PT-2026-27556

Name of the Vulnerable Software and Affected Versions macOS versions prior to Tahoe 26.4 Description An application could potentially access sensitive user data due to insufficient checks. Recommendations Update to macOS Tahoe 26.4 or later...

ROS-20260324-73-0035

A vulnerability in the net/netfilter/xtnfacct.c component of the Linux operating system kernel is related to reading outside the allowed data buffer boundaries. Exploitation of the vulnerability allows an attacker to gain access to sensitive data and cause a denial of service...

About the security content of iOS 26.4 and iPadOS 26.4

About the security content of iOS 26.4 and iPadOS 26.4 This document describes the security content of iOS 26.4 and iPadOS 26.4. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches ...

Active Debug Code

Overview putyourlightson/craft-sprig is an A reactive Twig component framework for Craft. Affected versions of this package are vulnerable to Active Debug Code in the Sprig Playground component. An administrator can access sensitive information, such as security keys, credentials, and configurati...

CVE-2026-27131

The Sprig Plugin for Craft CMS is a reactive Twig component framework for Craft CMS. Starting in version 2.0.0 and prior to versions 2.15.2 and 3.15.2, admin users, and users with explicit permission to access the Sprig Playground, could potentially expose the security key, credentials, and other...

CVE-2026-33723

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the Subscribe::save method in objects/subscribe.php concatenates the $this-usersid property directly into an INSERT SQL query without sanitization or parameterized binding. This property originates from...

Sensitive Information Exposure

Nginx UI is vulnerable to Sensitive Information Exposure. The vulnerability is due to missing authentication on the /api/backup endpoint and exposure of decryption keys in the response header, which allows an attacker to download and decrypt sensitive backup data...

WordPress Contact Form by WPForms plugin <= 1.9.8.7 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by CidKagenouSama in WordPress Plugin Contact Form by WPForms versions = 1.9.8.7...

WordPress Review Schema plugin <= 2.2.6 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Doan Dinh Van in WordPress Plugin Review Schema versions = 2.2.6...

WordPress DirectoryPress plugin <= 3.6.26 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Bao - BlueRock in WordPress Plugin DirectoryPress versions = 3.6.26...

EUVD-2025-208928

The ReviewX – WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2.12 via the syncedData function. This makes it possible for unauthenticated...

CVE-2025-10731

The ReviewX – WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2.12 via the allReminderSettings function. This makes it possible for...

CVE-2025-10734 ReviewX – WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More <= 2.2.12 - Unauthenticated Sensitive Information Exposure

The ReviewX – WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2.12 via the syncedData function. This makes it possible for unauthenticated...

CVE-2025-10734 ReviewX – WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More <= 2.2.12 - Unauthenticated Sensitive Information Exposure

The ReviewX – WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2.12 via the syncedData function. This makes it possible for unauthenticated...

CVE-2025-10734

The ReviewX – WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2.12 via the syncedData function. This makes it possible for unauthenticated...

CVE-2025-10734

The CVE-2025-10734 entry documents a vulnerability in the ReviewX – WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More WordPress plugin (up to v2.2.12). The issue arises from the syncedData function, enabling unauthenticated attackers to extract sensit...

CVE-2025-10731

The ReviewX – WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2.12 via the allReminderSettings function. This makes it possible for...

CVE-2025-10731

The ReviewX – WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More plugin for WordPress is affected up to version 2.2.12. The vulnerability is a SENSITIVE INFORMATION EXPOSURE via the allReminderSettings function, allowing unauthenticated attackers to ob...

CVE-2025-10731 ReviewX – WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More <= 2.2.12 - Unauthenticated Sensitive Information Exposure to Data Export

The ReviewX – WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2.12 via the allReminderSettings function. This makes it possible for...

WordPress plugin ReviewX 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...