CVE-2025-69768

SQL Injection vulnerability in Chyrp v.2.5.2 and before allows a remote attacker to obtain sensitive information via the Admin.php component...

Insertion of Sensitive Information Into Sent Data

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data via the WebSocket post deletion event. An attacker can access unrevealed message contents by intercepting or listening to these events after deletion. Remediation Upgrade...

Insertion of Sensitive Information Into Sent Data

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data via the WebSocket post deletion event. An attacker can access unrevealed message contents by intercepting or listening to these events after deletion. Remediation Upgrade...

Insertion of Sensitive Information Into Sent Data

Overview github.com/mattermost/mattermost-server/app is an open source Slack-alternative in Golang and React. Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data via the WebSocket post deletion event. An attacker can access unrevealed message...

CVE-2026-3021 Non-relational SQL injection vulnerability (NoSQLi) in the Wakyma application web

Non-relational SQL injection vulnerability NoSQLi in the Wakyma web application, specifically in the endpoint 'vets.wakyma.com/centro/equipo/empleado'. This vulnerability could allow an authenticated user to alter a GET request to the affected endpoint for the purpose of injecting special NoSQL...

MAL-2026-1486 Malicious code in trello-enterprises (npm)

The package is malicious due to a postinstall script executing a file that exfiltrates sensitive information to a remote server. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9a327d3918cfde33c4405296d7b5e2644bf1435d6532be30af21d41135d529ef The package...

CVE-2025-12736 multimedia_audio_standard has an insecure storage of sensitive information vulnerability

in OpenHarmony v5.0.3 and prior versions allow a local attacker case sensitive information leak through use of uninitialized resource...

CVE-2025-12736 multimedia_audio_standard has an insecure storage of sensitive information vulnerability

in OpenHarmony v5.0.3 and prior versions allow a local attacker case sensitive information leak through use of uninitialized resource...

CVE-2025-12736

CVE-2025-12736 affects the OpenHarmony platform, specifically the multimedia_audio_standard component in v5.0.3 and earlier. The root cause is the use of an uninitialized resource, which can enable a local attacker to obtain a case-sensitive leak of sensitive information. The provided metrics ind...

CVE-2017-20223

CVE-2017-20223 affects the Telesquare SKT LTE Router SDT-CS3B1, firmware version 1.2.0. The vulnerability is an insecure direct object reference that allows an unauthenticated attacker to bypass authorization by manipulating user-supplied input parameters, enabling access to resources and functio...

CVE-2025-69768

SQL Injection vulnerability in Chyrp v.2.5.2 and before allows a remote attacker to obtain sensitive information via the Admin.php component...

CVE-2025-69808

An out-of-bounds memory access OOB in p2r3 Bareiron commit 8e4d40 allows unauthenticated attackers to access sensitive information and cause a Denial of Service DoS via supplying a crafted packet...

CVE-2016-20029

CVE-2016-20029 affects ZKTeco ZKBioSecurity 3.0. The vulnerability is a file path manipulation flaw that lets an attacker access arbitrary local files by tampering with paths used to retrieve local resources. Attackers can bypass access controls to read sensitive information, including configurat...

BIT-GITLAB-2026-1182 Improper Removal of Sensitive Information Before Storage or Transfer in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.14 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user to gain unauthorized access to confidential issue title created in public projects under certain circumstances...

SQL Injection

Craft CMS is vulnerable to SQL Injection. The vulnerability is due to missing input sanitization in the ElementSearchController::actionSearch endpoint, which allows an attacker to inject malicious SQL queries via parameters like criteriawhere or criteriaorderBy and extract sensitive database...

Exploit for Missing Encryption of Sensitive Data in Nginxui Nginx_Ui

CVE-2026-27944 PoC Description CVE-2026-27944 is an identi...

EUVD-2026-11922

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in xtemos WoodMart woodmart allows Retrieve Embedded Sensitive Data.This issue affects WoodMart: from n/a through = 8.3.9...

EUVD-2026-11870

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in RadiusTheme ShopBuilder – Elementor WooCommerce Builder Addons shopbuilder allows Retrieve Embedded Sensitive Data.This issue affects ShopBuilder – Elementor WooCommerce Builder Addons: from n/a through =...

EUVD-2026-11842

Insertion of Sensitive Information Into Sent Data vulnerability in magepeopleteam WpEvently mage-eventpress allows Retrieve Embedded Sensitive Data.This issue affects WpEvently: from n/a through 5.1.9...

EUVD-2025-208649

IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 could allow an attacker to obtain sensitive user information using an expired access token...