Search Results (396 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-13211 2026-07-01 4.3 Medium
The genucenter web interface before version 8.0p11 unnecessarily exposes sensitive SNMP authentication and encryption keys in its HTTP responses to users with the “Service” or “Admin” role.
CVE-2026-57736 2026-07-01 7.4 High
Insertion of Sensitive Information Into Sent Data vulnerability in HubSpot allows Retrieve Embedded Sensitive Data. This issue affects HubSpot: from n/a through 11.3.51.
CVE-2026-14019 1 Google 1 Chrome 2026-07-01 6.5 Medium
Inappropriate implementation in Passwords in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
CVE-2026-12085 1 Ibm 2 Ucd Ibm Devops Deploy, Ucd Ibm Urbancode Deploy 2026-07-01 6.5 Medium
IBM UCD - IBM UrbanCode Deploy 7.3 through 7.3.2.18 and IBM UCD - IBM DevOps Deploy 8.0 through 8.0.1.13, 8.1 through 8.1.2.6, and 8.2 through 8.2.1.0 IBM DevOps Deploy could disclose sensitive configurations and secrets to authenticated users in API responses that could be used in further attacks against the system.
CVE-2026-27868 1 Teldat 1 Regesta Smart Hd-plc - Tldph16d2 2026-07-01 N/A
An attacker with access via network to the Regesta Smart HD-PLC of the provider Teldat (in this case, NO registration action is required) who has the vulnerable software could obtain privilege information by using the command Version via the path: /upgrade/query.php?cmd=p+3&3Bversion resulting in a information disclosure. This issue affects Regesta Smart HD-PLC - TLDPH16D2: 11.02.05.10.02.
CVE-2026-13437 1 Devolutions 1 Powershell Universal 2026-06-29 6.5 Medium
Insertion of sensitive information into sent data in the AI Agent job API in Devolutions PowerShell Universal 2026.2.0 allows an authenticated user with AI Agent read access to obtain reusable, potentially higher-privileged authentication tokens via App Tokens serialized in plaintext in job API responses.
CVE-2026-54834 2 Fpuenteonline, Wordpress 2 Object Cache 4 Everyone, Wordpress 2026-06-29 7.5 High
Unauthenticated Sensitive Data Exposure in Object Cache 4 everyone <= 2.3.2 versions.
CVE-2026-57318 2 Geminilabs, Wordpress 2 Site Reviews, Wordpress 2026-06-26 6.5 Medium
Subscriber Sensitive Data Exposure in Site Reviews <= 8.0.11 versions.
CVE-2026-54821 2 Bootstrapped, Wordpress 2 Visual Link Preview, Wordpress 2026-06-26 7.4 High
Subscriber Sensitive Data Exposure in Visual Link Preview <= 2.3.1 versions.
CVE-2026-54848 2 Saad Iqbal, Wordpress 2 Apiexperts Square For Woocommerce, Wordpress 2026-06-26 8.3 High
Insertion of Sensitive Information Into Sent Data vulnerability in Saad Iqbal APIExperts Square for WooCommerce allows Retrieve Embedded Sensitive Data. This issue affects APIExperts Square for WooCommerce: from n/a through 4.7.3.
CVE-2026-54841 2 Appsbd, Wordpress 2 Vitepos, Wordpress 2026-06-25 7.5 High
Unauthenticated Sensitive Data Exposure in Vitepos <= 3.4.2 versions.
CVE-2026-55180 1 Pnpm 1 Pnpm 2026-06-25 6.5 Medium
pnpm is a package manager. Prior to 10.34.2 and 11.5.3, pnpm and pacquet expanded ${ENV_VAR} placeholders from repository-controlled .npmrc and pnpm-workspace.yaml into registry request destinations and registry credentials. A malicious repository could cause dependency resolution to send victim environment secrets to an attacker-selected registry before lifecycle scripts run. This vulnerability is fixed in 10.34.2 and 11.5.3.
CVE-2026-49064 2 Stiofan, Wordpress 2 Getpaid, Wordpress 2026-06-23 7.5 High
Insertion of Sensitive Information Into Sent Data vulnerability in Stiofan GetPaid allows Retrieve Embedded Sensitive Data. This issue affects GetPaid: from n/a through 2.8.49.
CVE-2026-40789 2 Tms, Wordpress 2 Amelia, Wordpress 2026-06-23 7.5 High
Unauthenticated Sensitive Data Exposure in Amelia <= 2.2 versions.
CVE-2026-49082 2 Chatway Live Chat, Wordpress 2 Chatway Live Chat – Ai Chatbot, Customer Support, Faq & Helpdesk Customer Service & Chat Buttons, Wordpress 2026-06-23 7.4 High
Subscriber Sensitive Data Exposure in Chatway Live Chat &#8211; AI Chatbot, Customer Support, FAQ &amp; Helpdesk Customer Service &amp; Chat Buttons <= 1.4.8 versions.
CVE-2026-52692 2 Wordpress, Wp.insider 2 Wordpress, Affiliates Manager 2026-06-23 7.5 High
Unauthenticated Sensitive Data Exposure in Affiliates Manager <= 2.9.50 versions.
CVE-2026-52695 2 Al Monsor, Wordpress 2 Abc Crypto Checkout, Wordpress 2026-06-23 7.5 High
Unauthenticated Sensitive Data Exposure in ABC Crypto Checkout <= 1.8.2 versions.
CVE-2026-54197 2 Wordpress, Wpmet 2 Wordpress, Getgenie 2026-06-23 6.5 Medium
Unauthenticated Sensitive Data Exposure in GetGenie <= 4.4.1 versions.
CVE-2026-7168 3 Curl, Haxx, Redhat 3 Curl, Curl, Hummingbird 2026-06-23 5.3 Medium
Successfully using libcurl to do a transfer over a specific HTTP proxy (`proxyA`) with **Digest** authentication and then changing the proxy host to a second one (`proxyB`) for a second transfer, reusing the same handle, makes libcurl wrongly pass on the `Proxy-Authorization:` header field meant for `proxyA`, to `proxyB`.
CVE-2026-52698 2 Syed Balkhi, Wordpress 2 Pushengage – Web Push Notifications, Ecommerce Automation & Chat Widget, Wordpress 2026-06-20 7.4 High
Subscriber Sensitive Data Exposure in PushEngage – Web Push Notifications, eCommerce Automation &amp; Chat Widget <= 4.2.3 versions.