CVE-2026-41219 BIG-IP QKView vulnerability

An improper sanitization vulnerability exists in the BIG-IP QKView utility that allows a low-privileged attacker to read sensitive information from a QKView file. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2026-40462

CVE-2026-40462 affects F5 BIG-IP: an incorrect permission assignment in iControl REST and the TMOS shell (tmsh) could allow an authenticated user to view sensitive information (control plane exposure). Concrete details from connected advisories show affected branches/versions and available fixes....

CVE-2026-41219 BIG-IP QKView vulnerability

An improper sanitization vulnerability exists in the BIG-IP QKView utility that allows a low-privileged attacker to read sensitive information from a QKView file. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

K000157981: BIG-IP DNS tmsh vulnerability CVE-2026-42408

Security Advisory Description When BIG-IP DNS is provisioned, a vulnerability exists in an undisclosed TMOS Shell tmsh command that may allow a highly privileged authenticated attacker to view sensitive information. CVE-2026-42408 Impact An authenticated attacker with Resource Administrator role...

WordPress MonsterInsights – Google Analytics Dashboard for WordPress (Website Stats Made Easy) plugin <= 10.1.2 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure And Plugin Integration Reset vulnerability

Missing Authorization to Authenticated Subscriber+ Sensitive Information Exposure And Plugin Integration Reset vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin Google Analytics by Monster Insights versions = 10.1.2...

Information Disclosure of view filter metadata via Broken Sensitive Data Masking in ViewService

None...

Android App "Anshin Filter for au" vulnerable to cleartext transmission of sensitive information

Overview Android App "Anshin Filter for au" provided by KDDI CORPORATION contains the following vulnerability. Cleartext transmission of sensitive information CWE-319 - CVE-2026-41281 Impact A man-in-the-middle attacker may access and modify communications transmitted in plaintext, potentially...

CVE-2026-21016

Incorrect privilege assignment in LocationManager prior to SMR May-2026 Release 1 allows local attackers to access sensitive information...

CVE-2025-9987

The Broadstreet plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.53.1 via the getsponsoredmeta AJAX action. This makes it possible for authenticated attackers, with subscriber-level access and above, to extract data from password protect...

CVE-2026-21022

Improper handling of insufficient permissions in Routines prior to SMR May-2026 Release 1 allows local attackers to access sensitive information...

CVE-2026-21016

Incorrect privilege assignment in LocationManager prior to SMR May-2026 Release 1 allows local attackers to access sensitive information...

CVE-2025-9987

The Broadstreet plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.53.1 via the getsponsoredmeta AJAX action. This makes it possible for authenticated attackers, with subscriber-level access and above, to extract data from password protect...

CVE-2026-6888

Successful exploitation of the SQL injection vulnerability could allow a remote authenticated attacker to execute arbitrary commands via a specific interface, potentially enabling the attacker to access, modify, or delete sensitive information within the database...

CVE-2026-6888

Successful exploitation of the SQL injection vulnerability could allow a remote authenticated attacker to execute arbitrary commands via a specific interface, potentially enabling the attacker to access, modify, or delete sensitive information within the database...

EUVD-2026-29828

PowerSYSTEM Center REST API endpoint for device account export allows an authenticated user with limited permissions to expose sensitive information normally restricted to administrative permissions only...

Zoom Workplace 安全漏洞

Zoom Workplace is a desktop application developed by the American company Zoom. Versions of Zoom Workplace prior to 7.0.0 contained a security vulnerability. This vulnerability stemmed from a failure in the protection mechanisms, which could allow authenticated users to access sensitive informati...

F5 BIG-IP 安全漏洞

F5 BIG-IP is an application delivery platform developed by F5 Technologies in the United States. It integrates functions such as network traffic management, application security management, and load balancing. F5 BIG-IP has a security vulnerability that stems from improper permission allocation,...

PT-2026-40649

Name of the Vulnerable Software and Affected Versions F5 BIG-IP versions prior to 17.1.3.1 F5 BIG-IP versions prior to 17.5.1.4 F5 BIG-IP versions prior to 21.0.0.1 Description Incorrect permission assignment issues exist in iControl REST and an undisclosed command within the TMOS shell tmsh. The...

PT-2026-40750

An information disclosure vulnerability in the Chronosphere Chronocollector enables an unauthenticated attacker with network access to the collector service to retrieve sensitive information...

PT-2026-40569

Incorrect privilege assignment in LocationManager prior to SMR May-2026 Release 1 allows local attackers to access sensitive information...