Lucene search
K

28055 matches found

Positive Technologies
Positive Technologies
added 2026/02/03 12:0 a.m.4 views

PT-2026-6243

Name of the Vulnerable Software and Affected Versions Hustle versions through 7.8.9.2 Description A flaw exists in the wordpress-popup component of WPMU DEV - Your All-in-One WordPress Platform Hustle that allows the retrieval of embedded sensitive data. This could lead to an exposure of sensitiv...

5.3CVSS5.4AI score0.00197EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/02/03 12:0 a.m.8 views

WordPress plugin Advanced WooCommerce Product Sales Reporting 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

5.3CVSS5.8AI score0.00197EPSS
Exploits0References1
CNVD
CNVD
added 2026/02/03 12:0 a.m.4 views

UFIDA U8 Cloud suffers from SQL injection vulnerability (CNVD-C-2026-69425)

U8 Cloud is a new-generation cloud ERP Enterprise Resource Planning solution launched by UFIDA, mainly for growing and innovative enterprises, aiming to provide a comprehensive enterprise-level cloud ERP total solution. A SQL injection vulnerability exists in UFIDA U8 Cloud, which can be exploite...

5.8AI score
Exploits0
CNNVD
CNNVD
added 2026/02/03 12:0 a.m.9 views

GUnet OpenEclass 信息泄露漏洞

GUnet OpenEclass is a learning management system developed by the Greek company GUnet. Version 1.7.3 of GUnet OpenEclass contains a vulnerability related to information leakage. This vulnerability stems from improper access control and information exposure, potentially allowing unauthorized acces...

6.5CVSS5.8AI score0.00326EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/02/03 12:0 a.m.8 views

WordPress plugin Run Contests, Raffles, and Giveaways with ContestsWP 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

5.3CVSS5.8AI score0.00192EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/03 12:0 a.m.9 views

PT-2026-5895

Name of the Vulnerable Software and Affected Versions IBM Concert versions 1.0.0 through 2.1.0 Description IBM Concert versions 1.0.0 through 2.1.0 stores potentially sensitive information in log files. A local user could read this information. Recommendations Versions prior to 2.1.0 should be...

3.3CVSS5.3AI score0.00088EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/02/03 12:0 a.m.5 views

EndRun Technologies Sonoma OS Command Injection (CVE-2025-60962)

OS Command Injection vulnerability in EndRun Technologies Sonoma D12 Network Time Server GPS F/W 6010-0071-000 Ver 4.00 allows attackers to gain sensitive information, and possibly other unspecified impacts. This plugin only works with Tenable.ot. Please visit...

8.2CVSS5.4AI score0.01022EPSS
Exploits0References3
Redos
Redos
added 2026/02/03 12:0 a.m.4 views

ROS-20260203-73-0006

A vulnerability in the auth.c component of the Linux kernel is related to memory usage after it has been freed. Exploitation of the vulnerability could allow an attacker to gain access to sensitive data, compromise its integrity, and cause denial of service...

9.8CVSS5.3AI score0.09796EPSS
Exploits0
Redos
Redos
added 2026/02/03 12:0 a.m.5 views

ROS-20260203-73-0048

A vulnerability in the netfilter component of the Linux operating system kernel is related to simultaneous execution using a shared resource with improper synchronization. Exploitation of the vulnerability could allow an attacker to gain access to sensitive data, compromise its integrity, and cau...

5.5CVSS8.4AI score0.00127EPSS
Exploits0
OSV
OSV
added 2026/02/02 11:39 p.m.2 views

GHSA-MC68-Q9JW-2H3V OpenClaw/Clawdbot Docker Execution has Authenticated Command Injection via PATH Environment Variable

Summary A Command Injection vulnerability existed in Clawdbot’s Docker sandbox execution mechanism due to unsafe handling of the PATH environment variable when constructing shell commands. An authenticated user able to control environment variables could influence command execution within the...

8.8CVSS5.7AI score0.04773EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2026/02/02 9:52 p.m.3 views

CVE-2025-36253 Multiple Vulnerabilities in IBM Concert Software.

IBM Concert 1.0.0 through 2.1.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information...

5.9CVSS5.4AI score0.00203EPSS
Exploits0References1
OSV
OSV
added 2026/02/02 9:5 p.m.5 views

GO-2026-4390 Beam Exposes sensitive information via joinCleanPath function in github.com/beam-cloud/beta9

Beam Exposes sensitive information via joinCleanPath function in github.com/beam-cloud/beta9...

6CVSS5.2AI score0.00881EPSS
Exploits1References4
Patchstack
Patchstack
added 2026/02/02 4:42 p.m.5 views

WordPress Run Contests, Raffles, and Giveaways with ContestsWP plugin <= 2.0.7 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Legion Hunter in WordPress Plugin Run Contests, Raffles, and Giveaways with ContestsWP versions = 2.0.7...

5.3CVSS5.3AI score0.00192EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/02/02 8:58 a.m.6 views

WordPress FileOrganizer plugin <= 1.0.7 - Sensitive Information Exposure via Directory Listing vulnerability

Sensitive Information Exposure via Directory Listing vulnerability discovered by emad in WordPress Plugin FileOrganizer versions = 1.0.7...

7.5CVSS5.3AI score0.00522EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/01 1:15 p.m.6 views

WordPress rtMedia for WordPress, BuddyPress and bbPress plugin <= 4.7.8 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Doan Dinh Van in WordPress Plugin rtMedia for WordPress, BuddyPress and bbPress versions = 4.7.8...

5.3CVSS5.5AI score0.00316EPSS
Exploits0Affected Software1
Snyk
Snyk
added 2026/02/01 6:37 a.m.5 views

Insertion of Sensitive Information into Log File

Overview omni-cortex is a Give Claude Code a perfect memory - auto-logs everything, searches smartly, and gets smarter over time Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File. Activity logging fails to redact sensitive fields before writing t...

6.8CVSS5.5AI score
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/02/01 3:14 a.m.9 views

CVE-2025-15510

The NEX-Forms – Ultimate Forms Plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the NF5ExportForms class constructor in all versions up to, and including, 9.1.8. This makes it possible for unauthenticated attackers to export form configuration...

5.3CVSS5.9AI score0.00285EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/31 9:12 a.m.10 views

CVE-2025-1395

Generation of Error Message Containing Sensitive Information vulnerability in Codriapp Innovation and Software Technologies Inc. HeyGarson allows Fuzzing for application mapping.This issue affects HeyGarson: through 30012026. NOTE: The vendor was contacted several times to verifying fixing proces...

8.2CVSS5.9AI score0.00299EPSS
Exploits0References1
EUVD
EUVD
added 2026/01/31 1:23 a.m.7 views

EUVD-2025-206597

The NEX-Forms – Ultimate Forms Plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the NF5ExportForms class constructor in all versions up to, and including, 9.1.8. This makes it possible for unauthenticated attackers to export form configuration...

5.3CVSS5.9AI score0.00285EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/01/31 1:23 a.m.29 views

CVE-2025-15510 NEX-Forms – Ultimate Forms Plugin for WordPress <= 9.1.8 - Missing Authorization to Unauthenticated Sensitive Information Exposure

The NEX-Forms – Ultimate Forms Plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the NF5ExportForms class constructor in all versions up to, and including, 9.1.8. This makes it possible for unauthenticated attackers to export form configuration...

5.3CVSS0.00285EPSS
Exploits0References2
Rows per page
Query Builder