Export limit exceeded: 20133 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (404 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-42505 | 1 Go Standard Library | 1 Crypto Tls | 2026-07-08 | 5.3 Medium |
| Handshakes which used Encrypted Client Hello could be de-anonymized by a passive network observer due to a disclosure of pre-shared key identities in the unencrypted client hello. | ||||
| CVE-2026-9546 | 1 Curl | 1 Curl | 2026-07-07 | 7.5 High |
| A vulnerability in libcurl caused the HTTP `Referer:` header to persist even when explicitly cleared. While the documentation states that passing NULL to `CURLOPT_REFERER` suppresses the header, the option failed to clear the internal state. As a result the previous referrer string was erroneously reused and sent in subsequent requests, potentially leaking sensitive information to unintended servers. | ||||
| CVE-2026-59519 | 2026-07-07 | 5.3 Medium | ||
| Insertion of Sensitive Information Into Sent Data vulnerability in Softaculous FormLayer allows Retrieve Embedded Sensitive Data. This issue affects FormLayer: from n/a through 1.0.6. | ||||
| CVE-2026-13211 | 1 Genua | 1 Genucenter | 2026-07-06 | 4.3 Medium |
| The genucenter web interface before version 8.0p11 unnecessarily exposes sensitive SNMP authentication and encryption keys in its HTTP responses to users with the “Service” or “Admin” role. | ||||
| CVE-2025-69132 | 2 Wordpress, Zozothemes | 2 Wordpress, Corpkit | 2026-07-06 | 6.5 Medium |
| Subscriber Sensitive Data Exposure in Corpkit <= 1.0.5 versions. | ||||
| CVE-2026-8927 | 1 Curl | 1 Curl | 2026-07-06 | 9.1 Critical |
| When reusing a libcurl handle for sequential transfers driven by environment-variable proxy configuration, libcurl fails to clear the proxy authentication state between requests. Specifically, if the initial transfer authenticates against `proxyA` using Digest auth, a subsequent transfer routed through `proxyB` erroneously leaks the `Proxy-Authorization:` header intended solely for `proxyA`. | ||||
| CVE-2026-59511 | 2026-07-06 | 5.3 Medium | ||
| Insertion of Sensitive Information Into Sent Data vulnerability in Tim Strifler Exclusive Addons Elementor allows Retrieve Embedded Sensitive Data. This issue affects Exclusive Addons Elementor: from n/a through 2.7.9.9. | ||||
| CVE-2026-57347 | 2 Jetmonsters, Wordpress | 2 Hotel Booking Lite, Wordpress | 2026-07-02 | 6.5 Medium |
| Subscriber Sensitive Data Exposure in Hotel Booking Lite <= 6.0.3 versions. | ||||
| CVE-2026-57736 | 2 Hubspot, Wordpress | 2 Hubspot, Wordpress | 2026-07-01 | 7.4 High |
| Insertion of Sensitive Information Into Sent Data vulnerability in HubSpot allows Retrieve Embedded Sensitive Data. This issue affects HubSpot: from n/a through 11.3.51. | ||||
| CVE-2026-12085 | 1 Ibm | 2 Ucd Ibm Devops Deploy, Ucd Ibm Urbancode Deploy | 2026-07-01 | 6.5 Medium |
| IBM UCD - IBM UrbanCode Deploy 7.3 through 7.3.2.18 and IBM UCD - IBM DevOps Deploy 8.0 through 8.0.1.13, 8.1 through 8.1.2.6, and 8.2 through 8.2.1.0 IBM DevOps Deploy could disclose sensitive configurations and secrets to authenticated users in API responses that could be used in further attacks against the system. | ||||
| CVE-2026-54673 | 1 Electron-userland | 2 Builder-util-runtime, Electron-builder | 2026-07-01 | 6.5 Medium |
