Lucene search
K

28076 matches found

SUSE CVE
SUSE CVE
added 2026/01/17 12:24 a.m.2 views

SUSE CVE-2026-22687

WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.2.5, after WeKnora enables the Agent service, it allows users to call the database query tool. Due to insufficient backend validation, an attacker can use prompt-based bypass...

9.8CVSS6.6AI score0.00353EPSS
Exploits1References2
NVD
NVD
added 2026/01/16 8:15 p.m.5 views

CVE-2026-23723

WeGIA is a web manager for charitable institutions. Prior to 3.6.2, an authenticated SQL Injection vulnerability was identified in the AtendidoocorrenciaControle endpoint via the idmemorando parameter. This flaw allows for full database exfiltration, exposure of sensitive PII, and potential...

7.2CVSS0.00377EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/01/16 5:6 p.m.19 views

CVE-2025-43508

A logging issue was addressed with improved data redaction. This issue is fixed in macOS Tahoe 26.1. An app may be able to access sensitive user data...

0.00147EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/01/16 5:6 p.m.20 views

CVE-2024-44210

This issue was addressed with improved permissions checking. This issue is fixed in macOS Sequoia 15.1. An app may be able to access user-sensitive data...

0.0016EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/16 5:6 p.m.4 views

CVE-2025-43508

A logging issue was addressed with improved data redaction. This issue is fixed in macOS Tahoe 26.1. An app may be able to access sensitive user data...

5.6AI score0.00147EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/01/16 5:6 p.m.4 views

CVE-2025-43508

A logging issue was addressed with improved data redaction. This issue is fixed in macOS Tahoe 26.1. An app may be able to access sensitive user data...

5.5CVSS5.4AI score0.00147EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/16 2:23 p.m.7 views

CVE-2026-22913

Improper handling of a URL parameter may allow attackers to execute code in a user's browser after login. This can lead to the extraction of sensitive data...

6.1CVSS7.2AI score0.00347EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/16 2:23 p.m.4 views

CVE-2026-22918

An attacker may exploit missing protection against clickjacking by tricking users into performing unintended actions through maliciously crafted web pages, leading to the extraction of sensitive data...

8.2CVSS6.8AI score0.00286EPSS
Exploits0References1
Snyk
Snyk
added 2026/01/16 12:30 p.m.2 views

Improper Removal of Sensitive Information Before Storage or Transfer

Overview apache-airflow-task-sdk is a The Apache Airflow Task SDK includes interfaces for Dag authors and Task execution logic for Python. Affected versions of this package are vulnerable to Improper Removal of Sensitive Information Before Storage or Transfer via the serialization for rendered...

7.5CVSS5.7AI score0.00586EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/01/16 5:43 a.m.4 views

WordPress AWP Classifieds plugin <= 4.4.3 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Phat RiO in WordPress Plugin AWP Classifieds versions = 4.4.3...

5.3CVSS5.5AI score0.00305EPSS
Exploits0Affected Software1
NVD
NVD
added 2026/01/16 5:16 a.m.5 views

CVE-2025-14982

The Booking Calendar plugin for WordPress is vulnerable to Missing Authorization leading to Sensitive Information Exposure in all versions up to, and including, 10.14.11. This makes it possible for authenticated attackers, with Subscriber-level access and above, to view all booking records in the...

4.3CVSS0.00342EPSS
Exploits0References9
CVE
CVE
added 2026/01/16 12:16 a.m.14 views

CVE-2025-64769

CVE-2025-64769 affects the AVEVA Process Optimization suite. The root issue is unencrypted by-default channels/protocols, enabling potential data hijacking or leakage in man-in-the-middle or passive inspection scenarios. Documents consistently describe cleartext transmission of sensitive informat...

7.6CVSS6.4AI score0.00161EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/01/16 12:16 a.m.29 views

CVE-2025-64769 AVEVA Process Optimization Cleartext Transmission of Sensitive Information

The Process Optimization application suite leverages connection channels/protocols that by-default are not encrypted and could become subject to hijacking or data leakage in certain man-in-the-middle or passive inspection scenarios...

7.6CVSS0.00161EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/01/16 12:0 a.m.5 views

Odine GateKeeper SQL injection vulnerability

Odine GateKeeper is a voice fraud detection software developed by the Turkish company Odine. Version 1.0 of Odine GateKeeper contains an SQL injection vulnerability. This vulnerability stems from an SQL injection vulnerability in the trafficCycle API endpoint, which may lead to the disclosure of...

8.2CVSS5.8AI score0.00411EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.6 views

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-004653)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004653 advisory. The fix for the Linux kernel in Ubuntu 18.04 LTS for CVE-2019-14615 The Linux kernel did not properly clear data structures on context switches for certain Intel...

5.5CVSS6.7AI score0.01447EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/01/16 12:0 a.m.4 views

WordPress plugin Essential Addons for Elementor has a security vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be added to a...

5.3CVSS5.8AI score0.00344EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/01/16 12:0 a.m.4 views

Apple macOS security vulnerabilities

Apple macOS is a proprietary operating system developed by the American company Apple for Mac computers. Versions of Apple macOS Sequoia 15.1 had a security vulnerability due to an issue with permission checks, which could allow applications to access sensitive user data...

3.3CVSS5.8AI score0.0016EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/01/16 12:0 a.m.5 views

Google Chrome 安全漏洞

Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a security bypass vulnerability that stems from insufficient enforcement of new policies on the network, which can be exploited by an attacker to obtain potentially sensitive information via web log files...

9.8CVSS7.2AI score0.00221EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/01/16 12:0 a.m.7 views

PT-2026-3214

The Booking Calendar plugin for WordPress is vulnerable to Missing Authorization leading to Sensitive Information Exposure in all versions up to, and including, 10.14.11. This makes it possible for authenticated attackers, with Subscriber-level access and above, to view all booking records in the...

4.3CVSS5.4AI score0.00342EPSS
Exploits0References10
Patchstack
Patchstack
added 2026/01/15 11:10 p.m.5 views

WordPress Booking Calendar plugin <= 10.14.11 - Missing Authorization to Sensitive Information Exposure vulnerability

Missing Authorization to Sensitive Information Exposure vulnerability discovered by shark3y in WordPress Plugin Booking Calendar versions = 10.14.11...

4.3CVSS6.9AI score0.00342EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder