28076 matches found
SUSE CVE-2026-22687
WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.2.5, after WeKnora enables the Agent service, it allows users to call the database query tool. Due to insufficient backend validation, an attacker can use prompt-based bypass...
CVE-2026-23723
WeGIA is a web manager for charitable institutions. Prior to 3.6.2, an authenticated SQL Injection vulnerability was identified in the AtendidoocorrenciaControle endpoint via the idmemorando parameter. This flaw allows for full database exfiltration, exposure of sensitive PII, and potential...
CVE-2025-43508
A logging issue was addressed with improved data redaction. This issue is fixed in macOS Tahoe 26.1. An app may be able to access sensitive user data...
CVE-2024-44210
This issue was addressed with improved permissions checking. This issue is fixed in macOS Sequoia 15.1. An app may be able to access user-sensitive data...
CVE-2025-43508
A logging issue was addressed with improved data redaction. This issue is fixed in macOS Tahoe 26.1. An app may be able to access sensitive user data...
CVE-2025-43508
A logging issue was addressed with improved data redaction. This issue is fixed in macOS Tahoe 26.1. An app may be able to access sensitive user data...
CVE-2026-22913
Improper handling of a URL parameter may allow attackers to execute code in a user's browser after login. This can lead to the extraction of sensitive data...
CVE-2026-22918
An attacker may exploit missing protection against clickjacking by tricking users into performing unintended actions through maliciously crafted web pages, leading to the extraction of sensitive data...
Improper Removal of Sensitive Information Before Storage or Transfer
Overview apache-airflow-task-sdk is a The Apache Airflow Task SDK includes interfaces for Dag authors and Task execution logic for Python. Affected versions of this package are vulnerable to Improper Removal of Sensitive Information Before Storage or Transfer via the serialization for rendered...
WordPress AWP Classifieds plugin <= 4.4.3 - Sensitive Data Exposure vulnerability
Sensitive Data Exposure vulnerability discovered by Phat RiO in WordPress Plugin AWP Classifieds versions = 4.4.3...
CVE-2025-14982
The Booking Calendar plugin for WordPress is vulnerable to Missing Authorization leading to Sensitive Information Exposure in all versions up to, and including, 10.14.11. This makes it possible for authenticated attackers, with Subscriber-level access and above, to view all booking records in the...
CVE-2025-64769
CVE-2025-64769 affects the AVEVA Process Optimization suite. The root issue is unencrypted by-default channels/protocols, enabling potential data hijacking or leakage in man-in-the-middle or passive inspection scenarios. Documents consistently describe cleartext transmission of sensitive informat...
CVE-2025-64769 AVEVA Process Optimization Cleartext Transmission of Sensitive Information
The Process Optimization application suite leverages connection channels/protocols that by-default are not encrypted and could become subject to hijacking or data leakage in certain man-in-the-middle or passive inspection scenarios...
Odine GateKeeper SQL injection vulnerability
Odine GateKeeper is a voice fraud detection software developed by the Turkish company Odine. Version 1.0 of Odine GateKeeper contains an SQL injection vulnerability. This vulnerability stems from an SQL injection vulnerability in the trafficCycle API endpoint, which may lead to the disclosure of...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-004653)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004653 advisory. The fix for the Linux kernel in Ubuntu 18.04 LTS for CVE-2019-14615 The Linux kernel did not properly clear data structures on context switches for certain Intel...
WordPress plugin Essential Addons for Elementor has a security vulnerability
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be added to a...
Apple macOS security vulnerabilities
Apple macOS is a proprietary operating system developed by the American company Apple for Mac computers. Versions of Apple macOS Sequoia 15.1 had a security vulnerability due to an issue with permission checks, which could allow applications to access sensitive user data...
Google Chrome 安全漏洞
Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a security bypass vulnerability that stems from insufficient enforcement of new policies on the network, which can be exploited by an attacker to obtain potentially sensitive information via web log files...
PT-2026-3214
The Booking Calendar plugin for WordPress is vulnerable to Missing Authorization leading to Sensitive Information Exposure in all versions up to, and including, 10.14.11. This makes it possible for authenticated attackers, with Subscriber-level access and above, to view all booking records in the...
WordPress Booking Calendar plugin <= 10.14.11 - Missing Authorization to Sensitive Information Exposure vulnerability
Missing Authorization to Sensitive Information Exposure vulnerability discovered by shark3y in WordPress Plugin Booking Calendar versions = 10.14.11...