| electron-updater allows for automatic updates for Electron apps. Prior to 9.7.0, the HTTP redirect handler (HttpExecutor.prepareRedirectUrlOptions) only stripped a credential header whose key string matched exactly lowercase "authorization", exposing credentials. Other credential-bearing headers — most notably PRIVATE-TOKEN (used by GitLab's personal access token flow) and mixed-case Authorization (used by GitLab's Bearer/OAuth flow) — were not stripped and could be forwarded to an attacker-controlled cross-origin redirect destination. This issue has been fixed in version 9.7.0. | ||||
| CVE-2026-27868 | 1 Teldat | 1 Regesta Smart Hd-plc - Tldph16d2 | 2026-07-01 | N/A |
| An attacker with access via network to the Regesta Smart HD-PLC of the provider Teldat (in this case, NO registration action is required) who has the vulnerable software could obtain privilege information by using the command Version via the path: /upgrade/query.php?cmd=p+3&3Bversion resulting in a information disclosure. This issue affects Regesta Smart HD-PLC - TLDPH16D2: 11.02.05.10.02. | ||||
| CVE-2026-13437 | 1 Devolutions | 1 Powershell Universal | 2026-06-29 | 6.5 Medium |
| Insertion of sensitive information into sent data in the AI Agent job API in Devolutions PowerShell Universal 2026.2.0 allows an authenticated user with AI Agent read access to obtain reusable, potentially higher-privileged authentication tokens via App Tokens serialized in plaintext in job API responses. | ||||
| CVE-2026-54834 | 2 Fpuenteonline, Wordpress | 2 Object Cache 4 Everyone, Wordpress | 2026-06-29 | 7.5 High |
| Unauthenticated Sensitive Data Exposure in Object Cache 4 everyone <= 2.3.2 versions. | ||||
| CVE-2026-57318 | 2 Geminilabs, Wordpress | 2 Site Reviews, Wordpress | 2026-06-26 | 6.5 Medium |
| Subscriber Sensitive Data Exposure in Site Reviews <= 8.0.11 versions. | ||||
| CVE-2026-50017 | 1 Pnpm | 1 Pnpm | 2026-06-26 | 6.5 Medium |
| pnpm is a package manager. Prior to 10.34.0 and 11.4.0, pnpm can send user-level unscoped npm authentication credentials to a registry chosen by a repository-local .npmrc file. In the reproduced case, the user's npm config contains a default registry and an unscoped _authToken. The repository does not provide a token-bearing auth line. It only sets registry= to a different registry URL. During normal pnpm metadata/install workflows, pnpm binds the user-origin unscoped credential to the repository-selected registry and sends it as an Authorization header. This vulnerability is fixed in 10.34.0 and 11.4.0. | ||||
| CVE-2026-54821 | 2 Bootstrapped, Wordpress | 2 Visual Link Preview, Wordpress | 2026-06-26 | 7.4 High |
| Subscriber Sensitive Data Exposure in Visual Link Preview <= 2.3.1 versions. | ||||
| CVE-2026-54848 | 2 Saad Iqbal, Wordpress | 2 Apiexperts Square For Woocommerce, Wordpress | 2026-06-26 | 8.3 High |
| Insertion of Sensitive Information Into Sent Data vulnerability in Saad Iqbal APIExperts Square for WooCommerce allows Retrieve Embedded Sensitive Data. This issue affects APIExperts Square for WooCommerce: from n/a through 4.7.3. | ||||
| CVE-2026-54841 | 2 Appsbd, Wordpress | 2 Vitepos, Wordpress | 2026-06-25 | 7.5 High |
| Unauthenticated Sensitive Data Exposure in Vitepos <= 3.4.2 versions. | ||||
| CVE-2026-55180 | 1 Pnpm | 1 Pnpm | 2026-06-25 | 6.5 Medium |
| pnpm is a package manager. Prior to 10.34.2 and 11.5.3, pnpm and pacquet expanded ${ENV_VAR} placeholders from repository-controlled .npmrc and pnpm-workspace.yaml into registry request destinations and registry credentials. A malicious repository could cause dependency resolution to send victim environment secrets to an attacker-selected registry before lifecycle scripts run. This vulnerability is fixed in 10.34.2 and 11.5.3. | ||||