WordPress My Social Feeds – Social Feeds Embedder Plugin for WP plugin <= 1.0.4 - Missing Authorization to Unauthenticated Sensitive Information Exposure vulnerability

Missing Authorization to Unauthenticated Sensitive Information Exposure vulnerability discovered by Teerachai Somprasong in WordPress Plugin My Social Feeds – Social Feeds Embedder Plugin for WordPress versions = 1.0.4...

joomla-exploits

joomla-exploits Exploit Title: Joomla! 4.2.8 - Unauthen...

WordPress CubeWP plugin <= 1.1.27 - Unauthenticated Information Exposure vulnerability

Unauthenticated Information Exposure vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin CubeWP versions = 1.1.27...

CVE-2025-12721 g-FFL Cockpit <= 1.7.1 - Missing Authorization to Unauthenticated Information Exposure

The g-FFL Cockpit plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.7.1 via the /serverstatus REST API endpoint due to a lack of capability checks. This makes it possible for unauthenticated attackers to extract information about the serv...

CVE-2025-30669

CVE-2025-30669 affects Zoom Workplace/Zoom Clients (prior to fixed versions such as 6.5.10). The root cause described in connected advisories is improper certificate validation, which may allow an unauthenticated attacker to disclose information via adjacent access. The issue spans Zoom Client co...

CVE-2025-33185

NVIDIA AIStore contains a vulnerability in AuthN where an unauthenticated user may cause information disclosure. A successful exploit of this vulnerability may lead to information disclosure...

CVE-2025-33185

NVIDIA AIStore contains a vulnerability in AuthN where an unauthenticated user may cause information disclosure. A successful exploit of this vulnerability may lead to information disclosure...

Multiple vulnerabilities in Century Systems FutureNet MA and IP-K series

Overview FutureNet MA and IP-K series provided by Century Systems Co., Ltd. contain multiple vulnerabilities listed below. OS command Injection CWE-78 - CVE-2025-54763 Files or directories acessible to external parties CWE-552 - CVE-2025-58152 Chuya Hayakawa of 00One, Inc. reported these...

CVE-2025-24921

Improper neutralization for some Edge Orchestrator software before version 24.11.1 for IntelR TiberTM Edge Platform may allow an unauthenticated user to potentially enable information disclosure via adjacent access...

CVE-2025-48996

CVE-2025-48996 describes an unauthenticated information disclosure in HAX open-apis used by PSU deployment of HAX CMS via the haxPsuUsage API endpoint. The vulnerability allows remote, unauthenticated users to enumerate a full list of PSU websites hosted on HAX CMS. The issue is associated with o...

CVE-2025-48996 Unauthenticated Disclosure of PSU HAX CMS Site Listings via haxPsuUsage API Endpoint

HAX open-apis provides microservice apis for HAX webcomponents repo that are shared infrastructure calls. An unauthenticated information disclosure vulnerability exists in the Penn State University deployment of the HAX content management system via the haxPsuUsage API endpoint, related to a flat...

CVE-2019-20213

D-Link DIR-859 routers before v1.07b03beta allow Unauthenticated Information Disclosure via the AUTHORIZEDGROUP=1%0a value, as demonstrated by vpnconfig.php...

CVE-2024-13623

The CVE-2024-13623 issue affects the WordPress plugin Order Export for WooCommerce. It allows unauthenticated attackers to exfiltrate sensitive data stored in the uploads directory, applicable to all versions up to 3.24. The vulnerability is conditional: it exists when Order data storage is set t...

WordPress PixelYourSite PRO plugin <= 10.4.2 - Unauthenticated Information Exposure and Log Deletion vulnerability

Unauthenticated Information Exposure and Log Deletion vulnerability discovered by Xetnus in WordPress Plugin PixelYourSite PRO versions = 10.4.2...

WordPress Premium SEO Pack plugin <= 1.6.002 - Unauthenticated Information Exposure vulnerability

Unauthenticated Information Exposure vulnerability discovered by Krzysztof Zając in WordPress Plugin Premium SEO Pack versions = 1.6.002...

WordPress Relevanssi plugin <= 4.22.2 - Unauthenticated Information Exposure vulnerability

Unauthenticated Information Exposure vulnerability discovered by stealthcopter in WordPress Plugin Relevanssi versions = 4.22.2...

WordPress NextGEN Gallery plugin <= 3.59 - Missing Authorization to Unauthenticated Information Disclosure vulnerability

Missing Authorization to Unauthenticated Information Disclosure vulnerability discovered by Peng Zhou in WordPress Plugin NextGEN Gallery versions = 3.59...

Exploit for Improper Access Control in Joomla Joomla\!

Joomla Unauthenticated Information Disclosure Exploit CVE-202...

CVE-2023-30950

The foundry campaigns service was found to be vulnerable to an unauthenticated information disclosure in a rest endpoint...

Screen SFT DAB 600/C - Unauthenticated Information Disclosure (userManager.cgx)

Exploit Title: Screen SFT DAB 600/C - Unauthenticated Information Disclosure userManager.cgx Exploit Author: LiquidWorm Vendor: DB Elettronica Telecomunicazioni SpA Product web page: https://www.screen.it | https://www.dbbroadcast.com...