28076 matches found
CVE-2026-22788 WebErpMesv2 allows unauthenticated API Access
WebErpMesv2 is a Resource Management and Manufacturing execution system Web for industry. Prior to 1.19, the WebErpMesV2 application exposes multiple sensitive API endpoints without authentication middleware. An unauthenticated remote attacker can read business-critical data including companies,...
CVE-2025-46067
An issue in Automai Director v.25.2.0 allows a remote attacker to escalate privileges and obtain sensitive information via a crafted js file...
WordPress WooCommerce Square plugin <= 5.1.1 - Unauthenticated Insecure Direct Object Reference to Sensitive Information Exposure vulnerability
Unauthenticated Insecure Direct Object Reference to Sensitive Information Exposure vulnerability discovered by DityaRA in WordPress Plugin WooCommerce Square versions = 5.1.1...
CVE-2026-0853
CVE-2026-0853 affects certain NVR models from A-Plus Video Technologies. The underlying issue is a Sensitive Data Exposure that can be exploited by unauthenticated remote attackers to access the device’s debug page and retrieve device status information. Impact is described as exposure of status ...
CVE-2026-0853 A-Plus Video Technologies|NVR - Sensitive Data Exposure
Certain NVR models developed by A-Plus Video Technologies has a Sensitive Data Exposure vulnerability, allowing unauthenticated remote attackers to access the debug page and obtain device status information...
CVE-2026-0853 A-Plus Video Technologies|NVR - Sensitive Data Exposure
Certain NVR models developed by A-Plus Video Technologies has a Sensitive Data Exposure vulnerability, allowing unauthenticated remote attackers to access the debug page and obtain device status information...
EUVD-2026-1953
Certain NVR models developed by A-Plus Video Technologies has a Sensitive Data Exposure vulnerability, allowing unauthenticated remote attackers to access the debug page and obtain device status information...
CVE-2025-46067
An issue in Automai Director v.25.2.0 allows a remote attacker to escalate privileges and obtain sensitive information via a crafted js file...
WebErpMesv2 访问控制错误漏洞
WebErpMesv2 is an industry-oriented web system for resource management and manufacturing by Kevin Personal Developer. An Access Control Error vulnerability exists in WebErpMesv2 versions prior to 1.19 that stems from multiple sensitive API endpoints that do not utilize authentication middleware,...
PT-2026-2310
Name of the Vulnerable Software and Affected Versions hermes versions 0.8.1 through 0.9.0 Description hermes, a software publication automation workflow, exhibits a flaw where subcommands accept arbitrary options through the -O argument. Providing sensitive data, such as API tokens e.g., via herm...
CVE-2025-14943
CVE-2025-14943 affects Blog2Social: Social Media Auto Post & Scheduler for WordPress. The vulnerability arises from a misconfigured authorization check in getShipItemFullText: it only verifies Subscriber-level read capability and a valid nonce, but does not confirm access permissions for the spec...
CVE-2025-14943 Blog2Social: Social Media Auto Post & Scheduler <= 8.7.2 - Incorrect Authorization to Authenticated (Subscriber+) Sensitive Information Exposure
The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 8.7.2. This is due to a misconfigured authorization check on the 'getShipItemFullText' function which only verifies that a user has the...
EUVD-2026-1859
The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 8.7.2. This is due to a misconfigured authorization check on the 'getShipItemFullText' function which only verifies that a user has the...
CVE-2025-67931
Insertion of Sensitive Information Into Sent Data vulnerability in AITpro BulletProof Security bulletproof-security allows Retrieve Embedded Sensitive Data.This issue affects BulletProof Security: from n/a through = 6.9...
CVE-2025-67280
In TIM BPM Suite/ TIM FLOW through 9.1.2 multiple Hibernate Query Language injection vulnerabilities exist which allow a low privileged user to extract passwords of other users and access sensitive data of another user...
EUVD-2026-1880
WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.2.5, after WeKnora enables the Agent service, it allows users to call the database query tool. Due to insufficient backend validation, an attacker can use prompt‑based bypass...
CVE-2026-22687 WeKnora vulnerable to SQL Injection
WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.2.5, after WeKnora enables the Agent service, it allows users to call the database query tool. Due to insufficient backend validation, an attacker can use prompt‑based bypass...
CVE-2026-22687 WeKnora vulnerable to SQL Injection
WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.2.5, after WeKnora enables the Agent service, it allows users to call the database query tool. Due to insufficient backend validation, an attacker can use prompt‑based bypass...
WeKnora SQL注入漏洞
WeKnora is an LLM-based framework open-sourced by Tencent with features such as deep document understanding, semantic retrieval and context-aware answers using the RAG paradigm. A SQL injection vulnerability exists in WeKnora versions prior to 0.2.5, which stems from insufficient back-end...
WordPress Blog2Social: Social Media Auto Post & Scheduler plugin <= 8.7.2 - Incorrect Authorization to Authenticated (Subscriber+) Sensitive Information Exposure vulnerability
Incorrect Authorization to Authenticated Subscriber+ Sensitive Information Exposure vulnerability discovered by theviper17y in WordPress Plugin Blog2Social versions = 8.7.2...