CVE-2025-36105

IBM Planning Analytics Advanced Certified Containers 3.1.0 through 3.1.4 could allow a local privileged user to obtain sensitive information from environment variables...

IBM Aspera Orchestrator 安全漏洞

IBM Aspera Orchestrator is a web-based application developed by IBM. It provides efficient file processing pipelines for data-driven businesses. There were security vulnerabilities in the version 3.0.0 to 4.1.2 of IBM Aspera Orchestrator. These vulnerabilities stemmed from the storage of sensitiv...

Siemens SINEC Security Monitor Information Disclosure Vulnerability

SINEC Security Monitor is a modular network security software for passive, non-intrusive, continuous network security monitoring during production at customer premises. Siemens SINEC Security Monitor suffers from an information disclosure vulnerability that can be exploited by attackers to obtain...

PixelConfig: Longitudinal Measurement and Reverse-Engineering of Meta Pixel Configurations

Tracking pixels are used to optimize online ad campaigns through personalization, re-targeting, and conversion tracking. Past research has primarily focused on detecting the prevalence of tracking pixels on the web, with limited attention to how they are configured across websites. A tracking pix...

SAP S/4HANA HCM Portugal和SAP ERP HCM Portugal 安全漏洞

SAP S/4HANA HCM Portugal and SAP ERP HCM Portugal are both human capital management modules developed by the German company SAP. Both systems have security vulnerabilities; these vulnerabilities stem from the lack of authorization checks, which may allow users with high privileges to access...

CVE-2025-56421

SQL Injection vulnerability in LimeSurvey before v.6.15.4+250710 allows a remote attacker to obtain sensitive information from the database...

WordPress plugin Booking Calendar for Appointments and Service Businesses – Booktics 访问控制错误漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that extends the...

PT-2026-24310

Name of the Vulnerable Software and Affected Versions Windows Accessibility Infrastructure ATBroker.exe affected versions not specified Description The issue concerns the insufficient protection of sensitive data within the Windows Accessibility Infrastructure ATBroker.exe. Successful exploitatio...

HCL Sametime 安全漏洞

HCL Sametime is a conference solution developed by the Indian company HCL. HCL Sametime has a security vulnerability, which stems from the inclusion of host name information in application logs and certain URLs, potentially leading to the disclosure of sensitive information...

PT-2026-24186

An unauthenticated remote attacker who tricks a user to upload a manipulated HTML file can get access to sensitive information on the device. This is a result of incorrect permission assignment for the web server...

PT-2026-24267

Уязвимость программного обеспечения Azure IoT Explorer связана с передачей критичной информации открытым текстом. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, раскрыть защищаемую информацию...

KLA90927 OSI vulnerability in Microsoft Apps

An information disclosure vulnerability was found in Microsoft Apps. Malicious users can exploit this vulnerability to obtain sensitive information, bypass security restrictions. Original advisories CVE-2026-26123 Exploitation CVE list CVE-2026-26123 high Solution Install necessary updates from t...

CVE-2025-56421

SQL Injection vulnerability in LimeSurvey before v.6.15.4+250710 allows a remote attacker to obtain sensitive information from the database...

Siemens SINEC Security Monitor 安全漏洞

SINEC Security Monitor is a modular network security software for passive, non-intrusive, continuous network security monitoring during production at customer premises. Siemens SINEC Security Monitor suffers from an information disclosure vulnerability that can be exploited by attackers to obtain...

CVE-2026-30916

...

CVE-2026-30916

CVE-2026-30916 relates to the Shescape JavaScript library. Prior to version 2.1.9, an attacker could bypass shell escaping when the configured shell pointed to a file that is a chain of symlinks, potentially exposing sensitive information depending on the shell used. A fix is available in 2.1.9. ...

EUVD-2026-10424

Shescape is a simple shell escape library for JavaScript. Prior to 2.1.9, an attacker may be able to bypass escaping for the shell being used. This can result, for example, in exposure of sensitive information. This impacts users of Shescape that configure their shell to point to a file on disk...

CVE-2025-70040

An issue pertaining to CWE-532: Insertion of Sensitive Information into Log File was discovered in LupinLin1 jimeng-web-mcp v2.1.2. This allows an attacker to obtain sensitive information...

PYSEC-2026-84

An issue pertaining to CWE-312: Cleartext Storage of Sensitive Information was discovered in lesspass lesspass v9.6.9 which allows attackers to obtain sensitive information...

CVE-2025-70048

An issue pertaining to CWE-319: Cleartext Transmission of Sensitive Information was discovered in Nexusoft NexusInterface v3.2.0-beta.2...