CVE-2018-25188 Webiness Inventory 2.3 SQL Injection via WsModelGrid.php

Webiness Inventory 2.3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the order parameter. Attackers can send POST requests to the WsModelGrid.php endpoint with crafted SQL payloads to extract...

CVE-2025-68515

Insertion of Sensitive Information Into Sent Data vulnerability in Roland Murg WP Booking System wp-booking-system allows Retrieve Embedded Sensitive Data.This issue affects WP Booking System: from n/a through = 2.0.19.12...

CVE-2026-23546

Insertion of Sensitive Information Into Sent Data vulnerability in RadiusTheme Classified Listing classified-listing allows Retrieve Embedded Sensitive Data.This issue affects Classified Listing: from n/a through = 5.3.4...

CVE-2026-27370

Insertion of Sensitive Information Into Sent Data vulnerability in Premio Chaty chaty allows Retrieve Embedded Sensitive Data.This issue affects Chaty: from n/a through = 3.5.1...

CVE-2026-27406

Insertion of Sensitive Information Into Sent Data vulnerability in Joe Dolson My Tickets my-tickets allows Retrieve Embedded Sensitive Data.This issue affects My Tickets: from n/a through = 2.1.0...

CVE-2025-70949

An observable timing discrepancy in @perfood/couch-auth v0.26.0 allows attackers to access sensitive information via a timing side-channel...

EUVD-2025-208331

Sensitive information disclosure and manipulation due to insufficient authorization checks. The following products are affected: Acronis Cyber Protect 17 Linux, macOS, Windows before build 41186, Acronis Cyber Protect Cloud Agent Linux, macOS, Windows before build 41124...

CVE-2026-2589

The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 12.8.3 via the automated Settings Backup stored in a publicly accessible file. This makes it possible for unauthenticated attackers to...

CVE-2026-28725

Sensitive information disclosure due to improper configuration of a headless browser. The following products are affected: Acronis Cyber Protect 17 Linux, Windows before build 41186...

CVE-2026-28715

Sensitive information disclosure due to improper authorization checks. The following products are affected: Acronis Cyber Protect 17 Linux, Windows before build 41186...

CVE-2026-28714

Unnecessary transmission of sensitive cryptographic material. The following products are affected: Acronis Cyber Protect 17 Linux, Windows before build 41186...

CVE-2026-28710

Sensitive information disclosure and manipulation due to improper authentication. The following products are affected: Acronis Cyber Protect 17 Linux, Windows before build 41186...

IBM Cloud Pak System Information Disclosure Vulnerability (CNVD-2026-13784)

IBM Cloud Pak System is a full-stack, converged infrastructure with configurable, pre-integrated software from International Business Machines IBM. The product supports deploying, managing and moving application environments across hybrid clouds. An information disclosure vulnerability exists in...

PT-2026-23692

Maitra 1.7.2 contains an sql injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the mailid parameter in outmail and inmail modules. Attackers can also download the SQLite database file directly from the application...

Rmedia SMS SQL注入漏洞

Rmedia SMS is a SMS gateway system developed by Ananditwiz. Version 1.0 of Rmedia SMS has a SQL injection vulnerability. This vulnerability stems from the gid parameter in the editgrp.php file, which allows for SQL injections, potentially leading to the extraction of database schemas and sensitiv...

Acronis Cyber Protect 安全漏洞

Acronis Cyber Protect is an enterprise-oriented network protection solution developed by the Swiss company Acronis. It combines features such as backup, anti-malware, network security, and endpoint management e.g., vulnerability assessment, URL filtering, patch management, etc.. Previous versions...

Acronis Cyber Protect 安全漏洞

Acronis Cyber Protect is an enterprise-oriented integrated network protection solution from the Swiss company Acronis. It combines features such as backup, anti-malware, network security, and endpoint management—including vulnerability assessment, URL filtering, patch management, etc. Acronis Cyb...

Plane 访问控制错误漏洞

Plane is an open-source, self-hosted project planning tool developed by Plane OpenSource. Versions of Plane prior to 1.2.2 contained a access control vulnerability, which stemmed from incorrect configuration of the Django REST Framework’s permission classes. This allowed anonymous access to...

PT-2026-23694

Silurus Classifieds Script 2.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the ID parameter. Attackers can send GET requests to wcategory.php with crafted SQL payloads in the ID parameter to...

Acronis Cyber Protect 安全漏洞

Acronis Cyber Protect is an enterprise-oriented network protection solution developed by the Swiss company Acronis. It combines features such as backup, anti-malware, network security, and endpoint management—including vulnerability assessment, URL filtering, patch management, etc. Versions of...