PT-2026-50799

Name of the Vulnerable Software and Affected Versions Cost Management Interactive Experiences affected versions not specified Description Exposure of sensitive information in Cost Management Interactive Experiences allows an unauthorized attacker to disclose information over a network...

CVE-2026-50201

Steeltoe is an open source project that provides a collection of libraries that helps users build cloud-native applications. In Steeltoe.Management.Endpoint prior to version 4.2.0 and Steeltoe.Management.EndpointCore prior to version 3.4.0, all Steeltoe actuator endpoints default to...

CVE-2026-50201 Steeltoe's sensitive actuators (heapdump/env) only require Restricted permission

Steeltoe is an open source project that provides a collection of libraries that helps users build cloud-native applications. In Steeltoe.Management.Endpoint prior to version 4.2.0 and Steeltoe.Management.EndpointCore prior to version 3.4.0, all Steeltoe actuator endpoints default to...

EUVD-2026-37625

Unauthenticated Sensitive Data Exposure in JetBlog = 2.4.8 versions...

EUVD-2026-37671

Unauthenticated Sensitive Data Exposure in Bricksforge = 3.1.8.4 versions...

CVE-2026-20190

A vulnerability in Cisco ISE and ISE-PIC could allow an unauthenticated, remote attacker to view sensitive information on an affected device. This vulnerability is due to improper authorization checks when a resource is accessed. An attacker could exploit this vulnerability by sending crafted...

EUVD-2026-37749

A vulnerability in Cisco ISE and ISE-PIC could allow an unauthenticated, remote attacker to view sensitive information on an affected device. This vulnerability is due to improper authorization checks when a resource is accessed. An attacker could exploit this vulnerability by sending crafted...

CVE-2026-20190

Cisco ISE and ISE-PIC are affected by CVE-2026-20190. The issue arises from improper authorization checks when accessing a resource, allowing an unauthenticated, remote attacker to view sensitive information on an affected device. Reported impact includes access to hashed credentials that could b...

CVE-2024-35690

Insertion of sensitive information into sent data vulnerability in MarketingFire Widget Options allows Retrieve Embedded Sensitive Data. This issue affects Widget Options: from n/a through 4.0.1...

CVE-2026-52696 WordPress JetBlog plugin <= 2.4.8 - Sensitive Data Exposure vulnerability

Unauthenticated Sensitive Data Exposure in JetBlog = 2.4.8 versions...

CVE-2026-52696

CVE-2026-52696 concerns the WordPress JetBlog plugin (versions &lt;= 2.4.8) and describes an unauthenticated sensitive data exposure. The entry specifies a CVSS 3.1 base score of 7.5 (HIGH), with network attack vector, no privileges required, no user interaction, and impact limited to confidentia...

CVE-2026-34888 WordPress Bricksforge plugin <= 3.1.8.4 - Sensitive Data Exposure vulnerability

Unauthenticated Sensitive Data Exposure in Bricksforge = 3.1.8.4 versions...

CVE-2026-34888

CVE-2026-34888 concerns the WordPress Bricksforge plugin (versions ≤ 3.1.8.4) with an unauthenticated sensitive data exposure vulnerability. The connected Patchstack entry specifies that it is a vulnerability in Bricksforge where sensitive data could be exposed without authentication, resulting i...

CVE-2026-28587

CVE-2026-28587 affects the MmsSmsProvider component (MmsSmsProvider.java), enabling local information disclosure via a missing permission check. Exploitation requires no user interaction and does not require additional privileges; impact is confined to information disclosure. The vulnerability is...

SUSE CVE-2024-38798

EDK2 contains a vulnerability in BIOS where an attacker may cause “Exposure of Sensitive Information to an Unauthorized Actor” by local access. Successful exploitation of this vulnerability will lead to possible information disclosure or escalation of privilege and impact Confidentiality...

PT-2026-50459

Name of the Vulnerable Software and Affected Versions Cisco ISE affected versions not specified Cisco ISE-PIC affected versions not specified Description Improper authorization checks when accessing a resource could allow an unauthenticated, remote attacker to view sensitive information on an...

CVE-2026-54197

Unauthenticated Sensitive Data Exposure in GetGenie = 4.4.1 versions...

CVE-2026-54197 WordPress GetGenie plugin <= 4.4.1 - Sensitive Data Exposure vulnerability

Unauthenticated Sensitive Data Exposure in GetGenie = 4.4.1 versions...

CVE-2026-54197

The CVE-2026-54197 entry concerns the WordPress GetGenie plugin version &lt;= 4.4.1, where an unauthenticated sensitive data exposure vulnerability is reported. Public documents consistently indicate exposure of sensitive data without authentication, affecting GetGenie

MobileIron Core - Remote Unauthenticated API Access

Ivanti Endpoint Manager Mobile EPMM, formerly MobileIron Core, Since CVE-2023-35082 arises from the same place as CVE-2023-35078, specifically the permissive nature of certain entries in the mifs web application’s security filter chain. id: CVE-2023-35082 info: name: MobileIron Core - Remote...