Total
304 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-34556 | 2026-06-17 | N/A | 5.3 MEDIUM | ||
| Insertion of Sensitive Information Into Sent Data vulnerability in Dmitry V. (CEO of "UKR Solution") Barcode Scanner with Inventory & Order Manager barcode-scanner-lite-pos-to-manage-products-inventory-and-orders.This issue affects Barcode Scanner with Inventory & Order Manager: from n/a through <= 1.5.4. | |||||
| CVE-2024-32825 | 2026-06-17 | N/A | 7.5 HIGH | ||
| Insertion of Sensitive Information Into Sent Data vulnerability in Simply Static Simply Static simply-static.This issue affects Simply Static: from n/a through <= 3.1.3. | |||||
| CVE-2024-32796 | 2026-06-17 | N/A | 4.3 MEDIUM | ||
| Insertion of Sensitive Information Into Sent Data vulnerability in Jack Arturo WP Fusion Lite wp-fusion-lite allows Retrieve Embedded Sensitive Data.This issue affects WP Fusion Lite: from n/a through <= 3.42.10. | |||||
| CVE-2024-32782 | 1 Hasthemes | 1 Ht Mega | 2026-06-17 | N/A | 4.3 MEDIUM |
| Insertion of Sensitive Information Into Sent Data vulnerability in DevItems HT Mega ht-mega-for-elementor.This issue affects HT Mega: from n/a through <= 2.4.7. | |||||
| CVE-2024-31278 | 1 Leap13 | 1 Premium Addons For Elementor | 2026-06-17 | N/A | 4.3 MEDIUM |
| Insertion of Sensitive Information Into Sent Data vulnerability in Leap13 Premium Addons for Elementor premium-addons-for-elementor.This issue affects Premium Addons for Elementor: from n/a through <= 4.10.22. | |||||
| CVE-2024-31200 | 1 Proges | 2 Sensor Net Connect Firmware V2, Sensor Net Connect V2 | 2026-06-17 | N/A | 4.2 MEDIUM |
| A “CWE-201: Insertion of Sensitive Information Into Sent Data” affecting the administrative account allows an attacker with physical access to the machine to retrieve the password in cleartext when an administrative session is open in the browser. | |||||
| CVE-2024-28173 | 1 Jetbrains | 1 Teamcity | 2026-06-17 | N/A | 4.3 MEDIUM |
| In JetBrains TeamCity between 2023.11 and 2023.11.4 custom build parameters of the "password" type could be disclosed | |||||
| CVE-2024-26270 | 1 Liferay | 2 Digital Experience Platform, Liferay Portal | 2026-06-17 | N/A | 6.5 MEDIUM |
| The Account Settings page in Liferay Portal 7.4.3.76 through 7.4.3.99, and Liferay DXP 2023.Q3 before patch 5, and 7.4 update 76 through 92 embeds the user’s hashed password in the page’s HTML source, which allows man-in-the-middle attackers to steal a user's hashed password. | |||||
| CVE-2024-25150 | 1 Liferay | 2 Digital Experience Platform, Liferay Portal | 2026-06-17 | N/A | 4.3 MEDIUM |
| Information disclosure vulnerability in the Control Panel in Liferay Portal 7.2.0 through 7.4.2, and older unsupported versions, and Liferay DXP 7.3 before update 4, 7.2 before fix pack 19, and older unsupported versions allows remote authenticated users to obtain a user's full name from the page's title by enumerating user screen names. | |||||
| CVE-2024-25148 | 1 Liferay | 3 Digital Experience Platform, Dxp, Liferay Portal | 2026-06-17 | N/A | 5.4 MEDIUM |
| In Liferay Portal 7.2.0 through 7.4.1, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 15, and older unsupported versions the `doAsUserId` URL parameter may get leaked when creating linked content using the WYSIWYG editor and while impersonating a user. This may allow remote authenticated users to impersonate a user after accessing the linked content. | |||||
| CVE-2024-23506 | 1 Instawp | 1 Instawp Connect | 2026-06-17 | N/A | 7.7 HIGH |
| Insertion of Sensitive Information Into Sent Data vulnerability in InstaWP InstaWP Connect instawp-connect.This issue affects InstaWP Connect: from n/a through <= 0.1.0.9. | |||||
| CVE-2024-1435 | 1 Tainacan | 1 Tainacan | 2026-06-17 | N/A | 5.3 MEDIUM |
| Insertion of Sensitive Information Into Sent Data vulnerability in tainacan Tainacan tainacan.This issue affects Tainacan: from n/a through <= 0.20.6. | |||||
| CVE-2024-13276 | 1 File Entity Project | 1 File Entity | 2026-06-17 | N/A | 7.5 HIGH |
| Insertion of Sensitive Information Into Sent Data vulnerability in Drupal File Entity (fieldable files) allows Forceful Browsing.This issue affects File Entity (fieldable files): from 7.X-* before 7.X-2.39. | |||||
| CVE-2024-13269 | 1 Advanced Varnish Project | 1 Advanced Varnish | 2026-06-17 | N/A | 5.3 MEDIUM |
| Insertion of Sensitive Information Into Sent Data vulnerability in Drupal Advanced Varnish allows Forceful Browsing.This issue affects Advanced Varnish: from 0.0.0 before 4.0.11. | |||||
| CVE-2024-13259 | 1 Image Sizes Project | 1 Image Sizes | 2026-06-17 | N/A | 7.5 HIGH |
| Insertion of Sensitive Information Into Sent Data vulnerability in Drupal Image Sizes allows Forceful Browsing.This issue affects Image Sizes: from 0.0.0 before 3.0.2. | |||||
| CVE-2024-13254 | 1 Rest Views Project | 1 Rest Views | 2026-06-17 | N/A | 7.5 HIGH |
| Insertion of Sensitive Information Into Sent Data vulnerability in Drupal REST Views allows Forceful Browsing.This issue affects REST Views: from 0.0.0 before 3.0.1. | |||||
| CVE-2023-6916 | 2026-06-17 | N/A | 7.2 HIGH | ||
| Audit records for OpenAPI requests may include sensitive information. This could lead to unauthorized accesses and privilege escalation. | |||||
| CVE-2023-5831 | 1 Gitlab | 1 Gitlab | 2026-06-17 | N/A | 3.7 LOW |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.0 before 16.3.6, all versions starting from 16.4 before 16.4.2, and all versions starting from 16.5.0 before 16.5.1 which have the `super_sidebar_logged_out` feature flag enabled. Affected versions with this default-disabled feature flag enabled may unintentionally disclose GitLab version metadata to unauthorized actors. | |||||
| CVE-2023-4378 | 1 Gitlab | 1 Gitlab | 2026-06-17 | N/A | 5.5 MEDIUM |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.8 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. A malicious Maintainer can, under specific circumstances, leak the sentry token by changing the configured URL in the Sentry error tracking settings page. This was as a result of an incomplete fix for CVE-2022-4365. | |||||
| CVE-2023-4002 | 1 Gitlab | 1 Gitlab | 2026-06-17 | N/A | 5.3 MEDIUM |
| An issue has been discovered in GitLab EE affecting all versions starting from 14.1 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. It was possible for EE-licensed users to link any security policy project by its ID to projects or groups the user has access to, potentially revealing the security projects's configured security policies. | |||||