Insertion of Sensitive Information into Log File

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File in the pairing setup. An attacker can gain unauthorized access to long-lived shared gateway credentials by obtaining a leaked setup code...

GHSA-4524-CJ9J-G4FJ OneUptime: Password Reset Token Logged at INFO Level

Summary The password reset flow logs the complete password reset URL — containing the plaintext reset token — at INFO log level, which is enabled by default in production. Anyone with access to application logs log aggregation, Docker logs, Kubernetes pod logs can intercept reset tokens and perfo...

CVE-2026-32405

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in xtemos WoodMart woodmart allows Retrieve Embedded Sensitive Data.This issue affects WoodMart: from n/a through = 8.3.9...

CVE-2025-14811

IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 could allow an attacker to obtain sensitive information from the query string of an HTTP GET method to process a request which could be obtained using man in the middle techniques...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal through a discrepancy in path normalization between protocol handlers and internal routing. An attacker can bypass folder-level permissions or escape the boundaries of a configured virtual folder by crafting specific...

CVE-2025-13723

IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 could allow an attacker to obtain sensitive user information using an expired access token...

CVE-2026-32405 WordPress WoodMart theme <= 8.3.9 - Sensitive Data Exposure vulnerability

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in xtemos WoodMart woodmart allows Retrieve Embedded Sensitive Data.This issue affects WoodMart: from n/a through = 8.3.9...

CVE-2026-32405

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in xtemos WoodMart woodmart allows Retrieve Embedded Sensitive Data.This issue affects WoodMart: from n/a through = 8.3.9...

CVE-2026-32405 WordPress WoodMart theme <= 8.3.9 - Sensitive Data Exposure vulnerability

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in xtemos WoodMart woodmart allows Retrieve Embedded Sensitive Data.This issue affects WoodMart: from n/a through = 8.3.9...

CVE-2026-32405

CVE-2026-32405 concerns the WordPress WoodMart theme (WoodMart) up to version 8.3.9, where an Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability allows retrieval of embedded sensitive data. The affected component is the WoodMart theme frontend/backend handlin...

CVE-2026-32372

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in RadiusTheme ShopBuilder – Elementor WooCommerce Builder Addons shopbuilder allows Retrieve Embedded Sensitive Data.This issue affects ShopBuilder – Elementor WooCommerce Builder Addons: from n/a through =...

CVE-2026-32372

CVE-2026-32372 concerns RadiusTheme ShopBuilder – Elementor WooCommerce Builder Addons (plugin) with versions up to and including 3.2.4. The issue is described as Exposure of Sensitive System Information to an Unauthorized Control Sphere, allowing retrieval of embedded sensitive data. The provide...

CVE-2026-32372 WordPress ShopBuilder – Elementor WooCommerce Builder Addons plugin <= 3.2.4 - Sensitive Data Exposure vulnerability

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in RadiusTheme ShopBuilder – Elementor WooCommerce Builder Addons shopbuilder allows Retrieve Embedded Sensitive Data.This issue affects ShopBuilder – Elementor WooCommerce Builder Addons: from n/a through =...

CVE-2026-32372 WordPress ShopBuilder – Elementor WooCommerce Builder Addons plugin <= 3.2.4 - Sensitive Data Exposure vulnerability

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in RadiusTheme ShopBuilder – Elementor WooCommerce Builder Addons shopbuilder allows Retrieve Embedded Sensitive Data.This issue affects ShopBuilder – Elementor WooCommerce Builder Addons: from n/a through =...

CVE-2026-32354 WordPress WpEvently plugin < 5.1.9 - Sensitive Data Exposure vulnerability

Insertion of Sensitive Information Into Sent Data vulnerability in magepeopleteam WpEvently mage-eventpress allows Retrieve Embedded Sensitive Data.This issue affects WpEvently: from n/a through 5.1.9...

CVE-2026-32354

Insertion of Sensitive Information Into Sent Data vulnerability in magepeopleteam WpEvently mage-eventpress allows Retrieve Embedded Sensitive Data.This issue affects WpEvently: from n/a through 5.1.9...

CVE-2026-32354 WordPress WpEvently plugin < 5.1.9 - Sensitive Data Exposure vulnerability

Insertion of Sensitive Information Into Sent Data vulnerability in magepeopleteam WpEvently mage-eventpress allows Retrieve Embedded Sensitive Data.This issue affects WpEvently: from n/a through 5.1.9...

CVE-2026-32354

The CVE-2026-32354 entry concerns the WordPress plugin WpEvently mage-eventpress. Affected software: mage-eventpress (WordPress plugin) with versions

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Microsoft

CVE-2025-59284-PoC Proof of con...

CVE-2026-3045

CVE-2026-3045 affects the WordPress plugin “Appointment Booking Calendar — Simply Schedule Appointments” (versions up to 1.6.9.29). The vulnerability stems from two weaknesses: (1) a non-user-bound public_nonce is exposed to unauthenticated users via the REST endpoint /wp-json/ssa/v1/embed-inner,...