CVE-2026-8876

Version 3.0.7 of the Securly Chrome Extension contains hardcoded, plaintext AES passphrases in securly.min.js. These keys decrypt crisis alert keyword data and intervention site data...

PT-2026-46049

Name of the Vulnerable Software and Affected Versions Securly Chrome Extension version 3.0.7 Description The software contains hardcoded, plaintext AES passphrases within the securly.min.js file. These passphrases are used to decrypt intervention site data and crisis alert keyword data...

CVE-2026-8236 Concrete CMS 9.5.0 and below is vulnerable to IDOR combined with a missing authentication gate for endpoint /ccm/system/dialogs/file/usage/{fID}

Concrete CMS 9.5.0 and below is vulnerable to IDOR combined with a missing authentication gate. The endpoint /ccm/system/dialogs/file/usage/fID accepts an integer file ID in the URL and returns internal site structure data page IDs, versions, URL paths to anyone who sends a GET request. The...

CVE-2026-42069

Kirby is an open-source content management system. Prior to versions 4.9.0 and 5.4.0, read access to site, user and role information is not gated by permissions. This issue has been patched in versions 4.9.0 and 5.4.0...

CVE-2026-42069

Kirby is an open-source content management system. Prior to versions 4.9.0 and 5.4.0, read access to site, user and role information is not gated by permissions. This issue has been patched in versions 4.9.0 and 5.4.0...

CVE-2026-42069

Kirby is an open-source content management system. Prior to versions 4.9.0 and 5.4.0, read access to site, user and role information is not gated by permissions. This issue has been patched in versions 4.9.0 and 5.4.0...

EUVD-2026-28888

Kirby is an open-source content management system. Prior to versions 4.9.0 and 5.4.0, read access to site, user and role information is not gated by permissions. This issue has been patched in versions 4.9.0 and 5.4.0...

Kirby 安全漏洞

Kirby is a set of open-source content management systems based on files. Versions of Kirby prior to 4.9.0 and 5.4.0 have security vulnerabilities, which stem from the lack of permission control over access to site, user, and role information...

GHSA-2H7V-4372-F6X2 Kirby CMS's read access to site, user and role information is not gated by permissions

TL;DR This vulnerability affects all Kirby sites that might have potential attackers in the group of authenticated Panel users. This vulnerability is of high severity for affected sites. Sites using Kirby are not affected if they intend all users of the site to be able to list and access the site...

EUVD-2025-32702

The WP Reset plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.05 via the WFLicensing::log method when debugging is enabled default. This makes it possible for unauthenticated attackers to extract sensitive license key and site data...

CVE-2025-10645

The WP Reset plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.05 via the WFLicensing::log method when debugging is enabled default. This makes it possible for unauthenticated attackers to extract sensitive license key and site data...

CVE-2025-10645

CVE-2025-10645 affects the WordPress plugin WP Reset, specifically versions up to and including 2.05. The vulnerability allows unauthenticated attackers to trigger sensitive information exposure through the WF_Licensing::log() method when debugging is enabled, potentially leaking license keys and...

CVE-2025-10645 WP Reset <= 2.05 - Unauthenticated Sensitive Information Exposure via wf-licensing.log

The WP Reset plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.05 via the WFLicensing::log method when debugging is enabled default. This makes it possible for unauthenticated attackers to extract sensitive license key and site data...

EUVD-2021-1432

Malware in sbrugna...

PT-2025-40973

Name of the Vulnerable Software and Affected Versions WP Reset versions prior to 2.06 Description The WP Reset plugin for WordPress is susceptible to exposure of sensitive information in all versions up to and including 2.05. This occurs through the WF Licensing::log method when debugging is...

CVE-2024-4059

Out of bounds read in V8 API in Google Chrome prior to 124.0.6367.78 allowed a remote attacker to leak cross-site data via a crafted HTML page. Chromium security severity: High...

CVE-2010-1852

Microsoft Internet Explorer, when the Invisible Hand extension is enabled, uses cookies during background HTTP requests in a possibly unexpected manner, which might allow remote web servers to identify specific persons and their product searches via HTTP request logging, related to a "cross-site...

CVE-2024-4059

Out of bounds read in V8 API in Google Chrome prior to 124.0.6367.78 allowed a remote attacker to leak cross-site data via a crafted HTML page. Chromium security severity: High...

CVE-2024-4059

Out of bounds read in V8 API in Google Chrome prior to 124.0.6367.78 allowed a remote attacker to leak cross-site data via a crafted HTML page. Chromium security severity: High...

CVE-2024-4059

Out of bounds read in V8 API in Google Chrome prior to 124.0.6367.78 allowed a remote attacker to leak cross-site data via a crafted HTML page. Chromium security severity: High...