CVE-2026-3058

The Seraphinite Accelerator plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.28.14 via the seraphaccelapi AJAX action with fn=GetData. This is due to the OnAdminApiGetData function not performing any capability checks. This makes it...

WordPress WP Booking System plugin <= 2.0.19.12 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by benzdeus in WordPress Plugin WP Booking System versions = 2.0.19.12...

Craft CMS 安全漏洞

Craft CMS is an open-source content management system developed by Craft CMS. Versions prior to Craft CMS 4.17.0-beta.1 and 5.9.0-beta.1 contained security vulnerabilities. These vulnerabilities stemmed from a lack of authorization checks in GraphQL directives like @parseRefs, which could allow...

Lack of TLS certificate validation when connecting Arc to a Guardian or CMC, in Arc before v2.2.0

Summary The server certificate was not verified when an Arc agent connected to a Guardian or CMC. Impact A malicious actor could perform a man-in-the-middle attack and intercept the communication between the Arc agent and the Guardian or CMC. This could result in theft of the client token and...

PT-2026-22959

NCrypted Jobgator contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the experience parameter. Attackers can send POST requests to the agents Find-Jobs endpoint with malicious experience values to extract...

CVE-2025-14480

IBM Aspera faspio Gateway 1.3.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information...

EUVD-2025-208263

IBM Aspera faspio Gateway 1.3.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information...

CVE-2026-1265

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to writing of sensitive Information in a log file...

CVE-2025-13616

IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 returns sensitive information in an HTTP response that could be used in further attacks against the system...

Directory Traversal

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Directory Traversal via stageSandboxMedia when iMessage remote attachment fetching is enabled and the attacker can inject or tamper with attachment path metadata. An attacker can access...

EUVD-2025-208250

IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 returns sensitive information in an HTTP response that could be used in further attacks against the system...

CVE-2025-36364 IBM DevOps Plan REST APIs are vulnerable to exposure of sensitive data through request query parameters.

IBM DevOps Plan 3.0.0 through 3.0.5 allows web page cache to be stored locally which can be read by another user on the system...

CVE-2026-1265

IBM InfoSphere Information Server versions 11.7.0.0–11.7.1.6 are affected by CVE-2026-1265 due to sensitive information written to a log file (CWE-532). The IBM security bulletin (DT457493) and related postings confirm the vulnerability and provide remediation: upgrade to 11.7.1.0 or apply the se...

CVE-2026-1265

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to writing of sensitive Information in a log file...

CVE-2026-1265 IBM InfoSphere Information Server is vulnerable due to sensitive information written to a log file

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to writing of sensitive Information in a log file...

CVE-2026-1265 IBM InfoSphere Information Server is vulnerable due to sensitive information written to a log file

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to writing of sensitive Information in a log file...

EUVD-2025-208224

Cleartext Storage of Sensitive Information CWE-312 in the Command Centre Mobile Client on Android and iOS could allow an attacker with access to a logged-in Operator's mobile device to extract the session token and exploit access for a limited duration. This issue affects Command Centre Mobile...

PT-2026-22795

IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 returns sensitive information in an HTTP response that could be used in further attacks against the system...

EUVD-2024-55462

Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to contain a hardcoded encryption key which could allow attackers to access sensitive information...

Trend Micro Apex Central Manual Update Server-Side Request Forgery Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Trend Micro Apex Central. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of URLs in the Manual Update feature. By providing a crafted...