28054 matches found
CVE-2026-24319
In SAP Business One, sensitive information is written to memory dump files without obfuscation, exposing confidential and integrity-related data. This CVE (CVE-2026-24319) is a local-attack with high privileges required and user interaction, affecting confidentiality and integrity (no availabilit...
OpenClaw Information Disclosure Vulnerability
OpenClaw is openclaw open source an intelligent artificial assistant. OpenClaw has an information disclosure vulnerability that stems from the isValidMedia function allowing arbitrary file paths, which can be exploited by an attacker to cause the reading of arbitrary files and the disclosure of...
SAP Commerce Cloud 安全漏洞
SAP Commerce Cloud is a cloud-based e-commerce platform developed by SAP, a German company. This platform supports sales management, marketing management, order management, and operations management. There is a security vulnerability in SAP Commerce Cloud, which stems from exposing multiple API...
Apache Syncope Code Issue Vulnerability
Apache Syncope is the United States Apache Apache Foundation's set of open source digital identity management system for use in enterprise environments. The system supports identity management, role configuration and more. Apache Syncope there is a code problem vulnerability , the vulnerability...
PT-2026-7218
In SAP Business One, sensitive information is written to the application�s memory dump files without obfuscation. Gaining access to this information could potentially lead to unauthorized operations within the B1 environment, including modification of company data. This issue results in a high...
PT-2026-7221
Name of the Vulnerable Software and Affected Versions SAP Solution Tools Plug-In affected versions not specified Description The SAP Solution Tools Plug-In ST-PI includes a function module lacking proper authorization checks for authenticated users, potentially leading to the disclosure of...
PT-2026-7414
Name of the Vulnerable Software and Affected Versions Azure Compute Gallery affected versions not specified Description An authorized attacker may be able to disclose sensitive information over a network due to the cleartext storage of that information within Azure Compute Gallery. Approximately...
PT-2026-7362
Exposure of sensitive information to an unauthorized actor in Microsoft Office Outlook allows an unauthorized attacker to perform spoofing over a network...
Microsoft Outlook 信息泄露漏洞
Microsoft Outlook is a suite of e-mail applications from the American company Microsoft. An information disclosure vulnerability exists in Microsoft Outlook. The vulnerability stems from the application's inadequate protection of sensitive information and can be exploited by an attacker to conduc...
Microsoft Excel 缓冲区错误漏洞
Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft USA. A buffer overflow vulnerability exists in Microsoft Excel. The vulnerability stems from the program's failure to properly validate the length and size of input data, which can be exploited by an attacker ...
SAP Business One 安全漏洞
SAP Business One is a business management software developed by the German company SAP. This software includes functions such as financial management, operational management, and human resource management. There is a security vulnerability in SAP Business One, which stems from sensitive informati...
WordPress PopupKit plugin <= 2.2.0 - Missing Authorization to Sensitive Information Disclosure and Data Deletion vulnerability
Missing Authorization to Sensitive Information Disclosure and Data Deletion vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin PopupKit versions = 2.2.0...
CVE-2026-25813
PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, The application logs highly sensitive data directly to console output without masking or redaction...
CVE-2026-25918
unity-cli is a command line utility for the Unity Game Engine. Prior to 1.8.2 , the sign-package command in @rage-against-the-pixel/unity-cli logs sensitive credentials in plaintext when the --verbose flag is used. Command-line arguments including --email and --password are output via...
CVE-2026-25918
The CVE concerns the unity-cli tool (specifically the sign-package command in the package @rage-against-the-pixel/unity-cli). Before version 1.8.2, when invoked with --verbose, the command logs sensitive credentials in plaintext by serializing CLI arguments (including --email and --password) with...
CVE-2026-25813 PlaciPy Exposes Sensitive Data via Application Logs
PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, The application logs highly sensitive data directly to console output without masking or redaction...
CVE-2026-25813
PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, The application logs highly sensitive data directly to console output without masking or redaction...
CVE-2026-25813 PlaciPy Exposes Sensitive Data via Application Logs
PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, The application logs highly sensitive data directly to console output without masking or redaction...
CVE-2026-25813
PlaciPy (educational placement system) – Affects version 1.0.0, where sensitive data is logged to console output unmasked. Root cause: logging of highly sensitive data without redaction. Impact: potential exposure of confidential information via console/log streams, with CVSS 4.0/AV:N/AC:L/PR:N/U...
CVE-2026-25813 PlaciPy Exposes Sensitive Data via Application Logs
PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, The application logs highly sensitive data directly to console output without masking or redaction...