126309 matches found
CVE-2026-8095
CVE-2026-8095 — The Frontend File Manager Plugin for WordPress (up to version 23.6) is vulnerable to Authenticated Arbitrary File Deletion. A case-sensitive bypass of the wpfm_dir_path parameter sanitization in the wpfm_file_meta_update AJAX handler allows an attacker to overwrite the stored file...
CVE-2026-12404
The CVE concerns the NEX-Forms – Ultimate Forms Plugin for WordPress. All versions up to and including 9.2.2 are vulnerable to an authorization bypass due to improper verification of user permissions. This allows unauthenticated attackers to enumerate sequential report IDs and download complete f...
CVE-2025-59868
HCL Traveler for Microsoft Outlook HTMO is susceptible to a sensitive data exposure vulnerability which could allow an attacker to exploit application information to then attempt additional attacks and cause unknown behavior in the application...
EUVD-2025-210365
HCL Traveler for Microsoft Outlook HTMO is susceptible to a sensitive data exposure vulnerability which could allow an attacker to exploit application information to then attempt additional attacks and cause unknown behavior in the application...
CVE-2025-59868 HCL Traveler for Microsoft Outlook (HTMO) is susceptible to sensitive data exposure
HCL Traveler for Microsoft Outlook HTMO is susceptible to a sensitive data exposure vulnerability which could allow an attacker to exploit application information to then attempt additional attacks and cause unknown behavior in the application...
CVE-2025-59868
HCL Traveler for Microsoft Outlook HTMO is susceptible to a sensitive data exposure vulnerability which could allow an attacker to exploit application information to then attempt additional attacks and cause unknown behavior in the application...
Jeecg-Boot v3.5.1 - SQL Injection
SQL injection vulnerability via the title parameter at /sys/dict/loadTreeData in jeecg-boot v3.5.1. id: CVE-2023-38992 info: name: Jeecg-Boot v3.5.1 - SQL Injection author: ritikchaddha severity: critical description: | SQL injection vulnerability via the title parameter at /sys/dict/loadTreeData...
Mlflow <2.9.2 - Path Traversal
Path Traversal: '..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2. id: CVE-2023-6909 info: name: Mlflow 2.9.2 - Path Traversal author: Hyunsoo-ds severity: high description: | Path Traversal: '..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2. impact: | Successful...
Cisco RV132W/RV134W Router - Information Disclosure
Cisco RV132W ADSL2+ Wireless-N VPN Routers and Cisco RV134W VDSL2 Wireless-AC VPN Routers could allow an unauthenticated, remote attacker to view configuration parameters for an affected device via the web interface, which could lead to the disclosure of confidential information. id: CVE-2018-012...
CVE-2026-5757
Unauthenticated remote information disclosure vulnerability in Ollama's model quantization engine allows an attacker to read and exfiltrate the server's heap memory, potentially leading to sensitive data exposure, further compromise, and stealthy persistence...
EUVD-2026-39790
Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. From 2.45.0 until 2.91.0, the METS-GBS backend's XML parsing and the input document format detection lacked security controls. An attacker could craft malicious METS-GBS...
CVE-2026-57664
Unauthenticated Sensitive Data Exposure in Bopo – WooCommerce Product Bundle Builder = 1.1.6 versions...
CVE-2026-56060
Unauthenticated Sensitive Data Exposure in Print Invoice & Delivery Notes for WooCommerce = 7.1.1 versions...
CVE-2026-54839
Unauthenticated Sensitive Data Exposure in Trinity Backup Backup, Migrate, Restore, Clone & Schedule Backups = 2.0.9 versions...
CVE-2026-54834
Unauthenticated Sensitive Data Exposure in Object Cache 4 everyone = 2.3.2 versions...
CVE-2026-54824
Unauthenticated Sensitive Data Exposure in Ads by WPQuads = 3.0.3 versions...
CVE-2026-5757 There exists an unauthenticated remote information disclosure vulnerability in Ollama's model quantization engine
Unauthenticated remote information disclosure vulnerability in Ollama's model quantization engine allows an attacker to read and exfiltrate the server's heap memory, potentially leading to sensitive data exposure, further compromise, and stealthy persistence...
CVE-2026-57664
The CVE-2026-57664 entry concerns a vulnerability in the WordPress plugin Bopo – WooCommerce Product Bundle Builder, specifically versions
CVE-2026-57664 WordPress Bopo – WooCommerce Product Bundle Builder plugin <= 1.1.6 - Sensitive Data Exposure vulnerability
Unauthenticated Sensitive Data Exposure in Bopo – WooCommerce Product Bundle Builder = 1.1.6 versions...
EUVD-2026-39669
Unauthenticated Sensitive Data Exposure in Bopo – WooCommerce Product Bundle Builder = 1.1.6 versions...