Lucene search
K

28055 matches found

Cvelist
Cvelist
added 2026/01/28 5:47 p.m.30 views

CVE-2025-57796 Use of a hardcoded static key to protect sensitive data in Explorance Blue

Explorance Blue versions prior to 8.14.12 use reversible symmetric encryption with a hardcoded static key to protect sensitive data, including user passwords and system configurations. This approach allows stored values to be decrypted offline if the encrypted data are obtained...

0.00186EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/01/28 3:18 p.m.6 views

CVE-2026-1470

n8n contains a critical Remote Code Execution RCE vulnerability in its workflow Expression evaluation system. Expressions supplied by authenticated users during workflow configuration may be evaluated in an execution context that is not sufficiently isolated from the underlying runtime. An...

9.9CVSS6.4AI score0.18071EPSS
Exploits2References1
EUVD
EUVD
added 2026/01/28 2:25 p.m.6 views

EUVD-2026-4920

The WP Adminify plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.0.7.7 via the /wp-json/adminify/v1/get-addons-list REST API endpoint. The endpoint is registered with permissioncallback set to returntrue, allowing unauthenticated attacke...

5.3CVSS5.9AI score0.00247EPSS
Exploits0References3
Veracode
Veracode
added 2026/01/28 7:22 a.m.8 views

Information Disclosure

Shopware is vulnerable to sensitive Information Disclosure. The vulnerability is due to improper protection of sensitive application data, which allows an attacker to export credential-related information from affected Shopware deployments and potentially reuse recovered credentials across other...

5.9AI score
Exploits0
NVD
NVD
added 2026/01/28 12:15 a.m.4 views

CVE-2025-54373

OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 7.0.4 have a vulnerability where sensitive data is unintentionally revealed to unauthorized parties. Contents of Clinical Notes and Care Plan, where an encounter has...

7.1CVSS0.00372EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/01/28 12:0 a.m.6 views

PT-2026-7417

Name of the Vulnerable Software and Affected Versions SiYuan versions prior to 3.5.5 Description The /api/file/getFile endpoint uses case-sensitive string equality checks to block access to sensitive files. On case-insensitive file systems, such as Windows, attackers can bypass these restrictions...

7.5CVSS5.5AI score0.00505EPSS
Exploits1References9
Vulnrichment
Vulnrichment
added 2026/01/27 11:11 p.m.4 views

CVE-2025-54373 OpenEMR may expose Contents of Clinical Notes and Care Planto users who do not have Sensitivities=high privilege

OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 7.0.4 have a vulnerability where sensitive data is unintentionally revealed to unauthorized parties. Contents of Clinical Notes and Care Plan, where an encounter has...

7.1CVSS5.9AI score0.00372EPSS
Exploits1References2
Snyk
Snyk
added 2026/01/27 7:4 p.m.5 views

Use of Cache Containing Sensitive Information

Overview hono is an Ultrafast web framework for the Edges Affected versions of this package are vulnerable to Use of Cache Containing Sensitive Information via improper handling of HTTP cache control directives, including Cache-Control: private and Cache-Control: no-store. An attacker can access...

6.9CVSS5.9AI score0.00457EPSS
Exploits0References2
NVD
NVD
added 2026/01/27 5:16 p.m.12 views

CVE-2026-1482

An out-of-band SQL injection vulnerability OOB SQLi has been detected in the Performance Evaluation EDD application developed by Gabinete Técnico de Programación. Exploiting this vulnerability in the parameter 'Idevaluacion' in '/evaluacionobjetivosevaluadefinido.aspx', could allow an attacker to...

9.3CVSS0.00327EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/01/27 3:47 p.m.3 views

CVE-2026-24870

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in ixray-team ixray-1.6-stcop.This issue affects ixray-1.6-stcop: before 1.3...

3.7CVSS5.9AI score0.00189EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/27 3:23 p.m.4 views

CVE-2025-59100

The web interface offers a functionality to export the internal SQLite database. After executing the database export, an automatic download is started and the device reboots. After rebooting, the exported database is deleted and cannot be accessed anymore. However, it was noticed that sometimes t...

5.9CVSS5.8AI score0.00572EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/01/27 11:31 a.m.7 views

WordPress JobBoard Job listing plugin <= 1.2.8 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by MyungJu Kim in WordPress Plugin JobBoard Job listing versions = 1.2.8...

5.9AI score0.00309EPSS
Exploits0Affected Software1
EUVD
EUVD
added 2026/01/27 12:0 a.m.5 views

EUVD-2025-206386

The kernel driver of CPUID CPU-Z v2.17 and earlier does not validate user-supplied values passed via its IOCTL interface, allowing an attacker to access sensitive information via a crafted request...

5.5CVSS5.9AI score0.00177EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/01/27 12:0 a.m.2 views

CVE-2025-65264

The kernel driver of CPUID CPU-Z v2.17 and earlier does not validate user-supplied values passed via its IOCTL interface, allowing an attacker to access sensitive information via a crafted request...

5.5CVSS5.9AI score0.00177EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/01/27 12:0 a.m.8 views

IX-Ray Engine security vulnerabilities

IX-Ray Engine is a modern game engine open-source by the IX-Ray Team. Versions of IX-Ray Engine prior to 1.3 contained security vulnerabilities, which were caused by exposing sensitive information to unauthorized participants...

7.5CVSS5.8AI score0.00189EPSS
Exploits0References2
CVE
CVE
added 2026/01/27 12:0 a.m.11 views

CVE-2025-65264

The CVE-2025-65264 affects the CPUID CPU-Z kernel driver (v2.17 and earlier). The IOCTL interface does not validate user-supplied values, enabling a local attacker to access sensitive information via a crafted request. Evidence from multiple sources confirms the vulnerable IOCTL path and affected...

5.5CVSS5.9AI score0.00177EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/01/27 12:0 a.m.7 views

PT-2026-4982

Name of the Vulnerable Software and Affected Versions CPU-Z versions 2.17 and earlier Description The kernel driver of CPUID CPU-Z does not validate user-supplied values passed via its IOCTL interface. This allows an attacker to access sensitive information by sending a crafted request. The...

5.5CVSS5.4AI score0.00177EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2026/01/27 12:0 a.m.9 views

PT-2026-5033

Name of the Vulnerable Software and Affected Versions OpenEMR versions prior to 7.0.4 Description OpenEMR is an electronic health records and medical practice management application. Versions before 7.0.4 allow users without appropriate privileges to view and modify sensitive information within...

7.1CVSS5.3AI score0.00372EPSS
Exploits1References8
Broadcom
Broadcom
added 2026/01/27 12:0 a.m.14 views

A heap out-of-bounds read flaw was found in builtin.c in the gawk package

A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information...

7.1CVSS5.8AI score0.00424EPSS
Exploits1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/26 10:58 p.m.10 views

Security Bulletin: This Power System update is being released to address CVE-2025-36238

Summary If an attacker is able to gain system administrator access a Virtual TPM can be compromised through the use of a series of PowerVM service procedures. Vulnerability Details CVEID:CVE-2025-36238 DESCRIPTION: IBM PowerVM Hypervisor could allow a local user with administration privileges to...

6CVSS5.9AI score0.00155EPSS
Exploits0
Rows per page
Query Builder