28071 matches found
New Research Exposes Critical Gap: 64% of Third-Party Applications Access Sensitive Data Without Authorization
Boston, MA, USA, 21st January 2026, CyberNewsWire...
WordPress Tabby Checkout plugin <= 5.8.4 - Sensitive Data Exposure vulnerability
Sensitive Data Exposure vulnerability discovered by benzdeus in WordPress Plugin Tabby Checkout versions = 5.8.4...
Vulnerabilities fixed in Oracle Java
Oracle has fixed vulnerabilities in Oracle Java SE. The vulnerabilities, particularly in the JavaFX component, allow unauthenticated attackers to compromise systems through untrusted code, which can lead to denial of service DoS attacks and unauthorized access to sensitive data. Exploitation of...
Vulnerabilities fixed in Oracle PeopleSoft
Oracle has fixed vulnerabilities in Oracle PeopleSoft. The vulnerabilities allow unauthenticated attackers to access and modify sensitive data. This can lead to unauthorized access and modifications to critical data, with CVSS scores ranging from 5.4 to 10.0, indicating moderate to significant ri...
WordPress Salon booking system plugin <= 10.30.3 - Sensitive Data Exposure vulnerability
Sensitive Data Exposure vulnerability discovered by daroo in WordPress Plugin Salon booking system versions = 10.30.3...
Improper Access Control
github.com/tencent/weknora is vulnerable to Improper access control. The vulnerability is due to insufficient backend validation on the database query tool after enabling the Agent service, which allows an attacker to use prompt-based bypass techniques to evade query restrictions and extract...
Fleet security vulnerabilities
Fleet is an open-source device management platform that supports various operating systems and devices. It helps IT and security teams with device management, vulnerability reporting, MDM operations, etc. It’s free and flexible. There is a security vulnerability in Fleet, which stems from imprope...
ROS-20260121-73-0024
A vulnerability in the rtsxusbmsdrvremove function of the drivers/memstick/host/rtsxusbms.c component of the Linux operating system kernel is related to the use of memory after it has been freed. Exploitation of the vulnerability could allow an attacker to gain access to sensitive data, compromis...
ROS-20260121-73-0026
A vulnerability in the drivers/ntb/hw/mscc/ntbhwswitchtec.c component of the Linux operating system kernel is related to reading outside the allowed data buffer boundaries. Exploitation of the vulnerability could allow an attacker to gain access to sensitive data, compromise its integrity, and...
CVE-2025-52659
HCL AION version 2 is affected by a Cacheable HTTP Response vulnerability. This may lead to unintended storage of sensitive or dynamic content, potentially resulting in unauthorized access or information disclosure...
CVE-2025-36419
IBM ApplinX 11.1 could disclose sensitive information about server architecture that could aid in further attacks against the system...
CVE-2025-13925
IBM Aspera Console 3.4.7 stores potentially sensitive information in log files that could be read by a local privileged user...
CVE-2025-1719 Multiple Vulnerabilities in IBM Concert Software
IBM Concert 1.0.0 through 2.1.0 could allow a remote attacker to obtain sensitive information from allocated memory due to improper clearing of heap memory...
CVE-2025-1719
IBM Concert 1.0.0 through 2.1.0 could allow a remote attacker to obtain sensitive information from allocated memory due to improper clearing of heap memory...
CVE-2025-1719
IBM Concert Software versions 1.0.0–2.1.0 are affected by CVE-2025-1719 due to improper clearing of heap memory, which could allow a remote attacker to read sensitive information from allocated memory. The issue is documented across multiple sources (NVD/Red Hat/IBM) with IBM explicitly noting a ...
CVE-2025-13925 Multiple vulnerabilities in IBM Aspera Console
IBM Aspera Console 3.4.7 stores potentially sensitive information in log files that could be read by a local privileged user...
CVE-2025-13925
IBM Aspera Console 3.4.7 stores potentially sensitive information in log files that could be read by a local privileged user...
CVE-2025-13925 Multiple vulnerabilities in IBM Aspera Console
IBM Aspera Console 3.4.7 stores potentially sensitive information in log files that could be read by a local privileged user...
CVE-2025-13925
IBM Aspera Console 3.4.7 stores potentially sensitive information in log files that could be read by a local privileged user. Affected product: IBM Aspera Console 3.4.7. Root cause: log files may contain sensitive data, enabling read access by an unauthorized local user. Remediation: upgrade to I...
WordPress Contact Form & Lead Form Elementor Builder plugin <= 2.0.1 - Sensitive Data Exposure vulnerability
Sensitive Data Exposure vulnerability discovered by benzdeus in WordPress Plugin Contact Form & Lead Form Elementor Builder versions = 2.0.1...