CVE-2026-42763

Missing Authorization vulnerability in SePay team SePay Gateway allows Retrieve Embedded Sensitive Data. This issue affects SePay Gateway: from n/a through 1.1.20...

CVE-2026-42763

The CVE pertains to the WordPress SePay Gateway plugin (versions

EUVD-2026-31754

Missing Authorization vulnerability in SePay team SePay Gateway allows Retrieve Embedded Sensitive Data. This issue affects SePay Gateway: from n/a through 1.1.20...

CVE-2026-42763 WordPress SePay Gateway plugin <= 1.1.20 - Sensitive Data Exposure vulnerability

Missing Authorization vulnerability in SePay team SePay Gateway allows Retrieve Embedded Sensitive Data. This issue affects SePay Gateway: from n/a through 1.1.20...

CVE-2026-42763 WordPress SePay Gateway plugin <= 1.1.20 - Sensitive Data Exposure vulnerability

Missing Authorization vulnerability in SePay team SePay Gateway allows Retrieve Embedded Sensitive Data. This issue affects SePay Gateway: from n/a through 1.1.20...

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure in JexlContextBuilder. An administrator user with entitlements for Derived Schemas and User read can access other users' passwordHistory, securityAnswer, token, tokenExpireTime, and cipherAlgorithm values via...

CVE-2026-47070

Sensitive Data Exposure vulnerability in benoitc hackney allows Retrieve Embedded Sensitive Data. The HTTP/3 redirect handler in src/hackneyh3.erl passes the original request headers unchanged to the redirect target without performing any cross-origin check. When a client issues an HTTP/3 request...

CVE-2018-25381 Joomla Responsive Portfolio 1.6.1 SQL Injection via filter parameters

Joomla Responsive Portfolio 1.6.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL commands through multiple filter parameters. Attackers can inject malicious SQL code via the filtertypeid, filterpidid, and filtersearch parameters in POST reques...

EUVD-2018-21901

Joomla Component eXtroForms 2.1.5 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL commands through the filtertypeid, filterpidid, and filtersearch parameters. Attackers can submit POST requests to the extroformfield view with malicious SQL...

CVE-2026-47070 HTTP/3 redirect handler leaks Authorization and Cookie headers to cross-origin redirect target in hackney

Sensitive Data Exposure vulnerability in benoitc hackney allows Retrieve Embedded Sensitive Data. The HTTP/3 redirect handler in src/hackneyh3.erl passes the original request headers unchanged to the redirect target without performing any cross-origin check. When a client issues an HTTP/3 request...

CVE-2026-47070

Sensitive Data Exposure vulnerability in benoitc hackney allows Retrieve Embedded Sensitive Data. The HTTP/3 redirect handler in src/hackneyh3.erl passes the original request headers unchanged to the redirect target without performing any cross-origin check. When a client issues an HTTP/3 request...

USN-8299-1: Rclone vulnerabilities

It was discovered that Rclone incorrectly handled authorization in the remote control API. An attacker could possibly use this issue to obtain sensitive information. CVE-2026-41176 It was discovered that Rclone incorrectly handled backend instantiation via the remote control API. An attacker coul...

PT-2026-43067

Name of the Vulnerable Software and Affected Versions benoitc hackney versions 3.1.1 through 4.0.0 Description A sensitive data exposure issue exists where the HTTP/3 redirect handler in src/hackney h3.erl passes original request headers to a redirect target without performing cross-origin checks...

Collectric CMU SQL注入漏洞

The Collectric CMU is a smart meter device from Collectric in the Netherlands that supports power metering with supporting communication extensions. A SQL injection vulnerability exists in Collectric CMU version 1.0, which stems from the presence of Boolean-based blind SQL injection in the lang...

PT-2026-43154

Name of the Vulnerable Software and Affected Versions SePay Gateway versions prior to 1.1.21 Description A missing authorization issue in the SePay Gateway allows for the retrieval of embedded sensitive data. Recommendations Update to a version later than 1.1.20...

XML External Entity (XXE) Injection

Overview tpwd/kesearch is a search extension for TYPO3, including faceting search functions. Affected versions of this package are vulnerable to XML External Entity XXE Injection via the additionaltables configuration of the page and ttcontent indexers that accept arbitrary table and field names....

MAL-2026-4273 Malicious code in git-config-sync (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8e49db03099f1d6053a9ebada346c3816399bc47918c92d765162128a095c401 On import gitconfigsync, the package's core.py spawns a daemon thread after a 3-15 second random delay that walks /.ssh, /.aws, /.ethereum, /.config,...

CVE-2026-8477

Improper enforcement of the sealed-entry workflow in the entry sensitive-data retrieval feature in Devolutions Server allows an authenticated user with access to a sealed entry to retrieve its sensitive data without triggering the unseal audit notification via a crafted API request. This issue...

CVE-2026-8477

Improper enforcement of the sealed-entry workflow in the entry sensitive-data retrieval feature in Devolutions Server allows an authenticated user with access to a sealed entry to retrieve its sensitive data without triggering the unseal audit notification via a crafted API request. This issue...

CVE-2026-8671

Insertion of sensitive information into log file vulnerability in syslink software AG Avantra on Linux, Windows allows Resource Leak Exposure. This issue affects Avantra: before 25.3.0...