EUVD-2026-17277

The Gravity SMTP plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.1.4. This is due to a REST API endpoint registered at /wp-json/gravitysmtp/v1/tests/mock-data with a permissioncallback that unconditionally returns true, allowing any...

CVE-2026-4020 Gravity SMTP <= 2.1.4 - Unauthenticated Sensitive Information Exposure via REST API

The Gravity SMTP plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.1.4. This is due to a REST API endpoint registered at /wp-json/gravitysmtp/v1/tests/mock-data with a permissioncallback that unconditionally returns true, allowing any...

CVE-2026-4020

Gravity SMTP for WordPress versions up to 2.1.4 exposes a REST endpoint at /wp-json/gravitysmtp/v1/tests/mock-data whose permission_callback always returns true, allowing unauthenticated access. When the ?page=gravitysmtp-settings parameter is used, register_connector_data() populates internal da...

CVE-2026-4020

The Gravity SMTP plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.1.4. This is due to a REST API endpoint registered at /wp-json/gravitysmtp/v1/tests/mock-data with a permissioncallback that unconditionally returns true, allowing any...

CVE-2026-4020 Gravity SMTP <= 2.1.4 - Unauthenticated Sensitive Information Exposure via REST API

The Gravity SMTP plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.1.4. This is due to a REST API endpoint registered at /wp-json/gravitysmtp/v1/tests/mock-data with a permissioncallback that unconditionally returns true, allowing any...

VulnCheck KEV: CVE-2026-4020

The Gravity SMTP plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.1.4. This is due to a REST API endpoint registered at /wp-json/gravitysmtp/v1/tests/mock-data with a permissioncallback that unconditionally returns true, allowing any...

CVE-2025-12192 The Events Calendar <= 6.15.9 - Sysinfo Key Incorrect Comparison to Unauthenticated Sensitive Information Exposure

The Events Calendar plugin for WordPress is vulnerable to information disclosure in versions up to, and including, 6.15.9. The sysinfo REST endpoint compares the provided key to the stored opt-in key using a loose comparison, allowing unauthenticated attackers to send a boolean value and obtain t...

CVE-2025-12192

CVE-2025-12192 affects The Events Calendar WordPress plugin up to version 6.15.9. The issue stems from the sysinfo REST endpoint performing a loose comparison between the provided key and the stored opt-in key, allowing unauthenticated attackers to trigger the endpoint and retrieve the full syste...

GHSA-G6PH-X5WF-G337

creationtimestamp| type| source ---|---|--- 2025-07-16 03:44:39+00:00| seen| https://gist.github.com/safer-bot/a2f85bb3abd40ab169cfae05635f3231 2025-07-16 05:25:32+00:00| seen| https://gist.github.com/safer-bot/811699bcd24fb9c9b20f9d70743bfff9 2025-07-16 05:45:14+00:00| seen|...

CVE-2022-49523

In the Linux kernel, the following vulnerability has been resolved: ath11k: disable spectral scan during spectral deinit When ath11k modules are removed using rmmod with spectral scan enabled, crash is observed. Different crash trace is observed for each crash. Send spectral scan disable WMI...

Unauthorized Access Vulnerability in Sailsoft FineBI

FineBI is a Business Intelligence Business Intelligence product launched by Fansoft, which can analyze the existing informatization data of the enterprise independently by the end business users, help the enterprise to find and solve the existing problems, assist the enterprise to adjust the...

CVE-2004-0363

creationtimestamp| type| source ---|---|--- 2010-05-09 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/16595 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/nis2004antispam.rb 2025-02-06 03:13:37+00:00|...