CVE-2026-1704

CVE-2026-1704 affects the WordPress plugin Appointment Booking Calendar — Simply Schedule Appointments (all versions up to and including 1.6.9.29). The root cause is Insecure Direct Object Reference via get_item_permissions_check, which grants access to the ssa_manage_appointments capability with...

Information Disclosure

Directus is vulnerable to information disclosure. The vulnerability is due to improper filtering of concealed fields in search queries, which allows an authenticated attacker to infer matches from returned records and enumerate sensitive data even though the values appear masked...

PT-2026-25251

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in xtemos WoodMart woodmart allows Retrieve Embedded Sensitive Data.This issue affects WoodMart: from n/a through = 8.3.9...

IBM Sterling B2B Integrator和IBM Sterling File Gateway 安全漏洞

IBM Sterling B2B Integrator and IBM Sterling File Gateway are both products of International Business Machines IBM. IBM Sterling B2B Integrator is a software suite that integrates important B2B processes, transactions, and relationships. This software supports secure integration of complex B2B...

IBM Sterling Partner Engagement Manager 安全漏洞

IBM Sterling Partner Engagement Manager is an automated management tool provided by IBM Corporation. Versions of IBM Sterling Partner Engagement Manager prior to 6.2.3.5 and 6.2.4.2 contain security vulnerabilities. These vulnerabilities stem from the risk that attackers may use expired access...

WordPress plugin WpEvently 安全漏洞

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. WordPress plugin WpEvently has an information disclosure vulnerability that can be exploited by...

WordPress plugin ShopBuilder – Elementor WooCommerce Builder Addons 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application add-on. There is a...

PT-2026-25347

IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 could allow an attacker to obtain sensitive user information using an expired access token...

PT-2026-25201

CVE-2026-32354 Insertion of Sensitive Information Into Sent Data vulnerability in magepeopleteam WpEvently mage-eventpress allows Retrieve Embedded Sensitive Data.This issue affects… https://t.co/v8Z5hTaLh2...

EUVD-2026-11633

A Missing Authorization vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could allow an unauthenticated attacker to access sensitive information through unprotected APIs...

EUVD-2026-11637

A Use of Hard-coded, Security-relevant Constants vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could allow an attacker to disclose sensitive information and take over accounts...

EUVD-2019-19770

iScripts ReserveLogic contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the jqSearchDestination parameter. Attackers can send POST requests to the search endpoint with crafted SQL payloads to extract sensitiv...

CVE-2026-28254 Missing Authorization vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge

A Missing Authorization vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could allow an unauthenticated attacker to access sensitive information through unprotected APIs...

Malicious Package

Overview babel-compile-templates is a malicious package. This package was recognized as part of the 'PhantomRaven' supply chain campaign, which involves credential-stealing malware. The package impersonates well-known ecosystem plugins to deceive developers into installing it. Malicious Behavior...

Malicious Package

Overview relay-optimizer-plugin is a malicious package. This package was recognized as part of the 'PhantomRaven' supply chain campaign, which involves credential-stealing malware. The package impersonates well-known ecosystem plugins to deceive developers into installing it. Malicious Behavior T...

Malicious Package

Overview transform-undefined-to-void is a malicious package. This package was recognized as part of the 'PhantomRaven' supply chain campaign, which involves credential-stealing malware. The package impersonates well-known ecosystem plugins to deceive developers into installing it. Malicious...

CVE-2019-25481

iScripts ReserveLogic contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the jqSearchDestination parameter. Attackers can send POST requests to the search endpoint with crafted SQL payloads to extract sensitiv...

CVE-2019-25479

Inout RealEstate contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the city parameter. Attackers can send POST requests to the agents/agentlistdetails endpoint with malicious SQL payloads in the city paramete...

Inductive Automation Ignition 代码问题漏洞

Inductive Automation Ignition is an integrated software platform developed by Inductive Automation in the United States, designed for SCADA systems. This platform supports SCADA Supervisory Control and Data Acquisition and HMI Human Machine Interface applications. Inductive Automation Ignition ha...

Softweb Clinic Pro SQL注入漏洞

Softweb Clinic Pro is a clinic management system developed by the British company Softweb. Softweb Clinic Pro has a SQL injection vulnerability; this vulnerability stems from the SQL injection in the month parameter, which could allow authenticated attackers to manipulate database queries and...