28055 matches found
PT-2026-6243
Name of the Vulnerable Software and Affected Versions Hustle versions through 7.8.9.2 Description A flaw exists in the wordpress-popup component of WPMU DEV - Your All-in-One WordPress Platform Hustle that allows the retrieval of embedded sensitive data. This could lead to an exposure of sensitiv...
WordPress plugin Advanced WooCommerce Product Sales Reporting 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...
UFIDA U8 Cloud suffers from SQL injection vulnerability (CNVD-C-2026-69425)
U8 Cloud is a new-generation cloud ERP Enterprise Resource Planning solution launched by UFIDA, mainly for growing and innovative enterprises, aiming to provide a comprehensive enterprise-level cloud ERP total solution. A SQL injection vulnerability exists in UFIDA U8 Cloud, which can be exploite...
GUnet OpenEclass 信息泄露漏洞
GUnet OpenEclass is a learning management system developed by the Greek company GUnet. Version 1.7.3 of GUnet OpenEclass contains a vulnerability related to information leakage. This vulnerability stems from improper access control and information exposure, potentially allowing unauthorized acces...
WordPress plugin Run Contests, Raffles, and Giveaways with ContestsWP 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
PT-2026-5895
Name of the Vulnerable Software and Affected Versions IBM Concert versions 1.0.0 through 2.1.0 Description IBM Concert versions 1.0.0 through 2.1.0 stores potentially sensitive information in log files. A local user could read this information. Recommendations Versions prior to 2.1.0 should be...
EndRun Technologies Sonoma OS Command Injection (CVE-2025-60962)
OS Command Injection vulnerability in EndRun Technologies Sonoma D12 Network Time Server GPS F/W 6010-0071-000 Ver 4.00 allows attackers to gain sensitive information, and possibly other unspecified impacts. This plugin only works with Tenable.ot. Please visit...
ROS-20260203-73-0006
A vulnerability in the auth.c component of the Linux kernel is related to memory usage after it has been freed. Exploitation of the vulnerability could allow an attacker to gain access to sensitive data, compromise its integrity, and cause denial of service...
ROS-20260203-73-0048
A vulnerability in the netfilter component of the Linux operating system kernel is related to simultaneous execution using a shared resource with improper synchronization. Exploitation of the vulnerability could allow an attacker to gain access to sensitive data, compromise its integrity, and cau...
GHSA-MC68-Q9JW-2H3V OpenClaw/Clawdbot Docker Execution has Authenticated Command Injection via PATH Environment Variable
Summary A Command Injection vulnerability existed in Clawdbot’s Docker sandbox execution mechanism due to unsafe handling of the PATH environment variable when constructing shell commands. An authenticated user able to control environment variables could influence command execution within the...
CVE-2025-36253 Multiple Vulnerabilities in IBM Concert Software.
IBM Concert 1.0.0 through 2.1.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information...
GO-2026-4390 Beam Exposes sensitive information via joinCleanPath function in github.com/beam-cloud/beta9
Beam Exposes sensitive information via joinCleanPath function in github.com/beam-cloud/beta9...
WordPress Run Contests, Raffles, and Giveaways with ContestsWP plugin <= 2.0.7 - Sensitive Data Exposure vulnerability
Sensitive Data Exposure vulnerability discovered by Legion Hunter in WordPress Plugin Run Contests, Raffles, and Giveaways with ContestsWP versions = 2.0.7...
WordPress FileOrganizer plugin <= 1.0.7 - Sensitive Information Exposure via Directory Listing vulnerability
Sensitive Information Exposure via Directory Listing vulnerability discovered by emad in WordPress Plugin FileOrganizer versions = 1.0.7...
WordPress rtMedia for WordPress, BuddyPress and bbPress plugin <= 4.7.8 - Sensitive Data Exposure vulnerability
Sensitive Data Exposure vulnerability discovered by Doan Dinh Van in WordPress Plugin rtMedia for WordPress, BuddyPress and bbPress versions = 4.7.8...
Insertion of Sensitive Information into Log File
Overview omni-cortex is a Give Claude Code a perfect memory - auto-logs everything, searches smartly, and gets smarter over time Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File. Activity logging fails to redact sensitive fields before writing t...
CVE-2025-15510
The NEX-Forms – Ultimate Forms Plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the NF5ExportForms class constructor in all versions up to, and including, 9.1.8. This makes it possible for unauthenticated attackers to export form configuration...
CVE-2025-1395
Generation of Error Message Containing Sensitive Information vulnerability in Codriapp Innovation and Software Technologies Inc. HeyGarson allows Fuzzing for application mapping.This issue affects HeyGarson: through 30012026. NOTE: The vendor was contacted several times to verifying fixing proces...
EUVD-2025-206597
The NEX-Forms – Ultimate Forms Plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the NF5ExportForms class constructor in all versions up to, and including, 9.1.8. This makes it possible for unauthenticated attackers to export form configuration...
CVE-2025-15510 NEX-Forms – Ultimate Forms Plugin for WordPress <= 9.1.8 - Missing Authorization to Unauthenticated Sensitive Information Exposure
The NEX-Forms – Ultimate Forms Plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the NF5ExportForms class constructor in all versions up to, and including, 9.1.8. This makes it possible for unauthenticated attackers to export form configuration...