CVE-2025-70949

Summary: CVE-2025-70949 affects @perfood/couch-auth v0.26.0. The vulnerability is an observable timing discrepancy that creates a timing side-channel, potentially allowing an attacker to access sensitive information during authentication. The available documents do not disclose a fixed version; r...

CVE-2025-70949

An observable timing discrepancy in @perfood/couch-auth v0.26.0 allows attackers to access sensitive information via a timing side-channel...

PT-2026-23578

Name of the Vulnerable Software and Affected Versions Acronis Cyber Protect 17 versions prior to build 41186 Acronis Cyber Protect Cloud Agent versions prior to build 41124 Description The software contains a flaw related to insufficient authorization checks, potentially leading to sensitive...

PT-2026-23481

Name of the Vulnerable Software and Affected Versions Nginx UI versions prior to 2.3.3 Description Nginx UI is a web user interface for the Nginx web server. A critical flaw exists where the '/api/backup' endpoint is accessible without authentication. When this endpoint is accessed, the server...

PT-2026-23451

Use of a Broken or Risky Cryptographic Algorithm vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android, WebClient Config import, URI scheme handler, CLI --config modules allows Retrieve Embedded Sensitive Data. This vulnerability is associated wit...

PT-2026-23512

Name of the Vulnerable Software and Affected Versions @perfood/couch-auth version 0.26.0 Description A timing discrepancy exists in @perfood/couch-auth version 0.26.0 that could allow attackers to access sensitive information through a timing side-channel. Recommendations At the moment, there is ...

PT-2026-23265

Insertion of Sensitive Information Into Sent Data vulnerability in Joe Dolson My Tickets my-tickets allows Retrieve Embedded Sensitive Data.This issue affects My Tickets: from n/a through = 2.1.0...

PT-2026-23588

Name of the Vulnerable Software and Affected Versions Acronis Cyber Protect 17 versions prior to build 41186 Description The software exhibits unnecessary transmission of sensitive cryptographic material. There is no information about the number of potentially affected devices worldwide or any...

CouchAuth 安全漏洞

CouchAuth is an authentication API developed by Perfood. Version 0.26.0 of CouchAuth contains a security vulnerability. This vulnerability stems from observable time differences, which may allow access to sensitive information through timing side channels...

EUVD-2019-19727

Simple Job Script contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting malicious SQL code through the appid parameter. Attackers can send POST requests to deleteapplicationajax.php with crafted payloads to extract sensitive data, bypass...

Insertion of Sensitive Information into Log File

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File in the logging process. An attacker can obtain sensitive S3 access credentials by accessing the pod's logs. Remediation Upgrade github.com/rancher/backup-restore-operator/pkg/objectstore ...

CVE-2026-0847 Path Traversal in nltk/nltk

A vulnerability in NLTK versions up to and including 3.9.2 allows arbitrary file read via path traversal in multiple CorpusReader classes, including WordListCorpusReader, TaggedCorpusReader, and BracketParseCorpusReader. These classes fail to properly sanitize or validate file paths, enabling...

CVE-2019-25504

NCrypted Jobgator contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the experience parameter. Attackers can send POST requests to the agents Find-Jobs endpoint with malicious experience values to extract...

CVE-2019-25507 Ashop Shopping Cart Software Lastest SQL Injection via index.php

Ashop Shopping Cart Software contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'shop' parameter. Attackers can send GET requests to index.php with malicious 'shop' values using UNION-based SQL injection t...

CVE-2026-28696

Craft is a content management system CMS. Prior to 4.17.0-beta.1 and 5.9.0-beta.1, the GraphQL directive @parseRefs, intended to parse internal reference tags e.g., user:1:email, can be abused by both authenticated users and unauthenticated guests if a Public Schema is enabled to access sensitive...

EUVD-2026-9395

The Seraphinite Accelerator plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.28.14 via the seraphaccelapi AJAX action with fn=GetData. This is due to the OnAdminApiGetData function not performing any capability checks. This makes it...

CVE-2026-3058

The Seraphinite Accelerator plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.28.14 via the seraphaccelapi AJAX action with fn=GetData. This is due to the OnAdminApiGetData function not performing any capability checks. This makes it...

CVE-2026-3058

CVE-2026-3058 involves the WordPress plugin Seraphinite Accelerator. The vulnerability is classified as a Sensitive Information Exposure issue in all versions up to and including 2.28.14, exploitable via the seraph_accel_api AJAX action with fn=GetData. The OnAdminApi_GetData() function does not ...

CVE-2026-3058 Seraphinite Accelerator <= 2.28.14 - Authenticated (Subscriber+) Exposure of Sensitive Information to an Unauthorized Actor

The Seraphinite Accelerator plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.28.14 via the seraphaccelapi AJAX action with fn=GetData. This is due to the OnAdminApiGetData function not performing any capability checks. This makes it...

CVE-2026-3058

The Seraphinite Accelerator plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.28.14 via the seraphaccelapi AJAX action with fn=GetData. This is due to the OnAdminApiGetData function not performing any capability checks. This makes it...