Export limit exceeded: 20133 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (404 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-42505 1 Go Standard Library 1 Crypto Tls 2026-07-08 5.3 Medium
Handshakes which used Encrypted Client Hello could be de-anonymized by a passive network observer due to a disclosure of pre-shared key identities in the unencrypted client hello.
CVE-2026-9546 1 Curl 1 Curl 2026-07-07 7.5 High
A vulnerability in libcurl caused the HTTP `Referer:` header to persist even when explicitly cleared. While the documentation states that passing NULL to `CURLOPT_REFERER` suppresses the header, the option failed to clear the internal state. As a result the previous referrer string was erroneously reused and sent in subsequent requests, potentially leaking sensitive information to unintended servers.
CVE-2026-59519 2026-07-07 5.3 Medium
Insertion of Sensitive Information Into Sent Data vulnerability in Softaculous FormLayer allows Retrieve Embedded Sensitive Data. This issue affects FormLayer: from n/a through 1.0.6.
CVE-2026-13211 1 Genua 1 Genucenter 2026-07-06 4.3 Medium
The genucenter web interface before version 8.0p11 unnecessarily exposes sensitive SNMP authentication and encryption keys in its HTTP responses to users with the “Service” or “Admin” role.
CVE-2025-69132 2 Wordpress, Zozothemes 2 Wordpress, Corpkit 2026-07-06 6.5 Medium
Subscriber Sensitive Data Exposure in Corpkit <= 1.0.5 versions.
CVE-2026-8927 1 Curl 1 Curl 2026-07-06 9.1 Critical
When reusing a libcurl handle for sequential transfers driven by environment-variable proxy configuration, libcurl fails to clear the proxy authentication state between requests. Specifically, if the initial transfer authenticates against `proxyA` using Digest auth, a subsequent transfer routed through `proxyB` erroneously leaks the `Proxy-Authorization:` header intended solely for `proxyA`.
CVE-2026-59511 2026-07-06 5.3 Medium
Insertion of Sensitive Information Into Sent Data vulnerability in Tim Strifler Exclusive Addons Elementor allows Retrieve Embedded Sensitive Data. This issue affects Exclusive Addons Elementor: from n/a through 2.7.9.9.
CVE-2026-57347 2 Jetmonsters, Wordpress 2 Hotel Booking Lite, Wordpress 2026-07-02 6.5 Medium
Subscriber Sensitive Data Exposure in Hotel Booking Lite <= 6.0.3 versions.
CVE-2026-57736 2 Hubspot, Wordpress 2 Hubspot, Wordpress 2026-07-01 7.4 High
Insertion of Sensitive Information Into Sent Data vulnerability in HubSpot allows Retrieve Embedded Sensitive Data. This issue affects HubSpot: from n/a through 11.3.51.
CVE-2026-12085 1 Ibm 2 Ucd Ibm Devops Deploy, Ucd Ibm Urbancode Deploy 2026-07-01 6.5 Medium
IBM UCD - IBM UrbanCode Deploy 7.3 through 7.3.2.18 and IBM UCD - IBM DevOps Deploy 8.0 through 8.0.1.13, 8.1 through 8.1.2.6, and 8.2 through 8.2.1.0 IBM DevOps Deploy could disclose sensitive configurations and secrets to authenticated users in API responses that could be used in further attacks against the system.
CVE-2026-54673 1 Electron-userland 2 Builder-util-runtime, Electron-builder 2026-07-01 6.5 Medium
electron-updater allows for automatic updates for Electron apps. Prior to 9.7.0, the HTTP redirect handler (HttpExecutor.prepareRedirectUrlOptions) only stripped a credential header whose key string matched exactly lowercase "authorization", exposing credentials. Other credential-bearing headers — most notably PRIVATE-TOKEN (used by GitLab's personal access token flow) and mixed-case Authorization (used by GitLab's Bearer/OAuth flow) — were not stripped and could be forwarded to an attacker-controlled cross-origin redirect destination. This issue has been fixed in version 9.7.0.
CVE-2026-27868 1 Teldat 1 Regesta Smart Hd-plc - Tldph16d2 2026-07-01 N/A
An attacker with access via network to the Regesta Smart HD-PLC of the provider Teldat (in this case, NO registration action is required) who has the vulnerable software could obtain privilege information by using the command Version via the path: /upgrade/query.php?cmd=p+3&3Bversion resulting in a information disclosure. This issue affects Regesta Smart HD-PLC - TLDPH16D2: 11.02.05.10.02.
CVE-2026-13437 1 Devolutions 1 Powershell Universal 2026-06-29 6.5 Medium
Insertion of sensitive information into sent data in the AI Agent job API in Devolutions PowerShell Universal 2026.2.0 allows an authenticated user with AI Agent read access to obtain reusable, potentially higher-privileged authentication tokens via App Tokens serialized in plaintext in job API responses.
CVE-2026-54834 2 Fpuenteonline, Wordpress 2 Object Cache 4 Everyone, Wordpress 2026-06-29 7.5 High
Unauthenticated Sensitive Data Exposure in Object Cache 4 everyone <= 2.3.2 versions.
CVE-2026-57318 2 Geminilabs, Wordpress 2 Site Reviews, Wordpress 2026-06-26 6.5 Medium
Subscriber Sensitive Data Exposure in Site Reviews <= 8.0.11 versions.
CVE-2026-50017 1 Pnpm 1 Pnpm 2026-06-26 6.5 Medium
pnpm is a package manager. Prior to 10.34.0 and 11.4.0, pnpm can send user-level unscoped npm authentication credentials to a registry chosen by a repository-local .npmrc file. In the reproduced case, the user's npm config contains a default registry and an unscoped _authToken. The repository does not provide a token-bearing auth line. It only sets registry= to a different registry URL. During normal pnpm metadata/install workflows, pnpm binds the user-origin unscoped credential to the repository-selected registry and sends it as an Authorization header. This vulnerability is fixed in 10.34.0 and 11.4.0.
CVE-2026-54821 2 Bootstrapped, Wordpress 2 Visual Link Preview, Wordpress 2026-06-26 7.4 High
Subscriber Sensitive Data Exposure in Visual Link Preview <= 2.3.1 versions.
CVE-2026-54848 2 Saad Iqbal, Wordpress 2 Apiexperts Square For Woocommerce, Wordpress 2026-06-26 8.3 High
Insertion of Sensitive Information Into Sent Data vulnerability in Saad Iqbal APIExperts Square for WooCommerce allows Retrieve Embedded Sensitive Data. This issue affects APIExperts Square for WooCommerce: from n/a through 4.7.3.
CVE-2026-54841 2 Appsbd, Wordpress 2 Vitepos, Wordpress 2026-06-25 7.5 High
Unauthenticated Sensitive Data Exposure in Vitepos <= 3.4.2 versions.
CVE-2026-55180 1 Pnpm 1 Pnpm 2026-06-25 6.5 Medium
pnpm is a package manager. Prior to 10.34.2 and 11.5.3, pnpm and pacquet expanded ${ENV_VAR} placeholders from repository-controlled .npmrc and pnpm-workspace.yaml into registry request destinations and registry credentials. A malicious repository could cause dependency resolution to send victim environment secrets to an attacker-selected registry before lifecycle scripts run. This vulnerability is fixed in 10.34.2 and 11.5.3.