Lucene search
K

28076 matches found

Vulnrichment
Vulnrichment
added 2026/01/12 9:40 p.m.4 views

CVE-2026-22788 WebErpMesv2 allows unauthenticated API Access

WebErpMesv2 is a Resource Management and Manufacturing execution system Web for industry. Prior to 1.19, the WebErpMesV2 application exposes multiple sensitive API endpoints without authentication middleware. An unauthenticated remote attacker can read business-critical data including companies,...

8.2CVSS6.8AI score0.00527EPSS
Exploits1References2
OSV
OSV
added 2026/01/12 5:15 p.m.6 views

CVE-2025-46067

An issue in Automai Director v.25.2.0 allows a remote attacker to escalate privileges and obtain sensitive information via a crafted js file...

8.2CVSS5.8AI score0.00255EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/01/12 10:10 a.m.15 views

WordPress WooCommerce Square plugin <= 5.1.1 - Unauthenticated Insecure Direct Object Reference to Sensitive Information Exposure vulnerability

Unauthenticated Insecure Direct Object Reference to Sensitive Information Exposure vulnerability discovered by DityaRA in WordPress Plugin WooCommerce Square versions = 5.1.1...

7.5CVSS6.9AI score0.00256EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/01/12 3:26 a.m.13 views

CVE-2026-0853

CVE-2026-0853 affects certain NVR models from A-Plus Video Technologies. The underlying issue is a Sensitive Data Exposure that can be exploited by unauthenticated remote attackers to access the device’s debug page and retrieve device status information. Impact is described as exposure of status ...

6.9CVSS6.7AI score0.00267EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/01/12 3:26 a.m.23 views

CVE-2026-0853 A-Plus Video Technologies|NVR - Sensitive Data Exposure

Certain NVR models developed by A-Plus Video Technologies has a Sensitive Data Exposure vulnerability, allowing unauthenticated remote attackers to access the debug page and obtain device status information...

6.9CVSS0.00267EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/01/12 3:26 a.m.4 views

CVE-2026-0853 A-Plus Video Technologies|NVR - Sensitive Data Exposure

Certain NVR models developed by A-Plus Video Technologies has a Sensitive Data Exposure vulnerability, allowing unauthenticated remote attackers to access the debug page and obtain device status information...

6.9CVSS6.7AI score0.00267EPSS
Exploits0References2
EUVD
EUVD
added 2026/01/12 3:26 a.m.3 views

EUVD-2026-1953

Certain NVR models developed by A-Plus Video Technologies has a Sensitive Data Exposure vulnerability, allowing unauthenticated remote attackers to access the debug page and obtain device status information...

6.9CVSS6.6AI score0.00267EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/01/12 12:0 a.m.16 views

CVE-2025-46067

An issue in Automai Director v.25.2.0 allows a remote attacker to escalate privileges and obtain sensitive information via a crafted js file...

0.00255EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/01/12 12:0 a.m.4 views

WebErpMesv2 访问控制错误漏洞

WebErpMesv2 is an industry-oriented web system for resource management and manufacturing by Kevin Personal Developer. An Access Control Error vulnerability exists in WebErpMesv2 versions prior to 1.19 that stems from multiple sensitive API endpoints that do not utilize authentication middleware,...

8.2CVSS6.8AI score0.00527EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/01/12 12:0 a.m.15 views

PT-2026-2310

Name of the Vulnerable Software and Affected Versions hermes versions 0.8.1 through 0.9.0 Description hermes, a software publication automation workflow, exhibits a flaw where subcommands accept arbitrary options through the -O argument. Providing sensitive data, such as API tokens e.g., via herm...

5.9CVSS6.5AI score0.00154EPSS
Exploits0References12
CVE
CVE
added 2026/01/10 6:32 a.m.13 views

CVE-2025-14943

CVE-2025-14943 affects Blog2Social: Social Media Auto Post & Scheduler for WordPress. The vulnerability arises from a misconfigured authorization check in getShipItemFullText: it only verifies Subscriber-level read capability and a valid nonce, but does not confirm access permissions for the spec...

4.3CVSS5.2AI score0.00193EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/01/10 6:32 a.m.4 views

CVE-2025-14943 Blog2Social: Social Media Auto Post & Scheduler <= 8.7.2 - Incorrect Authorization to Authenticated (Subscriber+) Sensitive Information Exposure

The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 8.7.2. This is due to a misconfigured authorization check on the 'getShipItemFullText' function which only verifies that a user has the...

4.3CVSS5.2AI score0.00193EPSS
Exploits0References3
EUVD
EUVD
added 2026/01/10 6:32 a.m.7 views

EUVD-2026-1859

The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 8.7.2. This is due to a misconfigured authorization check on the 'getShipItemFullText' function which only verifies that a user has the...

4.3CVSS5.1AI score0.00193EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/01/10 5:41 a.m.3 views

CVE-2025-67931

Insertion of Sensitive Information Into Sent Data vulnerability in AITpro BulletProof Security bulletproof-security allows Retrieve Embedded Sensitive Data.This issue affects BulletProof Security: from n/a through = 6.9...

7.5CVSS5.9AI score0.00245EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/10 5:41 a.m.5 views

CVE-2025-67280

In TIM BPM Suite/ TIM FLOW through 9.1.2 multiple Hibernate Query Language injection vulnerabilities exist which allow a low privileged user to extract passwords of other users and access sensitive data of another user...

5.4CVSS7.2AI score0.00195EPSS
Exploits0References1
EUVD
EUVD
added 2026/01/10 3:41 a.m.6 views

EUVD-2026-1880

WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.2.5, after WeKnora enables the Agent service, it allows users to call the database query tool. Due to insufficient backend validation, an attacker can use prompt‑based bypass...

8.1CVSS6AI score0.00353EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/01/10 3:41 a.m.25 views

CVE-2026-22687 WeKnora vulnerable to SQL Injection

WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.2.5, after WeKnora enables the Agent service, it allows users to call the database query tool. Due to insufficient backend validation, an attacker can use prompt‑based bypass...

5.6CVSS0.00353EPSS
Exploits1References2
OSV
OSV
added 2026/01/10 3:41 a.m.5 views

CVE-2026-22687 WeKnora vulnerable to SQL Injection

WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.2.5, after WeKnora enables the Agent service, it allows users to call the database query tool. Due to insufficient backend validation, an attacker can use prompt‑based bypass...

5.6CVSS6.2AI score0.00353EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/01/10 12:0 a.m.5 views

WeKnora SQL注入漏洞

WeKnora is an LLM-based framework open-sourced by Tencent with features such as deep document understanding, semantic retrieval and context-aware answers using the RAG paradigm. A SQL injection vulnerability exists in WeKnora versions prior to 0.2.5, which stems from insufficient back-end...

9.8CVSS7.4AI score0.00353EPSS
Exploits1References2
Patchstack
Patchstack
added 2026/01/09 10:10 p.m.8 views

WordPress Blog2Social: Social Media Auto Post & Scheduler plugin <= 8.7.2 - Incorrect Authorization to Authenticated (Subscriber+) Sensitive Information Exposure vulnerability

Incorrect Authorization to Authenticated Subscriber+ Sensitive Information Exposure vulnerability discovered by theviper17y in WordPress Plugin Blog2Social versions = 8.7.2...

4.3CVSS6.9AI score0.00193EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder