Lucene search
K

28076 matches found

Positive Technologies
Positive Technologies
added 2026/01/15 12:0 a.m.9 views

PT-2026-3074

Name of the Vulnerable Software and Affected Versions Pimcore versions prior to 12.3.1 Pimcore versions prior to 11.5.14 Description Pimcore is an Open Source Data & Experience Management Platform. Prior to versions 12.3.1 and 11.5.14, the http error log file stores the $ COOKIE and $ SERVER...

8.6CVSS5.3AI score0.00393EPSS
Exploits0References12
RedhatCVE
RedhatCVE
added 2026/01/14 6:22 p.m.5 views

CVE-2026-20821

Exposure of sensitive information to an unauthorized actor in Windows Remote Procedure Call allows an unauthorized attacker to disclose information locally...

6.2CVSS6.5AI score0.00692EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/14 6:22 p.m.5 views

CVE-2026-20827

Exposure of sensitive information to an unauthorized actor in Tablet Windows User Interface TWINUI Subsystem allows an authorized attacker to disclose information locally...

5.5CVSS6.4AI score0.00633EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/14 6:22 p.m.6 views

CVE-2026-20818

Insertion of sensitive information into log file in Windows Kernel allows an unauthorized attacker to disclose information locally...

6.2CVSS6.5AI score0.00692EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/14 6:22 p.m.3 views

CVE-2026-20823

Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally...

5.5CVSS6.5AI score0.00654EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/14 6:22 p.m.3 views

CVE-2026-20805

Exposure of sensitive information to an unauthorized actor in Desktop Windows Manager allows an authorized attacker to disclose information locally...

5.5CVSS6.5AI score0.05028EPSS
Exploits5References1
RedhatCVE
RedhatCVE
added 2026/01/14 6:22 p.m.3 views

CVE-2026-20939

Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally...

5.5CVSS6.5AI score0.00468EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/14 6:22 p.m.3 views

CVE-2026-20862

Exposure of sensitive information to an unauthorized actor in Windows Management Services allows an authorized attacker to disclose information locally...

5.5CVSS6.5AI score0.00614EPSS
Exploits0References1
NVD
NVD
added 2026/01/14 4:15 p.m.4 views

CVE-2025-67399

An issue in AIRTH SMART HOME AQI MONITOR Bootloader v.1.005 allows a physically proximate attacker to obtain sensitive information via the UART port of the BK7231N controller Wi-Fi and BLE module on the device is open to access...

4.6CVSS0.00153EPSS
Exploits0References2
NVD
NVD
added 2026/01/14 6:15 a.m.6 views

CVE-2026-0717

The LottieFiles – Lottie block for Gutenberg plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.0.0 via the /wp-json/lottiefiles/v1/settings/ REST API endpoint. This makes it possible for unauthenticated attackers to retrieve the site...

5.3CVSS0.003EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/01/14 12:34 a.m.4 views

SUSE CVE-2022-1650

Improper Removal of Sensitive Information Before Storage or Transfer in GitHub repository eventsource/eventsource prior to v2.0.2...

8.1CVSS7.2AI score0.01686EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/01/14 12:0 a.m.7 views

PT-2026-2812

The PDF Resume Parser plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0. This is due to the plugin registering an AJAX action handler that is accessible to unauthenticated users and exposes SMTP configuration data including credentials...

5.3CVSS6AI score0.00323EPSS
Exploits0References4
CVE
CVE
added 2026/01/14 12:0 a.m.14 views

CVE-2025-67399

CVE-2025-67399 concerns the AIRTH SMART HOME AQI MONITOR Bootloader v1.005. The issue enables a physically proximate attacker to access sensitive information via the UART port on the BK7231N controller (Wi‑Fi/BLE module) due to exposed UART access. Impact is information disclosure (confidential d...

4.6CVSS6.2AI score0.00153EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/01/14 12:0 a.m.3 views

CVE-2025-67399

An issue in AIRTH SMART HOME AQI MONITOR Bootloader v.1.005 allows a physically proximate attacker to obtain sensitive information via the UART port of the BK7231N controller Wi-Fi and BLE module on the device is open to access...

4.6CVSS5.5AI score0.00153EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/01/14 12:0 a.m.21 views

CVE-2025-67399

An issue in AIRTH SMART HOME AQI MONITOR Bootloader v.1.005 allows a physically proximate attacker to obtain sensitive information via the UART port of the BK7231N controller Wi-Fi and BLE module on the device is open to access...

0.00153EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/01/14 12:0 a.m.4 views

Lenovo多款产品 安全漏洞

Lenovo ThinkPlus FU100 is a fingerprint USB flash drive.Lenovo ThinkPlus FU100 is a fingerprint USB flash drive.Lenovo ThinkPlus FU200 is a fingerprint USB flash drive.Lenovo ThinkPlus TU800 is a USB flash drive. A security vulnerability exists in a number of Lenovo products, where a locally...

6.8CVSS5.8AI score0.00092EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/01/14 12:0 a.m.7 views

PT-2026-2908

Name of the Vulnerable Software and Affected Versions AIRTH SMART HOME AQI MONITOR Bootloader version 1.005 Description An issue allows a physically proximate attacker to obtain sensitive information via the UART port of the BK7231N controller Wi-Fi and BLE module on the device. The UART port is...

4.6CVSS6.3AI score0.00153EPSS
Exploits0References4
VulnCheck KEV
VulnCheck KEV
added 2026/01/14 12:0 a.m.26 views

VulnCheck KEV: CVE-2025-63387

Dify v1.9.1 is vulnerable to Insecure Permissions. An unauthenticated attacker can directly send HTTP GET requests to the /console/api/system-features endpoint without any authentication credentials or session tokens. The endpoint fails to implement proper authorization checks, allowing anonymous...

7.5CVSS5.8AI score0.28042EPSS
In wildExploits0References2
RedhatCVE
RedhatCVE
added 2026/01/13 10:53 p.m.4 views

CVE-2025-14574

The weDocs plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.1.15 via the /wp-json/wp/v2/docs/settings REST API endpoint. This makes it possible for unauthenticated attackers to extract sensitive data including third party services API ke...

5.3CVSS6AI score0.00318EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/13 10:53 p.m.5 views

CVE-2025-14146

The Booking Calendar plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 10.14.10 via the WPBCFLEXTIMELINENAV AJAX action. This is due to the nonce verification being conditionally disabled by default bookingisnonceatfrontend option is 'Off' ...

5.3CVSS6.2AI score0.00337EPSS
Exploits0References1
Rows per page
Query Builder