Azure Data Factory Information Disclosure Vulnerability

Exposure of sensitive information to an unauthorized actor in Azure Data Factory allows an unauthorized attacker to disclose information over a network...

CVE-2025-36051

IBM QRadar SIEM 7.5.0 through 7.5.0 Update Package 14 stores potentially sensitive information in configuration files that could be read by a local user...

EUVD-2025-208854

IBM QRadar SIEM 7.5.0 through 7.5.0 Update Package 14 stores potentially sensitive information in configuration files that could be read by a local user...

CVE-2025-36051 IBM QRadar SIEM Information Disclosure

IBM QRadar SIEM 7.5.0 through 7.5.0 Update Package 14 stores potentially sensitive information in configuration files that could be read by a local user...

WordPress Plugin WpEvently Information Disclosure Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. WordPress plugin WpEvently has an information disclosure vulnerability that can be exploited by...

PT-2026-26243

CVE-2025-36051 IBM QRadar SIEM 7.5.0 through 7.5.0 Update Package 14 stores potentially sensitive information in configuration files that could be read by a local user. https://t.co/fgTDVVehof...

PT-2026-26351

Azure Data Factory Information Disclosure Vulnerability CVE: CVE-2026-23659 PT-Identifier: PT-2026-26351 Vendor: Microsoft Product: Azure Data Factory CVSS: 8.6 Credits: n/a Description: Exposure of sensitive information to an unauthorized actor in Azure Data Factory allows an unauthorized attack...

PT-2026-26254

The Download Manager plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'reviewUserStatus' function in all versions up to, and including, 3.3.49. This makes it possible for authenticated attackers, with Subscriber-level access and above, to...

KLA90948 OSI vulnerability in Microsoft Copilot Studio

An information disclosure vulnerability was found in Microsoft Copilot Studio. Malicious users can exploit this vulnerability to obtain sensitive information, bypass security restrictions. Original advisories CVE-2026-26136 Exploitation Related products Microsoft-Copilot-Studio CVE list...

IBM QRadar SIEM 安全漏洞

IBM QRadar SIEM is a solution developed by the American multinational company IBM, designed to protect assets and information from advanced threats using security intelligence. This solution provides features such as monitoring across the entire IT infrastructure and generating detailed reports o...

Microsoft Azure Data Factory 信息泄露漏洞

Microsoft Azure Data Factory is a cloud-based data integration service provided by Microsoft Corporation. There is an information leakage vulnerability in Microsoft Azure Data Factory. This vulnerability stems from the exposure of sensitive information to unauthorized participants, which may allo...

Improper Removal of Sensitive Information Before Storage or Transfer

Overview Affected versions of this package are vulnerable to Improper Removal of Sensitive Information Before Storage or Transfer in HTTPResult in SimpleHTTPClient.java, when following redirects. An attacker can obtain the contents of "Location: response" headers included in client redirects...

EUVD-2025-208831

MuraCMS through 10.1.10 contains a CSRF vulnerability in the bundle creation functionality csettings.cfc createBundle method that allows unauthenticated attackers to force administrators to create and save site bundles containing sensitive data to publicly accessible directories. This vulnerabili...

CVE-2026-29858

A lack of path validation in aaPanel v7.57.0 allows attackers to execute a local file inclusion LFI, leadingot sensitive information exposure...

CVE-2026-32596 Glances exposes the REST API without authentication

Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.2, Glances web server runs without authentication by default when started with glances -w, exposing REST API with sensitive system information including process command-lines containing credentials passwords, API keys,...

CVE-2026-32268 Azure Blob Storage for Craft CMS Potential Sensitive Information Disclosure vulnerability

The Azure Blob Storage for Craft CMS plugin provides an Azure Blob Storage integration for Craft CMS. In versions on the 2.x branch prior to 2.1.1, unauthenticated users can view a list of buckets the plugin has access to. The DefaultController-actionLoadContainerData endpoint allows...

DEBIAN-CVE-2026-28500

Open Neural Network Exchange ONNX is an open standard for machine learning interoperability. In versions up to and including 1.20.1, a security control bypass exists in onnx.hub.load due to improper logic in the repository trust verification mechanism. While the function is designed to warn users...

CVE-2026-28500

CVE-2026-28500 affects ONNX up to v1.20.1 where onnx.hub.load() bypasses security checks due to flawed repository trust logic. The silent=True flag silences warnings and prompts, enabling a vector for zero-interaction supply-chain attacks. When combined with filesystem vulnerabilities, an attacke...

CVE-2026-28500

Open Neural Network Exchange ONNX is an open standard for machine learning interoperability. In versions up to and including 1.20.1, a security control bypass exists in onnx.hub.load due to improper logic in the repository trust verification mechanism. While the function is designed to warn users...

EUVD-2026-12643

IBM Planning Analytics Local 2.1.0 through 2.1.17 could allow an unauthorized access to sensitive application data and administrative functionalities due to lack of proper access controls...