CVE-2026-25389

CVE-2026-25389 affects WordPress EventPrime (EventPrime: Metagauss) and is a Sensitive Data Exposure vulnerability. The issue allows retrieval of embedded sensitive data by an unauthenticated actor and affects EventPrime versions from n/a up to and including 4.2.8.3; the entry indicates it is pat...

CVE-2026-25325 WordPress rtMedia for WordPress, BuddyPress and bbPress plugin <= 4.7.8 - Sensitive Data Exposure vulnerability

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in rtCamp rtMedia for WordPress, BuddyPress and bbPress buddypress-media allows Retrieve Embedded Sensitive Data.This issue affects rtMedia for WordPress, BuddyPress and bbPress: from n/a through = 4.7.8...

CVE-2026-25325

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in rtCamp rtMedia for WordPress, BuddyPress and bbPress buddypress-media allows Retrieve Embedded Sensitive Data.This issue affects rtMedia for WordPress, BuddyPress and bbPress: from n/a through = 4.7.8...

CVE-2026-25325

CVE-2026-25325 affects the WordPress rtMedia ecosystem: rtMedia for WordPress, BuddyPress and bbPress (buddypress-media) plugin versions up to and including 4.7.8 expose sensitive system information to an unauthorized control sphere, enabling retrieval of embedded sensitive data. The issue is roo...

CVE-2026-25325 WordPress rtMedia for WordPress, BuddyPress and bbPress plugin <= 4.7.8 - Sensitive Data Exposure vulnerability

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in rtCamp rtMedia for WordPress, BuddyPress and bbPress buddypress-media allows Retrieve Embedded Sensitive Data.This issue affects rtMedia for WordPress, BuddyPress and bbPress: from n/a through = 4.7.8...

CVE-2026-25008 WordPress Ninja Tables plugin <= 5.2.5 - Sensitive Data Exposure vulnerability

Insertion of Sensitive Information Into Sent Data vulnerability in Shahjahan Jewel Ninja Tables ninja-tables allows Retrieve Embedded Sensitive Data.This issue affects Ninja Tables: from n/a through = 5.2.5...

CVE-2026-25008

Insertion of Sensitive Information Into Sent Data vulnerability in Shahjahan Jewel Ninja Tables ninja-tables allows Retrieve Embedded Sensitive Data.This issue affects Ninja Tables: from n/a through = 5.2.5...

CVE-2026-25008

The CVE-2026-25008 entry concerns WordPress Ninja Tables (ninja-tables) versions up to and including 5.2.5. The issue is described as an Insertion of Sensitive Information Into Sent Data vulnerability that enables retrieval of embedded sensitive data from Ninja Tables. All connected sources consi...

CVE-2026-25008 WordPress Ninja Tables plugin <= 5.2.5 - Sensitive Data Exposure vulnerability

Insertion of Sensitive Information Into Sent Data vulnerability in Shahjahan Jewel Ninja Tables ninja-tables allows Retrieve Embedded Sensitive Data.This issue affects Ninja Tables: from n/a through = 5.2.5...

CVE-2025-13113 Web Accessibility by accessiBe <= 2.11 - Unauthenticated Sensitive Information Exposure

The Web Accessibility by accessiBe plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.11. This is due to the accessiberenderjsinfooter function logging the complete plugin options array to the browser console on public pages, without...

CVE-2025-13113 Web Accessibility by accessiBe <= 2.11 - Unauthenticated Sensitive Information Exposure

The Web Accessibility by accessiBe plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.11. This is due to the accessiberenderjsinfooter function logging the complete plugin options array to the browser console on public pages, without...

CVE-2025-13113

CVE-2025-13113 concerns the WordPress plugin “Web Accessibility by accessiBe.” The issue is an unauthenticated sensitive information exposure caused by the function accessibe_render_js_in_footer() logging the full plugin options array to the browser console on public pages. This output is not res...

CVE-2025-27900

IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a...

CVE-2025-27903

IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 IBM Db2 Recovery Expert for Linux, UNIX and Windows transmits data in a cleartext communication channel that could allow an attacker to obtain sensitive information using man in the middle techniques...

CVE-2026-23597

Vulnerabilities in the API error handling of an HPE Aruba Networking 5G Core server API could allow an unauthenticated remote attacker to obtain sensitive information. Successful exploitation could allow an attacker to access details such as user accounts, roles, and system configuration, as well...

CVE-2025-13689

IBM DataStage on Cloud Pak for Data could allow an authenticated user to execute arbitrary commands and gain access to sensitive information due to unrestricted file uploads...

CVE-2026-23595

An authentication bypass in the application API allows an unauthorized administrative account to be created. A remote attacker could exploit this vulnerability to create privileged user accounts. Successful exploitation could allow an attacker to gain administrative access, modify system...

PT-2026-20678

Insertion of Sensitive Information Into Sent Data vulnerability in Shahjahan Jewel Ninja Tables ninja-tables allows Retrieve Embedded Sensitive Data.This issue affects Ninja Tables: from n/a through = 5.2.5...

PT-2026-20866

Name of the Vulnerable Software and Affected Versions Product Table and List Builder for WooCommerce Lite versions prior to 4.6.3 Description The Product Table and List Builder for WooCommerce Lite plugin for WordPress is susceptible to time-based SQL Injection. This is due to inadequate escaping...

PT-2026-20798

An unauthenticated attacker can inject OS commands when calling a server API endpoint in NesterSoft WorkTime. The server API call to generate and download the WorkTime client from the WorkTime server is vulnerable in the “guid” parameter. This allows an attacker to execute arbitrary commands on t...