Total
281 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-24593 | 2026-01-23 | 5.3 Medium | ||
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Strategy11 Team AWP Classifieds another-wordpress-classifieds-plugin allows Retrieve Embedded Sensitive Data.This issue affects AWP Classifieds: from n/a through <= 4.4.3. | ||||
| CVE-2025-68046 | 2 Themehunk, Wordpress | 2 Contact Form & Lead Form Elementor Builder, Wordpress | 2026-01-23 | N/A |
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in ThemeHunk Contact Form & Lead Form Elementor Builder lead-form-builder allows Retrieve Embedded Sensitive Data.This issue affects Contact Form & Lead Form Elementor Builder: from n/a through <= 2.0.1. | ||||
| CVE-2025-67954 | 1 Wordpress | 1 Wordpress | 2026-01-23 | N/A |
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Dimitri Grassi Salon booking system salon-booking-system allows Retrieve Embedded Sensitive Data.This issue affects Salon booking system: from n/a through <= 10.30.3. | ||||
| CVE-2025-63051 | 1 Wordpress | 1 Wordpress | 2026-01-23 | N/A |
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in sizam REHub Framework rehub-framework allows Retrieve Embedded Sensitive Data.This issue affects REHub Framework: from n/a through < 19.9.9.4. | ||||
| CVE-2026-22915 | 2 Sick, Sick Ag | 3 Tdc-x401gl, Tdc-x401gl Firmware, Tdc-x401gl | 2026-01-23 | 4.3 Medium |
| An attacker with low privileges may be able to read files from specific directories on the device, potentially exposing sensitive information. | ||||
| CVE-2026-24553 | 2026-01-23 | N/A | ||
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Dotstore Fraud Prevention For Woocommerce woo-blocker-lite-prevent-fake-orders-and-blacklist-fraud-customers allows Retrieve Embedded Sensitive Data.This issue affects Fraud Prevention For Woocommerce: from n/a through <= 2.3.1. | ||||
| CVE-2026-24536 | 2026-01-23 | N/A | ||
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in webpushr Webpushr webpushr-web-push-notifications allows Retrieve Embedded Sensitive Data.This issue affects Webpushr: from n/a through <= 4.38.0. | ||||
| CVE-2026-24523 | 2026-01-23 | N/A | ||
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Marcus (aka @msykes) WP FullCalendar wp-fullcalendar allows Retrieve Embedded Sensitive Data.This issue affects WP FullCalendar: from n/a through <= 1.6. | ||||
| CVE-2020-36922 | 1 Sony | 3 Bravia, Bravia Signage, Bravia Tv | 2026-01-22 | 7.5 High |
| Sony BRAVIA Digital Signage 1.7.8 contains an information disclosure vulnerability that allows unauthenticated attackers to access sensitive system details through API endpoints. Attackers can retrieve network interface information, server configurations, and system metadata by sending requests to the exposed system API. | ||||
| CVE-2026-0887 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2026-01-22 | 4.3 Medium |
| Clickjacking issue, information disclosure in the PDF Viewer component. This vulnerability affects Firefox < 147, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7. | ||||
| CVE-2026-24377 | 2026-01-22 | N/A | ||
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in POSIMYTH Nexter Blocks the-plus-addons-for-block-editor allows Retrieve Embedded Sensitive Data.This issue affects Nexter Blocks: from n/a through <= 4.6.3. | ||||
| CVE-2025-55131 | 1 Nodejs | 1 Nodejs | 2026-01-22 | 7.1 High |
| A flaw in Node.js's buffer allocation logic can expose uninitialized memory when allocations are interrupted, when using the `vm` module with the timeout option. Under specific timing conditions, buffers allocated with `Buffer.alloc` and other `TypedArray` instances like `Uint8Array` may contain leftover data from previous operations, allowing in-process secrets like tokens or passwords to leak or causing data corruption. While exploitation typically requires precise timing or in-process code execution, it can become remotely exploitable when untrusted input influences workload and timeouts, leading to potential confidentiality and integrity impact. | ||||
| CVE-2020-36926 | 1 Smartertools | 1 Smartertrack | 2026-01-20 | 7.5 High |
| SmarterTrack 7922 contains an information disclosure vulnerability in the Chat Management search form that reveals agent identification details. Attackers can access the vulnerable /Management/Chat/frmChatSearch.aspx endpoint to retrieve agents' first and last names along with their unique identifiers. | ||||
| CVE-2025-69026 | 1 Wordpress | 1 Wordpress | 2026-01-20 | 4.3 Medium |
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Roxnor PopupKit popup-builder-block allows Retrieve Embedded Sensitive Data.This issue affects PopupKit: from n/a through <= 2.1.5. | ||||
| CVE-2025-69025 | 3 Aethonic, Woocommerce, Wordpress | 3 Poptics, Woocommerce, Wordpress | 2026-01-20 | 4.3 Medium |
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Aethonic Poptics: AI-Powered Popup Builder for Lead Generation, Conversions, Exit-Intent, Email Opt-ins & WooCommerce Sales poptics allows Retrieve Embedded Sensitive Data.This issue affects Poptics: AI-Powered Popup Builder for Lead Generation, Conversions, Exit-Intent, Email Opt-ins & WooCommerce Sales: from n/a through <= 1.0.20. | ||||
| CVE-2025-68988 | 2 O2oe, Wordpress | 2 E-invoice App Malaysia, Wordpress | 2026-01-20 | 7.5 High |
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in o2oe E-Invoice App Malaysia einvoiceapp-malaysia allows Retrieve Embedded Sensitive Data.This issue affects E-Invoice App Malaysia: from n/a through <= 1.1.0. | ||||
| CVE-2025-68606 | 2 Wordpress, Wpxpo | 2 Wordpress, Postx | 2026-01-20 | 7.5 High |
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPXPO PostX ultimate-post allows Retrieve Embedded Sensitive Data.This issue affects PostX: from n/a through <= 5.0.3. | ||||
| CVE-2025-68576 | 1 Wordpress | 1 Wordpress | 2026-01-20 | 7.5 High |
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Virusdie Virusdie virusdie allows Retrieve Embedded Sensitive Data.This issue affects Virusdie: from n/a through <= 1.1.6. | ||||
| CVE-2025-68551 | 1 Wordpress | 1 Wordpress | 2026-01-20 | 6.5 Medium |
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Vikas Ratudi VPSUForm allows Retrieve Embedded Sensitive Data.This issue affects VPSUForm: from n/a through 3.2.24. | ||||
| CVE-2025-68494 | 2 Leap13, Wordpress | 2 Premium Addons For Elementor, Wordpress | 2026-01-20 | 7.5 High |
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Leap13 Premium Addons for Elementor premium-addons-for-elementor allows Retrieve Embedded Sensitive Data.This issue affects Premium Addons for Elementor: from n/a through <= 4.11.53. | ||||