CVE-2026-21025

Incorrect privilege assignment in Telephony prior to SMR Jun-2026 Release 1 allows local attackers to access sensitive information...

CVE-2026-21025

Incorrect privilege assignment in Telephony prior to SMR Jun-2026 Release 1 allows local attackers to access sensitive information...

WordPress Chatway Live Chat – AI Chatbot, Customer Support, FAQ & Helpdesk Customer Service & Chat Buttons plugin <= 1.4.8 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by dodoh4t in WordPress Plugin Chatway Live Chat AI Chatbot, Customer Support, FAQ & Helpdesk Customer Service & Chat Buttons versions = 1.4.8...

BIT-MLFLOW-2026-2734 Authorization Bypass in SearchModelVersions in mlflow/mlflow

In mlflow/mlflow versions up to 3.9.0, the SearchModelVersions REST API endpoint and the mlflowSearchModelVersions GraphQL query lack proper per-model authorization checks when basic authentication is enabled. This allows any authenticated user to enumerate all model versions across all registere...

EUVD-2026-34337

Exposure of sensitive information to an unauthorized actor in Microsoft Graph allows an authorized attacker to disclose information over a network...

PT-2026-46915

Incorrect privilege assignment in Telephony prior to SMR Jun-2026 Release 1 allows local attackers to access sensitive information...

ROS-20260605-73-0054

The vulnerabilities of Mozilla Firefox, Firefox ESR, and the email client Thunderbird are related to the use of memory after it is freed. Exploiting these vulnerabilities can allow an attacker to compromise the confidentiality, integrity, and accessibility of protected information...

CVE-2026-47655

Exposure of sensitive information to an unauthorized actor in Microsoft Graph allows an authorized attacker to disclose information over a network...

CVE-2026-10993

Heap buffer overflow in Skia in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-11196

Type Confusion in XML in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted XML file. Chromium security severity: Medium...

CVE-2026-11096

CVE-2026-11096 details an out-of-bounds read in WebRTC for Google Chrome, prior to 149.0.7827.53. The issue could allow a remote attacker to obtain potentially sensitive information from a process’s memory via a crafted HTML page. Affected product/component: WebRTC in Chrome (Chromium-based). Roo...

CVE-2026-11067

CVE-2026-11067 describes an uninitialized use in Dawn within Google Chrome before version 149.0.7827.53. The issue allows a remote attacker to potentially read sensitive information from process memory via a crafted HTML page. The connected sources confirm the vulnerability affects Dawn in Chrome...

CVE-2026-42539

IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 return sensitive data to the user which are not required for the client’s operation. Version 2.4.28 contains a patch...

CVE-2026-11322

Hermes WebUI prior to v0.51.221 contains a path traversal vulnerability that allows attackers to escape the workspace boundary by supplying symlinks that resolve to files or directories outside the designated workspace root. Attackers can exploit the workspace file and listing APIs, which resolve...

CVE-2026-47655

Exposure of sensitive information to an unauthorized actor in Microsoft Graph allows an authorized attacker to disclose information over a network...

CVE-2026-11322 Hermes WebUI before 0.51.221 Path Traversal via Symlink Workspace Bypass

Hermes WebUI prior to v0.51.221 contains a path traversal vulnerability that allows attackers to escape the workspace boundary by supplying symlinks that resolve to files or directories outside the designated workspace root. Attackers can exploit the workspace file and listing APIs, which resolve...

CVE-2026-11322 Hermes WebUI before 0.51.221 Path Traversal via Symlink Workspace Bypass

Hermes WebUI prior to v0.51.221 contains a path traversal vulnerability that allows attackers to escape the workspace boundary by supplying symlinks that resolve to files or directories outside the designated workspace root. Attackers can exploit the workspace file and listing APIs, which resolve...

EUVD-2026-34327

IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 return sensitive data to the user which are not required for the client’s operation. Version 2.4.28 contains a patch...

Insertion of Sensitive Information Into Sent Data

Overview org.webjars.npm:axios is a promise-based HTTP client for the browser and Node.js. Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data in the setProxy function. An attacker can obtain proxy credentials by inducing a redirect from an HTTP...

CVE-2019-25745

WordPress Plugin Google Review Slider 6.1 contains a time-based blind SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'tid' parameter. Attackers can send GET requests to the admin interface with malicious 'tid'...