28053 matches found
CVE-2026-20627
An issue existed in the handling of environment variables. This issue was addressed with improved validation. This issue is fixed in watchOS 26.3, macOS Tahoe 26.3, macOS Sonoma 14.8.4, visionOS 26.3, iOS 26.3 and iPadOS 26.3. An app may be able to access sensitive user data...
CVE-2026-20627
An issue existed in the handling of environment variables. This issue was addressed with improved validation. This issue is fixed in iOS 26.3 and iPadOS 26.3, macOS Sonoma 14.8.4, macOS Tahoe 26.3, visionOS 26.3, watchOS 26.3. An app may be able to access sensitive user data...
CVE-2026-20647
This issue was addressed with improved data protection. This issue is fixed in macOS Tahoe 26.3. An app may be able to access sensitive user data...
Authorization Bypass Through User-Controlled Key
Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the /api/users endpoint. An attacker can access sensitive information by sending a specially crafted request. Remediation There is no fixed version for...
CVE-2024-26480
An issue in Statping-ng v.0.91.0 allows an attacker to obtain sensitive information via a crafted request to the admin parameter...
CVE-2026-21222
Insertion of sensitive information into log file in Windows Kernel allows an authorized attacker to disclose information locally...
CVE-2026-21314
Audition versions 25.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive information stored in memory. Exploitation of this issue requires user interaction in that a victim must...
CVE-2026-23655
Cleartext storage of sensitive information in Azure Compute Gallery allows an authorized attacker to disclose information over a network...
CVE-2025-70084
Directory traversal vulnerability in OpenSatKit 2.2.1 allows attackers to gain access to sensitive information or delete arbitrary files via crafted value to the FileUtilGetFileInfo function...
CVE-2025-12059
Insertion of Sensitive Information into Externally-Accessible File or Directory vulnerability in Logo Software Industry and Trade Inc. Logo j-Platform allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Logo j-Platform: from 3.29.6.4 before 3.34.8.9...
CVE-2026-2249
METIS DFS devices versions = oscore 2.1.234-r18 expose a web-based shell at the /console endpoint that does not require authentication. Accessing this endpoint allows a remote attacker to execute arbitrary operating system commands with 'daemon' privileges. This results in the compromise of the...
CVE-2025-12059
CVE-2025-12059 concerns Logo j-Platform by Logo Software Industry and Trade Inc. The issue is a vulnerability in which insertion of sensitive information into externally-accessible files or directories is possible due to incorrectly configured access control security levels. Affected software: Lo...
CVE-2025-12059
Insertion of Sensitive Information into Externally-Accessible File or Directory vulnerability in Logo Software Industry and Trade Inc. Logo j-Platform allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Logo j-Platform: from 3.29.6.4 before 3.34.8.9...
CVE-2025-12059 Improper Access Control in Logo Software's Logo j-Platform
Insertion of Sensitive Information into Externally-Accessible File or Directory vulnerability in Logo Software Industry and Trade Inc. Logo j-Platform allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Logo j-Platform: from 3.29.6.4 before 3.34.8.9...
CVE-2025-12059 Improper Access Control in Logo Software's Logo j-Platform
Insertion of Sensitive Information into Externally-Accessible File or Directory vulnerability in Logo Software Industry and Trade Inc. Logo j-Platform allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Logo j-Platform: from 3.29.6.4 before 3.34.8.9...
CVE-2026-0910
wpForo Forum plugin for WordPress (versions up to 2.4.13) is vulnerable to PHP Object Injection via deserialization in wpforo_display_array_data. Exploitation requires an authenticated user with Subscriber-level access or higher. A POP chain must be present in another plugin or theme for practica...
CVE-2025-57713
A weak authentication vulnerability has been reported to affect File Station 5. The remote attackers can then exploit the vulnerability to gain sensitive information. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5166 and later...
CVE-2025-57713 File Station 5
A weak authentication vulnerability has been reported to affect File Station 5. The remote attackers can then exploit the vulnerability to gain sensitive information. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5166 and later...
CVE-2025-57713
CVE-2025-57713 concerns QNAP File Station 5. The weakness is a weak authentication mechanism that could allow remote attackers to obtain sensitive information. Disclosed across multiple sources, with a fix released in File Station 5 5.5.6.5166 and later; affected versions prior to this may be vul...
CVE-2025-10174
Cleartext Transmission of Sensitive Information vulnerability in Pan Software & Information Technologies Ltd. PanCafe Pro allows Flooding. This issue affects PanCafe Pro: from 3.3.2 through 23092025...