the-middle attack or by controlling...

CVE-2026-2328 Backend Access Due to Insufficient Input Validation

An unauthenticated remote attacker can exploit insufficient input validation to access backend components beyond their intended scope via path traversal, resulting in exposure of sensitive information...