28055 matches found
CVE-2025-57796 Use of a hardcoded static key to protect sensitive data in Explorance Blue
Explorance Blue versions prior to 8.14.12 use reversible symmetric encryption with a hardcoded static key to protect sensitive data, including user passwords and system configurations. This approach allows stored values to be decrypted offline if the encrypted data are obtained...
CVE-2026-1470
n8n contains a critical Remote Code Execution RCE vulnerability in its workflow Expression evaluation system. Expressions supplied by authenticated users during workflow configuration may be evaluated in an execution context that is not sufficiently isolated from the underlying runtime. An...
EUVD-2026-4920
The WP Adminify plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.0.7.7 via the /wp-json/adminify/v1/get-addons-list REST API endpoint. The endpoint is registered with permissioncallback set to returntrue, allowing unauthenticated attacke...
Information Disclosure
Shopware is vulnerable to sensitive Information Disclosure. The vulnerability is due to improper protection of sensitive application data, which allows an attacker to export credential-related information from affected Shopware deployments and potentially reuse recovered credentials across other...
CVE-2025-54373
OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 7.0.4 have a vulnerability where sensitive data is unintentionally revealed to unauthorized parties. Contents of Clinical Notes and Care Plan, where an encounter has...
PT-2026-7417
Name of the Vulnerable Software and Affected Versions SiYuan versions prior to 3.5.5 Description The /api/file/getFile endpoint uses case-sensitive string equality checks to block access to sensitive files. On case-insensitive file systems, such as Windows, attackers can bypass these restrictions...
CVE-2025-54373 OpenEMR may expose Contents of Clinical Notes and Care Planto users who do not have Sensitivities=high privilege
OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 7.0.4 have a vulnerability where sensitive data is unintentionally revealed to unauthorized parties. Contents of Clinical Notes and Care Plan, where an encounter has...
Use of Cache Containing Sensitive Information
Overview hono is an Ultrafast web framework for the Edges Affected versions of this package are vulnerable to Use of Cache Containing Sensitive Information via improper handling of HTTP cache control directives, including Cache-Control: private and Cache-Control: no-store. An attacker can access...
CVE-2026-1482
An out-of-band SQL injection vulnerability OOB SQLi has been detected in the Performance Evaluation EDD application developed by Gabinete Técnico de Programación. Exploiting this vulnerability in the parameter 'Idevaluacion' in '/evaluacionobjetivosevaluadefinido.aspx', could allow an attacker to...
CVE-2026-24870
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in ixray-team ixray-1.6-stcop.This issue affects ixray-1.6-stcop: before 1.3...
CVE-2025-59100
The web interface offers a functionality to export the internal SQLite database. After executing the database export, an automatic download is started and the device reboots. After rebooting, the exported database is deleted and cannot be accessed anymore. However, it was noticed that sometimes t...
WordPress JobBoard Job listing plugin <= 1.2.8 - Sensitive Data Exposure vulnerability
Sensitive Data Exposure vulnerability discovered by MyungJu Kim in WordPress Plugin JobBoard Job listing versions = 1.2.8...
EUVD-2025-206386
The kernel driver of CPUID CPU-Z v2.17 and earlier does not validate user-supplied values passed via its IOCTL interface, allowing an attacker to access sensitive information via a crafted request...
CVE-2025-65264
The kernel driver of CPUID CPU-Z v2.17 and earlier does not validate user-supplied values passed via its IOCTL interface, allowing an attacker to access sensitive information via a crafted request...
IX-Ray Engine security vulnerabilities
IX-Ray Engine is a modern game engine open-source by the IX-Ray Team. Versions of IX-Ray Engine prior to 1.3 contained security vulnerabilities, which were caused by exposing sensitive information to unauthorized participants...
CVE-2025-65264
The CVE-2025-65264 affects the CPUID CPU-Z kernel driver (v2.17 and earlier). The IOCTL interface does not validate user-supplied values, enabling a local attacker to access sensitive information via a crafted request. Evidence from multiple sources confirms the vulnerable IOCTL path and affected...
PT-2026-4982
Name of the Vulnerable Software and Affected Versions CPU-Z versions 2.17 and earlier Description The kernel driver of CPUID CPU-Z does not validate user-supplied values passed via its IOCTL interface. This allows an attacker to access sensitive information by sending a crafted request. The...
PT-2026-5033
Name of the Vulnerable Software and Affected Versions OpenEMR versions prior to 7.0.4 Description OpenEMR is an electronic health records and medical practice management application. Versions before 7.0.4 allow users without appropriate privileges to view and modify sensitive information within...
A heap out-of-bounds read flaw was found in builtin.c in the gawk package
A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information...
Security Bulletin: This Power System update is being released to address CVE-2025-36238
Summary If an attacker is able to gain system administrator access a Virtual TPM can be compromised through the use of a series of PowerVM service procedures. Vulnerability Details CVEID:CVE-2025-36238 DESCRIPTION: IBM PowerVM Hypervisor could allow a local user with administration privileges to...