Lucene search
K

28076 matches found

Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.7 views

MiracleLinux 9 : linux-firmware-20230310-134.el9.ML.1 (AXSA:2023-6270:05)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-6270:05 advisory. This package includes firmware files required for some devices to operate. CVE-2023-20593 An issue in Zen 2 CPUs, under specific microarchitectural...

5.5CVSS6.8AI score0.05794EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.4 views

Cisco IP Phones Exposure of Sensitive Information to an Unauthorized Actor (CVE-2025-20336)

A vulnerability in the directory permissions of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 could allow an unauthenticated, remote attacker to access sensitive information on an affected device. This vulnerability exists because the product expose...

7.5CVSS5.5AI score0.00349EPSS
Exploits0References2
OSV
OSV
added 2026/01/19 6:16 p.m.4 views

CVE-2025-52659

HCL AION version 2 is affected by a Cacheable HTTP Response vulnerability. This may lead to unintended storage of sensitive or dynamic content, potentially resulting in unauthorized access or information disclosure...

7.5CVSS5.8AI score0.00156EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/01/19 5:54 p.m.15 views

CVE-2025-52659 HCL AION is affected by a Cacheable HTTP Response vulnerability

HCL AION version 2 is affected by a Cacheable HTTP Response vulnerability. This may lead to unintended storage of sensitive or dynamic content, potentially resulting in unauthorized access or information disclosure...

2.8CVSS0.00156EPSS
Exploits0References1
Information Security Automation
Information Security Automation
added 2026/01/19 1:55 p.m.10 views

About Information Disclosure – MongoDB “MongoBleed” (CVE-2025-14847) vulnerability

About Information Disclosure - MongoDB "MongoBleed" CVE-2025-14847 vulnerability. MongoDB is a popular NoSQL database that stores data as JSON-like documents with an optional schema. The project is licensed under the SSPL. A flaw in MongoDB’s handling of the data length parameter during zlib...

8.7CVSS5.6AI score0.83007EPSS
Exploits39
Snyk
Snyk
added 2026/01/19 9:48 a.m.5 views

Insertion of Sensitive Information into Log File

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File via the checkJdbcConnParams and decode functions. An attacker can access sensitive information, such as plaintext passwords, by causing a Base64 decoding failure, which results in the...

6.5CVSS5.8AI score0.00403EPSS
Exploits0References2
OSV
OSV
added 2026/01/19 9:30 a.m.5 views

GHSA-6VFR-P2HX-6V32 Apache Linkis: Password Exposure

When org.apache.linkis.metadata.util.HiveUtils.decode fails to perform Base64 decoding, it records the complete input parameter string in the log via logger.errorstr + "decode failed", e. If the input parameter contains sensitive information such as Hive Metastore keys, plaintext passwords will b...

6.5CVSS5.5AI score0.00403EPSS
Exploits0References5
CVE
CVE
added 2026/01/19 8:37 a.m.20 views

CVE-2025-59355

Apache Linkis CVE-2025-59355 affects 1.0.0–1.7.0, where HiveUtils.decode() may log the full input parameter on Base64 decode failure, risking leakage of sensitive values (e.g., hive-site.xml passwords) if error logs are readable. A fix is available in 1.8.0+ that desensitizes the log (logger.erro...

6.5CVSS5.5AI score0.00403EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2026/01/19 12:0 a.m.7 views

Apache Linkis security vulnerabilities

Apache Linkis is a middleware product developed by the Apache Foundation in the United States. It enables effective connections between upper-level applications and underlying data engines. Versions of Apache Linkis prior to 1.7.0 contain security vulnerabilities. These vulnerabilities stem from...

6.5CVSS5.8AI score0.00403EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/01/19 12:0 a.m.8 views

PT-2026-3468

HCL AION version 2 is affected by a Cacheable HTTP Response vulnerability. This may lead to unintended storage of sensitive or dynamic content, potentially resulting in unauthorized access or information disclosure...

2.8CVSS5.4AI score0.00156EPSS
Exploits0References2
CNVD
CNVD
added 2026/01/19 12:0 a.m.5 views

Microsoft Windows File Explorer Information Disclosure Vulnerability

Microsoft Windows File Explorer is a file manager application from Microsoft USA. An information disclosure vulnerability exists in Microsoft Windows File Explorer, which can be exploited by attackers to obtain sensitive information...

5.5CVSS5.6AI score0.00466EPSS
Exploits1References1
Redos
Redos
added 2026/01/19 12:0 a.m.5 views

ROS-20260119-7375

A vulnerability in the fs/nilfs2 component of the Linux kernel is related to the use of memory after it has been freed. Exploitation of the vulnerability may allow an attacker to gain access to sensitive data, compromise its integrity, and cause denial of service...

7.8CVSS7.6AI score0.00211EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/01/19 12:0 a.m.4 views

Qnap QTS and QuTS hero Improper Limitation of a Pathname to a Restricted Directory (CVE-2023-51364)

A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to read the contents of unexpected files and expose sensitive data via a network. We have already fixed the vulnerability in the following versions:...

8.7CVSS5.3AI score0.4158EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/01/18 10:20 a.m.4 views

WordPress Ninja Tables plugin <= 5.2.5 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by theviper17 in WordPress Plugin Ninja Tables versions = 5.2.5...

4.3CVSS5.5AI score0.00215EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/18 2:26 a.m.7 views

CVE-2025-14075

The WP Hotel Booking plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2.7. This is due to the plugin exposing the 'hotelbookingfetchcustomerinfo' AJAX action to unauthenticated users without proper capability checks, relying only on a...

5.3CVSS5.5AI score0.0026EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/17 5:19 p.m.6 views

CVE-2025-43508

A logging issue was addressed with improved data redaction. This issue is fixed in macOS Tahoe 26.1. An app may be able to access sensitive user data...

5.5CVSS6AI score0.00147EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/01/17 5:8 p.m.5 views

WordPress Cargus plugin <= 1.5.8 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Legion Hunter in WordPress Plugin Cargus versions = 1.5.8...

5.3CVSS5.4AI score0.00305EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/17 5:22 a.m.9 views

CVE-2025-14982

The Booking Calendar plugin for WordPress is vulnerable to Missing Authorization leading to Sensitive Information Exposure in all versions up to, and including, 10.14.11. This makes it possible for authenticated attackers, with Subscriber-level access and above, to view all booking records in the...

4.3CVSS5.4AI score0.00342EPSS
Exploits0References1
NVD
NVD
added 2026/01/17 3:16 a.m.7 views

CVE-2025-14075

The WP Hotel Booking plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2.7. This is due to the plugin exposing the 'hotelbookingfetchcustomerinfo' AJAX action to unauthenticated users without proper capability checks, relying only on a...

5.3CVSS0.0026EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2026/01/17 12:24 a.m.2 views

SUSE CVE-2026-22687

WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.2.5, after WeKnora enables the Agent service, it allows users to call the database query tool. Due to insufficient backend validation, an attacker can use prompt-based bypass...

9.8CVSS6.6AI score0.00353EPSS
Exploits1References2
Rows per page
Query Builder