CVE-2026-5266

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation Echo. This vulnerability is associated with program files includes/Api/ApiEchoNotifications.Php. This issue affects Echo: from before 1.43.7, 1.44.4, 1.45.2...

CVE-2026-5266

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation Echo. This vulnerability is associated with program files includes/Api/ApiEchoNotifications.Php. This issue affects Echo: from before 1.43.7, 1.44.4, 1.45.2...

CVE-2026-5266

CVE-2026-5266 affects Wikimedia Foundation Echo, specifically the includes/Api/ApiEchoNotifications.Php component. The vulnerability allows exposure of sensitive information to an unauthorized actor and affects Echo versions before 1.43.7, 1.44.4, and 1.45.2. The Debian advisory notes the issue c...

CVE-2026-34093 Special:UserRights allows viewing user rights from private wiki

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Specials/SpecialUserRights.Php. This issue affects MediaWiki: from before 1.43.7, 1.44.4, 1.45.2...

CVE-2026-34093

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Specials/SpecialUserRights.Php. This issue affects MediaWiki: from before 1.43.7, 1.44.4, 1.45.2...

CVE-2026-44198

Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, a CMS user without the ability to edit a page could still access the history report for the page, potentially resulting in disclosure of sensitive information. This vulnerability is fixed in 7.0.7...

PYSEC-2026-147

Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, a CMS user without the ability to edit a page could still access the history report for the page, potentially resulting in disclosure of sensitive information. This vulnerability is fixed in 7.0.7...

CVE-2026-34092

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Skin/Skin.Php. This issue affects MediaWiki: from before 1.43.7, 1.44.4, 1.45.2...

GHSA-3JH5-RR2Q-XFV7 Valtimo has sensitive data exposure through HTTP request/response logging in LoggingRestClientCustomizer

Summary The LoggingRestClientCustomizer in the web module automatically intercepts all outgoing HTTP calls made via Spring's RestClient and logs the full request body, response body, and response headers. When an error response is received, this information is included in the thrown...

Valtimo has sensitive data exposure through HTTP request/response logging in LoggingRestClientCustomizer

Summary The LoggingRestClientCustomizer in the web module automatically intercepts all outgoing HTTP calls made via Spring's RestClient and logs the full request body, response body, and response headers. When an error response is received, this information is included in the thrown...

CVE-2026-34091

CVE-2026-34091 affects Wikimedia Foundation MediaWiki prior to versions 1.43.7, 1.44.4 and 1.45.2, exposing sensitive information to unauthorized actors. The connected sources confirm an information disclosure issue in MediaWiki with those versions. Debian advisory DSA-6208-1 states fixes for Med...

PT-2026-39808

This issue was addressed with improved checks. This issue is fixed in macOS Tahoe 26.5. An attacker with physical access to a locked device may be able to view sensitive user information...

PT-2026-39895

Name of the Vulnerable Software and Affected Versions Valtimo versions 12.4.0 through 12.32.0 Valtimo versions 13.0.0 through 13.25.0 Description The LoggingRestClientCustomizer in the web module automatically intercepts all outgoing HTTP calls made via Spring's RestClient and logs the full reque...

Apple多款产品 安全漏洞

Apple iOS, among others, are products of the American company Apple. Apple iOS is an operating system developed for mobile devices. Apple tvOS is an operating system for smart TVs. Apple watchOS is an operating system for smart watches. Several Apple products have security vulnerabilities; these...

Apple macOS 安全漏洞

Apple macOS is a specialized operating system developed by the American company Apple for Mac computers. Versions of Apple macOS Tahoe prior to 26.4 contained a security vulnerability caused by an authorization issue, which could allow applications to access sensitive user data...

📄 S2M Forgot Password Endpoint Token Exposure

This Python script demonstrates a security assessment targeting a forgot-password API endpoint in a digital payment platform operated by S2M, a company specializing in secure electronic transactions and payment processing solutions. The script sends a crafted POST request using a known email...

PT-2026-39811

An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 26.5 and iPadOS 26.5, visionOS 26.5. An app may be able to access sensitive user data...

MediaWiki 信息泄露漏洞

MediaWiki is a free and open-source wiki engine developed by the Wikimedia Foundation in the United States. This product can be used to deploy internal knowledge management and content management systems. Versions of MediaWiki prior to 1.43.7, 1.44.4, and 1.45.2 contained a vulnerability that led...

PT-2026-39844

Name of the Vulnerable Software and Affected Versions iOS versions prior to 18.7.9 iOS versions prior to 26.5 iPadOS versions prior to 18.7.9 iPadOS versions prior to 26.5 macOS Sequoia versions prior to 15.7.7 macOS Sonoma versions prior to 14.8.7 macOS Tahoe versions prior to 26.5 visionOS...

PT-2026-39831

A race condition was addressed with additional validation. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. An app may be able to access sensitive user data...