Search Results (366 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-10588 1 Lenovo 57 Ideapad 5 15aba7 Bios, Ideapad Pro 5 16agp11 Bios, Ideapad Pro 5 16asp10 Bios and 54 more 2026-07-17 4.4 Medium
A potential vulnerability could allow a local privileged attacker to disclose the address of protected System Management Mode memory.
CVE-2026-50294 1 Microsoft 13 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 10 more 2026-07-16 6.2 Medium
Exposure of sensitive system information to an unauthorized control sphere in Windows Kernel allows an unauthorized attacker to disclose information locally.
CVE-2018-25358 2 D-link, Dlink 2 Dir601na, Dir-601 2026-07-15 7.5 High
D-Link DIR601 2.02NA contains a credential disclosure vulnerability that allows unauthenticated attackers to retrieve sensitive configuration data by manipulating the table_name parameter in POST requests. Attackers can send requests to /my_cgi.cgi with table_name values like admin_user, wireless_settings, and wireless_security to extract administrative credentials and wireless network keys in clear text.
CVE-2026-61977 2 Crocoblock, Wordpress 2 Jetsearch, Wordpress 2026-07-13 5.3 Medium
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Crocoblock JetSearch jet-search allows Retrieve Embedded Sensitive Data.This issue affects JetSearch: from n/a through <= 3.6.1.2.
CVE-2026-57393 2 Edgarrojas, Wordpress 2 Woocommerce Pdf Invoice Builder, Wordpress 2026-07-13 6.5 Medium
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in EDGARROJAS WooCommerce PDF Invoice Builder woo-pdf-invoice-builder allows Retrieve Embedded Sensitive Data.This issue affects WooCommerce PDF Invoice Builder: from n/a through <= 2.0.8.
CVE-2026-61976 2026-07-13 5.3 Medium
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Crocoblock JetBlocks For Elementor jet-blocks allows Retrieve Embedded Sensitive Data.This issue affects JetBlocks For Elementor: from n/a through <= 1.5.0.
CVE-2026-61975 2026-07-13 5.3 Medium
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Crocoblock JetReviews jet-reviews allows Retrieve Embedded Sensitive Data.This issue affects JetReviews: from n/a through <= 3.0.1.
CVE-2026-57753 2 Nathanbarry, Wordpress 2 Kit (formerly Convertkit) For Woocommerce, Wordpress 2026-07-06 5.3 Medium
Unauthenticated Sensitive Data Exposure in Kit (formerly ConvertKit) for WooCommerce <= 2.1.5 versions.
CVE-2026-14808 2026-07-06 9.8 Critical
Prog Management System developed by PROG MIS has a Exposure of Sensitive Information vulnerability, allowing unauthenticated remote attackers to view a specific page and obtain the database account and password.
CVE-2026-55726 2026-07-06 5.3 Medium
The Azure Blob Storage container used for Gardyn device logs is publicly listable without authentication. A malicious user would be able to access any device log file available in the blob storage container.
CVE-2026-56124 1 Shimosyan 1 Phpuploader 2026-07-01 7.5 High
phpUploader before 2.0.2 contains an unauthenticated information disclosure vulnerability that allows remote attackers to access the full contents of the uploaded-files database table by visiting any page of the application. The index model executes an unbounded SELECT query and embeds the complete JSON-encoded result set in an inline script block, exposing uploader IP addresses, Argon2ID key hashes, internal filenames, and SHA-256 fingerprints.
CVE-2025-46421 1 Redhat 5 Enterprise Linux, Rhel Aus, Rhel E4s and 2 more 2026-06-30 6.8 Medium
A flaw was found in libsoup. When libsoup clients encounter an HTTP redirect, they mistakenly send the HTTP Authorization header to the new host that the redirection points to. This allows the new host to impersonate the user to the original host that issued the redirect.
CVE-2026-57316 2 Roxnor, Wordpress 2 Getgenie, Wordpress 2026-06-29 6.5 Medium
Subscriber Sensitive Data Exposure in GetGenie <= 4.4.2 versions.
CVE-2026-57633 2 Wcboost, Wordpress 2 Wcboost – Products Compare, Wordpress 2026-06-29 5.3 Medium
Unauthenticated Sensitive Data Exposure in WCBoost &#8211; Products Compare <= 1.1.0 versions.
CVE-2026-57664 2 Villatheme, Wordpress 2 Bopo – Woocommerce Product Bundle Builder, Wordpress 2026-06-29 4.3 Medium
Unauthenticated Sensitive Data Exposure in Bopo – WooCommerce Product Bundle Builder <= 1.1.6 versions.
CVE-2026-54824 2 Ads By Wpquads, Wordpress 2 Ads By Wpquads, Wordpress 2026-06-29 7.5 High
Unauthenticated Sensitive Data Exposure in Ads by WPQuads <= 3.0.3 versions.
CVE-2026-56060 2 Tychesoftwares, Wordpress 2 Print Invoice & Delivery Notes For Woocommerce, Wordpress 2026-06-26 7.5 High
Unauthenticated Sensitive Data Exposure in Print Invoice & Delivery Notes for WooCommerce <= 7.1.1 versions.
CVE-2026-34891 2 Hitpay, Idpay 2 Payment Gateway For Woocommerce, Payment Gateway For Woocommerce 2026-06-26 7.5 High
Unauthenticated Sensitive Data Exposure in IDPay Payment Gateway for Woocommerce <= 2.2.5 versions.
CVE-2026-48878 2 Bootstrapped, Wordpress 2 Visual Link Preview, Wordpress 2026-06-26 6.5 Medium
Subscriber Sensitive Data Exposure in Visual Link Preview <= 2.4.1 versions.
CVE-2026-40796 2 Ollybach, Wordpress 2 Wppizza, Wordpress 2026-06-23 6.5 Medium
Subscriber Sensitive Data Exposure in WPPizza <= 3.19.9 versions.