126332 matches found
CVE-2026-57318 WordPress Site Reviews plugin <= 8.0.11 - Sensitive Data Exposure vulnerability
Subscriber Sensitive Data Exposure in Site Reviews = 8.0.11 versions...
EUVD-2026-39729
Subscriber Sensitive Data Exposure in GetGenie = 4.4.2 versions...
CVE-2026-57316 WordPress GetGenie plugin <= 4.4.2 - Sensitive Data Exposure vulnerability
Subscriber Sensitive Data Exposure in GetGenie = 4.4.2 versions...
CVE-2026-56060
The CVE concerns the WordPress plugin Print Invoice & Delivery Notes for WooCommerce . Affected: WooCommerce plugin versions up to and including 7.1.1 . Vulnerability: Unauthenticated Sensitive Data Exposure when generating prints for invoices and delivery notes, allowing access to confidential d...
EUVD-2026-39714
Unauthenticated Sensitive Data Exposure in Print Invoice & Delivery Notes for WooCommerce = 7.1.1 versions...
EUVD-2026-39681
Unauthenticated Sensitive Data Exposure in Trinity Backup Backup, Migrate, Restore, Clone & Schedule Backups = 2.0.9 versions...
CVE-2026-54839 WordPress Trinity Backup – Backup, Migrate, Restore, Clone & Schedule Backups plugin <= 2.0.9 - Sensitive Data Exposure vulnerability
Unauthenticated Sensitive Data Exposure in Trinity Backup Backup, Migrate, Restore, Clone & Schedule Backups = 2.0.9 versions...
CVE-2026-54839
The CVE concerns the WordPress Trinity Backup – Backup, Migrate, Restore, Clone & Schedule Backups plugin, affected
EUVD-2026-39678
Unauthenticated Sensitive Data Exposure in Object Cache 4 everyone = 2.3.2 versions...
CVE-2026-54834
CVE-2026-54834 affects the WordPress Object Cache 4 everyone plugin (≤ 2.3.2). Unauthenticated sensitive data exposure is described; no exploitation details or root-cause are provided in the connected documents. CVSSv3.1 base score 7.5 (HIGH) with network attack vector and no user interaction. No...
CVE-2026-54824
Unauthenticated sensitive data exposure affecting the WordPress Ads by WPQuads plugin ≤ 3.0.3. Affected component: the WPQuads Ads plugin for WordPress. Root cause: unspecified in the provided documents; the vulnerability is described as unauthenticated exposure. Impact: sensitive data exposure w...
EUVD-2026-39784
Unauthenticated Sensitive Data Exposure in Ads by WPQuads = 3.0.3 versions...
CVE-2026-54824 WordPress Ads by WPQuads plugin <= 3.0.3 - Sensitive Data Exposure vulnerability
Unauthenticated Sensitive Data Exposure in Ads by WPQuads = 3.0.3 versions...
WordPress Bopo – WooCommerce Product Bundle Builder plugin <= 1.1.6 - Sensitive Data Exposure vulnerability
Sensitive Data Exposure vulnerability discovered by Bao - BlueRock in WordPress Plugin Bopo – WooCommerce Product Bundle Builder versions = 1.1.6...
WordPress WCBoost – Products Compare plugin <= 1.1.0 - Sensitive Data Exposure vulnerability
Sensitive Data Exposure vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin WCBoost Products Compare versions = 1.1.0...
CVE-2026-10823
The YMC Filter WordPress plugin before 3.11.3 does not properly authorize access to one of its REST API endpoints and does not validate a user-supplied query parameter, allowing unauthenticated attackers to retrieve the titles and content of private, draft, and other non-public posts...
CVE-2025-71324
Flowise before 3.0.6 has an arbitrary file-read vulnerability in the chatId parameter of /api/v1/get-upload-file and /api/v1/openai-assistants-file/download. The chatId value is not validated and is passed to streamStorageFile(), where a fallback file-lookup path constructed without the orgId is ...
Malicious code in ref-slot (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1e1ef3e785cf6cb007c0b33be2ed43ebe49d64f476bb4fb3a66b914b06def5e1 On npm install, the package's postinstall hook runs node test.js which invokes index.js to perform multi-stage installer compromise. 1 Credential...
CVE-2026-37453
Insecure Permissions vulnerability in MSI NBFoundation Service v.2.0.2506.1201 allows a remote attacker to obtain sensitive information via the MSISERVICE2 pipe...
CVE-2026-37149
GROCERY-STORE-MANAGEMENT-SYSTEM-USING-PHP-AND-MYSQL-PHPMYADMIN v1.0 was discovered to contain a SQL injection vulnerability in the scost parameter in /grocery/searchproducts.php. This vulnerability allows attackers to access sensitive database information via a crafted SQL statement...