WordPress Chaty plugin <= 3.5.1 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by daroo in WordPress Plugin Chaty versions = 3.5.1...

PT-2026-21681

Name of the Vulnerable Software and Affected Versions Apache Superset versions prior to 6.0.0 Description A sensitive data exposure issue exists in Apache Superset that allows authenticated users to retrieve sensitive user information. The '/api/v1/tag' API endpoint, when enabled, improperly...

Devolutions Server 安全漏洞

Devolutions Server is an application system developed by the Canadian company Devolutions. It provides a fully functional solution for shared accounts and password management. Versions of Devolutions Server prior to 2025.3.14.0 contained security vulnerabilities. These vulnerabilities stemmed fro...

CVE-2026-3075

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Jeff Starr Simple Ajax Chat simple-ajax-chat allows Retrieve Embedded Sensitive Data.This issue affects Simple Ajax Chat: from n/a through = 20251121...

CVE-2026-3075 WordPress Simple Ajax Chat plugin <= 20251121 - Sensitive Data Exposure vulnerability

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Jeff Starr Simple Ajax Chat simple-ajax-chat allows Retrieve Embedded Sensitive Data.This issue affects Simple Ajax Chat: from n/a through = 20251121...

CVE-2026-3075 WordPress Simple Ajax Chat plugin <= 20251121 - Sensitive Data Exposure vulnerability

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Jeff Starr Simple Ajax Chat simple-ajax-chat allows Retrieve Embedded Sensitive Data.This issue affects Simple Ajax Chat: from n/a through = 20251121...

CVE-2026-3075

CVE-2026-3075 : WordPress plugin Simple Ajax Chat (simple-ajax-chat)

GO-2026-4524 Mattermost fails to sanitize sensitive data in WebSocket messages in github.com/mattermost/mattermost-server

Mattermost fails to sanitize sensitive data in WebSocket messages in github.com/mattermost/mattermost-server. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports fro...

Vulnerabilities fixed in Splunk Enterprise and Splunk Cloud Platform

Splunk has fixed vulnerabilities in Splunk Enterprise and Splunk Cloud Platform. The vulnerabilities are in several versions of Splunk Enterprise and Splunk Cloud Platform. They allow low-privileged users to bypass protections, view sensitive information, and abuse the REST API for user...

WordPress Classified Listing plugin <= 5.3.4 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by daroo in WordPress Plugin Classified Listing versions = 5.3.4...

WordPress My Tickets plugin <= 2.1.0 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by daroo in WordPress Plugin My Tickets versions = 2.1.0...

PT-2026-21561

Name of the Vulnerable Software and Affected Versions Jeff Starr Simple Ajax Chat versions prior to 20251122 Description A flaw exists in Jeff Starr Simple Ajax Chat that allows retrieval of embedded sensitive data, potentially exposing sensitive system information to an unauthorized control...

WordPress plugin Simple Ajax Chat 安全漏洞

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in the WordPress plugin Simple Ajax Chat. The...

PT-2026-21640

Name of the Vulnerable Software and Affected Versions Airflow versions prior to 2.11.1 Description The software contains a flaw that permits authenticated users possessing audit log access to view sensitive values within audit logs that they are not authorized to see. Specifically, when sensitive...

CVE-2019-25462

The CVE covers Web Ofisi Rent a Car v3, where an SQL injection flaw exists in the klima parameter. The vulnerability allows unauthenticated attackers to manipulate database queries via GET requests, potentially extracting sensitive data or causing denial of service. Root cause is improper handlin...

CVE-2019-25460

Web Ofisi Platinum E-Ticaret v5 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'q' GET parameter. Attackers can send requests to the arama endpoint with malicious 'q' values using time-based SQL...

CVE-2019-25440 WebIncorp ERP Every version SQL Injection via product_detail.php

WebIncorp ERP contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the prodid parameter. Attackers can send GET requests to productdetail.php with malicious prodid values to extract sensitive database informatio...

CVE-2019-25440

CVE-2019-25440 — WebIncorp ERP suffers an unauthenticated SQL injection via the prod_id parameter in product_detail.php, enabling attackers to manipulate queries and potentially extract sensitive data. The vulnerability is triggered by GET requests with malicious prod_id values. Public references...

CVE-2019-25452 Dolibarr ERP/CRM 10.0.1 SQL Injection via elemid

Dolibarr ERP/CRM 10.0.1 contains an SQL injection vulnerability in the elemid POST parameter of the viewcat.php endpoint that allows unauthenticated attackers to execute arbitrary SQL queries. Attackers can submit crafted POST requests with malicious SQL payloads in the elemid parameter to extrac...

Exploit for CVE-2025-69295

CVE-2025-69295 — TeconceTheme Coven Core Blind SQL Injection Vul...