Total
266 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-5733 | 2026-04-15 | N/A | 5.3 MEDIUM | ||
| The Modern Events Calendar Lite plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 7.21.9. This is due improper or insufficient validation of the id property when exporting calendars. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website. | |||||
| CVE-2025-53218 | 2026-04-15 | N/A | 5.8 MEDIUM | ||
| Insertion of Sensitive Information Into Sent Data vulnerability in Saad Iqbal AppExperts appexperts allows Retrieve Embedded Sensitive Data.This issue affects AppExperts: from n/a through <= 1.4.5. | |||||
| CVE-2025-59579 | 2026-04-15 | N/A | 7.5 HIGH | ||
| Insertion of Sensitive Information Into Sent Data vulnerability in PressTigers Simple Job Board simple-job-board allows Retrieve Embedded Sensitive Data.This issue affects Simple Job Board: from n/a through <= 2.13.7. | |||||
| CVE-2025-26318 | 2026-04-15 | N/A | 5.8 MEDIUM | ||
| hb.exe in TSplus Remote Access before 17.30 2024-10-30 allows remote attackers to retrieve a list of all domain accounts currently connected to the application. | |||||
| CVE-2023-6916 | 2026-04-15 | N/A | 7.2 HIGH | ||
| Audit records for OpenAPI requests may include sensitive information. This could lead to unauthorized accesses and privilege escalation. | |||||
| CVE-2026-25008 | 2026-04-15 | N/A | 4.3 MEDIUM | ||
| Insertion of Sensitive Information Into Sent Data vulnerability in Shahjahan Jewel Ninja Tables ninja-tables allows Retrieve Embedded Sensitive Data.This issue affects Ninja Tables: from n/a through <= 5.2.5. | |||||
| CVE-2025-68855 | 2026-04-15 | N/A | 5.9 MEDIUM | ||
| Insertion of Sensitive Information Into Sent Data vulnerability in themeglow JobBoard Job listing job-board-light allows Retrieve Embedded Sensitive Data.This issue affects JobBoard Job listing: from n/a through <= 1.2.8. | |||||
| CVE-2025-27244 | 2026-04-15 | N/A | 5.9 MEDIUM | ||
| AssetView and AssetView CLOUD contain an issue with acquiring sensitive information from sent data to the developer. If exploited, sensitive information may be obtained by a remote unauthenticated attacker. | |||||
| CVE-2025-49300 | 2026-04-15 | N/A | 2.7 LOW | ||
| Insertion of Sensitive Information Into Sent Data vulnerability in shinetheme Traveler Option Tree custom-option-tree allows Retrieve Embedded Sensitive Data.This issue affects Traveler Option Tree: from n/a through <= 2.8. | |||||
| CVE-2024-7872 | 2026-04-15 | N/A | 7.6 HIGH | ||
| Insertion of Sensitive Information Into Sent Data vulnerability in ExtremePACS Extreme XDS allows Retrieve Embedded Sensitive Data.This issue affects Extreme XDS: before 3933. | |||||
| CVE-2024-7205 | 2026-04-15 | N/A | N/A | ||
| When the device is shared, the homepage module are before 2.19.0 in eWeLink Cloud Service allows Secondary user to take over devices as primary user via sharing unnecessary device-sensitive information. | |||||
| CVE-2026-22539 | 2026-04-15 | N/A | N/A | ||
| As the service interaction is performed without authentication, an attacker with some knowledge of the protocol could obtain information about the charger via OCPP v1.6. | |||||
| CVE-2025-24858 | 2026-04-15 | N/A | N/A | ||
| Develocity (formerly Gradle Enterprise) before 2024.3.1 allows an attacker who has network access to a Develocity server to obtain the hashed password of the system user. The hash algorithm used by Develocity was chosen according to best practices for password storage and provides some protection against brute-force attempts. The applicable severity of this vulnerability depends on whether a Develocity server is accessible by external or unauthorized users, and the complexity of the System User password. | |||||
| CVE-2025-48045 | 2026-04-15 | N/A | N/A | ||
| An unauthenticated HTTP GET request to the /client.php endpoint will disclose the default administrator user credentials. | |||||
| CVE-2025-63071 | 2026-04-15 | N/A | 5.3 MEDIUM | ||
| Insertion of Sensitive Information Into Sent Data vulnerability in averta Shortcodes and extra features for Phlox theme auxin-elements allows Retrieve Embedded Sensitive Data.This issue affects Shortcodes and extra features for Phlox theme: from n/a through <= 2.17.15. | |||||
| CVE-2024-37881 | 2026-04-15 | N/A | 5.3 MEDIUM | ||
| SiteGuard WP Plugin provides a functionality to customize the path to the login page wp-login.php and implements a measure to avoid redirection from other URLs. However, SiteGuard WP Plugin versions prior to 1.7.7 missed to implement a measure to avoid redirection from wp-register.php. As a result, the customized path to the login page may be exposed. | |||||
| CVE-2025-59578 | 2026-04-15 | N/A | 5.8 MEDIUM | ||
| Insertion of Sensitive Information Into Sent Data vulnerability in wpdesk ShopMagic shopmagic-for-woocommerce allows Retrieve Embedded Sensitive Data.This issue affects ShopMagic: from n/a through <= 4.5.6. | |||||
| CVE-2025-62997 | 2026-04-15 | N/A | 5.3 MEDIUM | ||
| Insertion of Sensitive Information Into Sent Data vulnerability in levelfourdevelopment WP EasyCart wp-easycart allows Retrieve Embedded Sensitive Data.This issue affects WP EasyCart: from n/a through <= 5.8.11. | |||||
| CVE-2025-48996 | 2026-04-15 | N/A | 5.3 MEDIUM | ||
| HAX open-apis provides microservice apis for HAX webcomponents repo that are shared infrastructure calls. An unauthenticated information disclosure vulnerability exists in the Penn State University deployment of the HAX content management system via the `haxPsuUsage` API endpoint, related to a flat present in open-apis versions up to and including 10.0.2. This allows any remote unauthenticated user to retrieve a full list of PSU websites hosted on HAX CMS. When chained with other authorization issues (e.g., HAX-3), this could assist in targeted attacks such as unauthorized content modification or deletion. Commit 06c2e1fbb7131a8fe66aa0600f38dcacae6b7ac7 patches the vulnerability. | |||||
| CVE-2025-62979 | 2026-04-15 | N/A | 5.3 MEDIUM | ||
| Insertion of Sensitive Information Into Sent Data vulnerability in airesvsg ACF to REST API acf-to-rest-api allows Retrieve Embedded Sensitive Data.This issue affects ACF to REST API: from n/a through <= 3.3.4. | |||||