Monthly
Code-Projects Online FIR System 1.0 stores sensitive database backup files insecurely, allowing unauthenticated remote attackers to access the /complaints.sql backup file and disclose confidential information. The CVSS 5.5 score reflects low confidentiality impact but network-accessible exposure; publicly available exploit code exists, elevating practical risk despite the moderate score.
Code-Projects Online Application System for Admission 1.0 stores sensitive information insecurely in the /enrollment/database/oas.sql file, allowing remote unauthenticated attackers to disclose confidential data. The vulnerability has publicly available exploit code and is rated CVSS 5.3 with an EPSS percentile indicating moderate exploitation probability. Attackers can access the database backup file remotely without authentication or user interaction, leading to information disclosure.
The ReviewX - WooCommerce Product Reviews plugin for WordPress contains a Sensitive Information Exposure vulnerability in the syncedData function that allows unauthenticated attackers to extract sensitive user data including names, emails, phone numbers, and addresses from affected sites. All versions up to and including 2.2.12 are vulnerable, affecting any WordPress installation running this popular review plugin. The vulnerability has a CVSS score of 5.3 (Medium) with low attack complexity and no authentication required, making it relatively straightforward to exploit.
Improper temporary file handling in macOS allows local applications to read sensitive user data without user interaction. An attacker with local access and app execution privileges can bypass privacy controls to access confidential information. This vulnerability affects macOS Tahoe 26.3 and earlier, with no patch currently available.
A security issue was discovered within the legacy ADI server component of Verve Asset Manager, caused by plaintext secrets stored in environment variables on the ADI server. This component has been retired and has been optional since the 1.36 release in 2024.
Insecure Storage of Sensitive Information vulnerability in MeetMe on iOS, Android allows Retrieve Embedded Sensitive Data. This issue affects MeetMe: through v2.2.5.
The TNC Toolbox: Web Performance plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.2. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The issue was addressed with improved handling of caches. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Some "Stored Value" Unattended Payment Solutions of KioSoft use vulnerable NFC cards. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Insecure Storage of Sensitive Information vulnerability in Calix GigaCenter ONT (Quantenna SoC modules) allows admin access to the web interface. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Code-Projects Online FIR System 1.0 stores sensitive database backup files insecurely, allowing unauthenticated remote attackers to access the /complaints.sql backup file and disclose confidential information. The CVSS 5.5 score reflects low confidentiality impact but network-accessible exposure; publicly available exploit code exists, elevating practical risk despite the moderate score.
Code-Projects Online Application System for Admission 1.0 stores sensitive information insecurely in the /enrollment/database/oas.sql file, allowing remote unauthenticated attackers to disclose confidential data. The vulnerability has publicly available exploit code and is rated CVSS 5.3 with an EPSS percentile indicating moderate exploitation probability. Attackers can access the database backup file remotely without authentication or user interaction, leading to information disclosure.
The ReviewX - WooCommerce Product Reviews plugin for WordPress contains a Sensitive Information Exposure vulnerability in the syncedData function that allows unauthenticated attackers to extract sensitive user data including names, emails, phone numbers, and addresses from affected sites. All versions up to and including 2.2.12 are vulnerable, affecting any WordPress installation running this popular review plugin. The vulnerability has a CVSS score of 5.3 (Medium) with low attack complexity and no authentication required, making it relatively straightforward to exploit.
Improper temporary file handling in macOS allows local applications to read sensitive user data without user interaction. An attacker with local access and app execution privileges can bypass privacy controls to access confidential information. This vulnerability affects macOS Tahoe 26.3 and earlier, with no patch currently available.
A security issue was discovered within the legacy ADI server component of Verve Asset Manager, caused by plaintext secrets stored in environment variables on the ADI server. This component has been retired and has been optional since the 1.36 release in 2024.
Insecure Storage of Sensitive Information vulnerability in MeetMe on iOS, Android allows Retrieve Embedded Sensitive Data. This issue affects MeetMe: through v2.2.5.
The TNC Toolbox: Web Performance plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.2. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The issue was addressed with improved handling of caches. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Some "Stored Value" Unattended Payment Solutions of KioSoft use vulnerable NFC cards. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Insecure Storage of Sensitive Information vulnerability in Calix GigaCenter ONT (Quantenna SoC modules) allows admin access to the web interface. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.