CVE-2026-27900

CVE-2026-27900 affects the Terraform Provider for Linode. Affected: versions prior to 3.9.0. Root cause: debug logs can expose sensitive data (passwords, StackScript content, object storage data) when debug/provider logging is explicitly enabled. The issue only occurs if debug logging is turned o...

CVE-2026-27900

The Terraform Provider for Linode versions prior to v3.9.0 logged sensitive information including some passwords, StackScript content, and object storage data in debug logs without redaction. Provider debug logging is not enabled by default. This issue is exposed when debug/provider logs are...

CVE-2026-27900 Terraform Provider Debug Logs Vulnerable to Sensitive Information Exposure

The Terraform Provider for Linode versions prior to v3.9.0 logged sensitive information including some passwords, StackScript content, and object storage data in debug logs without redaction. Provider debug logging is not enabled by default. This issue is exposed when debug/provider logs are...

PT-2026-22133

Insertion of Sensitive Information Into Sent Data vulnerability in WPVibes Elementor Addon Elements addon-elements-for-elementor-page-builder allows Retrieve Embedded Sensitive Data.This issue affects Elementor Addon Elements: from n/a through = 1.14.4...

WordPress plugin Elementor Addon Elements 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application plugin. There is a...

Docker Desktop < 4.43.0 Information Disclosure

The version of Docker Desktop is prior to 4.43.0. It is therefore affected by an information disclosure vulnerability. - System environment variables are recorded in Docker Desktop diagnostic logs, when using shell auto-completion. This leads to unintentional disclosure of sensitive information...

PT-2026-22075

Name of the Vulnerable Software and Affected Versions Terraform Provider for Linode versions prior to 3.9.0 Description The Terraform Provider for Linode logged sensitive information, including passwords, StackScript content, and object storage data, in debug logs without redaction. This issue is...

CVE-2026-3172

Buffer overflow in parallel HNSW index build in pgvector 0.6.0 through 0.8.1 allows a database user to leak sensitive data from other relations or crash the database server...

EUVD-2026-8678

A vulnerability in Cisco Catalyst SD-WAN Manager could allow an unauthenticated, remote attacker to view sensitive information on an affected system. This vulnerability is due to insufficient file system access restrictions. An attacker could exploit this vulnerability by accessing the API of an...

CVE-2026-20133

A vulnerability in Cisco Catalyst SD-WAN Software could allow an unauthenticated, remote attacker to view sensitive information on an affected system. This vulnerability is due to insufficient file system restrictions. An authenticated attacker with netadmin privileges could exploit this...

Manual Processes Are Putting National Security at Risk

Why automating sensitive data transfers is now a mission-critical priority More than half of national security organizations still rely on manual processes to transfer sensitive data, according to The CYBER360: Defending the Digital Battlespace report. This should alarm every defense and governme...

CVE-2025-14742

CVE-2025-14742 : The WP Recipe Maker plugin for WordPress is vulnerable to unauthorized data access due to a missing capability check on the ajax_search_recipes and ajax_get_recipe functions in all versions up to and including 10.2.3. This allows authenticated attackers with Subscriber-level acce...

Directory Traversal

Overview org.webjars.npm:rollup is a Next-generation ES module bundler Affected versions of this package are vulnerable to Directory Traversal in the Bundle class in bundle.ts, which handles file name sanitization in the core engine. An attacker can overwrite arbitrary files on the host filesyste...

MAL-2026-1233 Malicious code in projectrtert (npm)

Package collects and exfiltrates sensitive system data to Oastify URLs. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d7b127b8509d4b1ad251567a872811e8a8f4441791c7edadb916c6214be26768 The package projectrtert was found to contain malicious code. Source:...

Malicious code in projectrtert (npm)

Package collects and exfiltrates sensitive system data to Oastify URLs. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d7b127b8509d4b1ad251567a872811e8a8f4441791c7edadb916c6214be26768 The package projectrtert was found to contain malicious code. Source:...

CVE-2026-27640 tfplan2md has Sensitive Value Exposure in Generated Reports

tfplan2md is software for converting Terraform plan JSON files into human-readable Markdown reports. Prior to version 1.26.1, a bug in tfplan2md affected several distinct rendering paths: AzApi resource body properties, AzureDevOps variable groups, Scriban template context variables, and...

CVE-2026-25124 OpenEMR has Broken Access Control in Report/Clients/Message List CSV Export

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the OpenEMR application is vulnerable to an access control flaw that allows low-privileged users, such as receptionists, to export the entire message list containing...

CVE-2026-25124

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the OpenEMR application is vulnerable to an access control flaw that allows low-privileged users, such as receptionists, to export the entire message list containing...

CVE-2026-25124 OpenEMR has Broken Access Control in Report/Clients/Message List CSV Export

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the OpenEMR application is vulnerable to an access control flaw that allows low-privileged users, such as receptionists, to export the entire message list containing...

CVE-2026-25124

CVE-2026-25124 : OpenEMR prior to version 8.0.0 contains an access control flaw in the message_list.php report export functionality. There is no permission check before executing sensitive database queries; only CSRF token verification exists, which does not prevent unauthorized data access if a ...