28055 matches found
Fanwei e-cology - SQL Injection
Fanwei e-cology 8.0 contains a sql injection caused by unsanitized user input in the sql parameter of getdata.jsp, letting unauthenticated attackers execute arbitrary SQL queries and access sensitive data. id: CVE-2025-34038 info: name: Fanwei e-cology - SQL Injection author: ritikchaddha severit...
EUVD-2026-5391
Improper handling of insufficient permission in Galaxy Wearable installed on non-Samsung Device prior to version 2.2.68 allows local attackers to access sensitive information...
CVE-2026-20984
Improper handling of insufficient permission in Galaxy Wearable installed on non-Samsung Device prior to version 2.2.68 allows local attackers to access sensitive information...
CVE-2025-36253
IBM Concert 1.0.0 through 2.1.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information...
F5 BIG-IP Edge Client 信息泄露漏洞
F5 BIG-IP Edge Client is a security remote access client software developed by F5 Corporation in the United States. The F5 BIG-IP Edge Client has a vulnerability related to information leakage, which may allow attackers to access sensitive data...
PT-2026-6085
Name of the Vulnerable Software and Affected Versions BIG-IP Edge Client and browser VPN clients on Windows affected versions not specified Description A security issue exists in BIG-IP Edge Client and browser VPN clients on Windows that could allow attackers to access sensitive information...
CVE-2025-69618
An arbitrary file overwrite vulnerability in the file import process of Tarot, Astro & Healing v11.4.0 allows attackers to overwrite critical internal files, potentially leading to arbitrary code execution or exposure of sensitive information...
OpenClaw 信息泄露漏洞
OpenClaw is openclaw open source an intelligent artificial assistant. OpenClaw has an information disclosure vulnerability that stems from the isValidMedia function allowing arbitrary file paths, which can be exploited by an attacker to cause the reading of arbitrary files and the disclosure of...
PT-2026-5894
Name of the Vulnerable Software and Affected Versions IBM Jazz Reporting Service affected versions not specified Description An authenticated user on the host network may be able to obtain sensitive information about other projects residing on the server. Recommendations At the moment, there is n...
PT-2026-5887
Name of the Vulnerable Software and Affected Versions Chapa Payment Gateway Plugin for WooCommerce versions up to and including 1.0.3 Description The Chapa Payment Gateway Plugin for WooCommerce plugin for WordPress is susceptible to sensitive information disclosure. An unauthenticated attacker c...
CVE-2025-33081
IBM Concert 1.0.0 through 2.1.0 stores potentially sensitive information in log files that could be read by a local user...
CVE-2025-33081 Multiple Vulnerabilities in IBM Concert Software.
IBM Concert 1.0.0 through 2.1.0 stores potentially sensitive information in log files that could be read by a local user...
CVE-2025-33081 Multiple Vulnerabilities in IBM Concert Software.
IBM Concert 1.0.0 through 2.1.0 stores potentially sensitive information in log files that could be read by a local user...
CVE-2026-24427
CVE-2026-24427 affects Shenzhen Tenda AC7 devices with firmware up to V03.03.03.01_cn. The web management responses expose administrative credentials (router/admin passwords) in plaintext within configuration responses, and lack Cache-Control headers, enabling caching and potential exposure if an...
CVE-2020-37115
GUnet OpenEclass 1.7.3 stores user credentials in plaintext, allowing administrators to view all registered users' usernames and passwords without encryption. This vulnerability exposes sensitive information and increases the risk of credential theft and unauthorized access...
CVE-2026-24762 RustFS Logs Sensitive Credentials in Plaintext
RustFS is a distributed object storage system built in Rust. From versions alpha.13 to alpha.81, RustFS logs sensitive credential material access key, secret key, session token to application logs at INFO level. This results in credentials being recorded in plaintext in log output, which may be...
CVE-2026-24998
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPMU DEV - Your All-in-One WordPress Platform Hustle wordpress-popup allows Retrieve Embedded Sensitive Data.This issue affects Hustle: from n/a through = 7.8.9.2...
CVE-2026-24992
Insertion of Sensitive Information Into Sent Data vulnerability in WPFactory Advanced WooCommerce Product Sales Reporting webd-woocommerce-advanced-reporting-statistics allows Retrieve Embedded Sensitive Data.This issue affects Advanced WooCommerce Product Sales Reporting: from n/a through = 4.1....
EUVD-2026-5260
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in mdedev Run Contests, Raffles, and Giveaways with ContestsWP contest-code-checker allows Retrieve Embedded Sensitive Data.This issue affects Run Contests, Raffles, and Giveaways with ContestsWP: from n/a...
CVE-2026-25023
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in mdedev Run Contests, Raffles, and Giveaways with ContestsWP contest-code-checker allows Retrieve Embedded Sensitive Data.This issue affects Run Contests, Raffles, and Giveaways with ContestsWP: from n/a...