Information Disclosure

Daylight Studio FuelCMS v1.5.2 allows remote attackers to exfiltrate password reset tokens through a mail splitting attack, enabling account takeover without authentication. The vulnerability exploits improper handling of email headers during the password reset workflow, permitting attackers to intercept or redirect sensitive reset tokens to attacker-controlled addresses. No public exploit code or active exploitation has been independently confirmed at time of analysis.

Low-privilege authenticated users in OpenEMR versions up to and including 8.0.0.3 can view and download Ensora eRx error logs due to missing authorization checks, exposing sensitive healthcare system information. This broken access control vulnerability (CVSS 7.7) affects network-accessible installations and has a 3% EPSS exploitation probability (8th percentile), with no public exploit identified at time of analysis. No vendor-released patch identified at time of analysis according to the CVE disclosure.

OpenEMR portal payment pages prior to version 8.0.0.3 expose other patients' protected health information (PHI) and payment card metadata through an Insecure Direct Object Reference vulnerability. Authenticated portal patients can manipulate the `recid` query parameter in `portal/portal_payment.php` to access arbitrary patient payment records and billing data without authorization. The vulnerability affects all versions before 8.0.0.3 and carries a CVSS score of 6.5 (high confidentiality impact); however, the 0.03% EPSS score indicates low real-world exploitation probability, and no public exploit code or active exploitation has been identified.

Improper access control in OpenEMR versions prior to 8.0.0.3 allows any authenticated user to download and permanently delete electronic claim batch files containing protected health information (PHI) via the billing file-download endpoint, regardless of whether they have billing privileges. The vulnerability has a 7.6 CVSS score with low attack complexity and requires only low-level authentication. EPSS exploitation probability is 0.03% (8th percentile), indicating low observed targeting in real-world exploitation at time of analysis, and no public exploit has been identified.

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. No vendor patch available.

Saloon versions prior to v4 contain a path traversal vulnerability in fixture name handling that allows attackers to read or write files outside the configured fixture directory. Users with MockResponse fixtures derived from untrusted input (such as request parameters or configuration values) are affected, as attackers can use path traversal sequences like ../ or absolute paths to access arbitrary files on the system with the privileges of the running process. The vulnerability has been patched in Saloon v4 with input validation and defense-in-depth path verification.

A local information disclosure vulnerability exists in Enter Software Iperius Backup versions up to 8.7.3 within the NTLM2 Handler component, allowing authenticated local users to extract sensitive information through a complex manipulation attack. The vulnerability carries a CVSS score of 2.5 with low exploitability due to high attack complexity requirements, though a proof-of-concept has been publicly disclosed on GitHub. Upgrading to version 8.7.4 or later completely resolves this issue, and the vendor responded professionally with a timely patch release.

IBM Knowledge Catalog Standard Cartridge versions 5.0.0 through 5.2.1 improperly store sensitive information in log files that can be read by local privileged users. An attacker with high privileges on the affected system can access these logs to disclose confidential data without requiring user interaction. While no active exploitation in the wild or public proof-of-concept has been reported, a vendor patch is available and should be applied promptly.

IBM InfoSphere Information Server versions 11.7.0.0 through 11.7.1.6 contain an information disclosure vulnerability caused by improper handling of JSON server responses, allowing authenticated attackers to expose sensitive data. The vulnerability requires low-complexity network access with valid credentials but does not require user interaction, making it accessible to any authenticated user with network connectivity. No evidence of active exploitation in the wild has been identified, though a patch is available from the vendor.

IBM Concert versions 1.0.0 through 2.2.0 transmit sensitive data in cleartext, allowing attackers to intercept and read this information via man-in-the-middle (MITM) attacks. The vulnerability affects all versions within the specified range of the IBM Concert application. An attacker positioned on the network path between a client and Concert server can eavesdrop on communications to obtain confidential information, though exploitation requires moderate attack complexity and active network positioning.

IBM Concert versions 1.0.0 through 2.2.0 implement cryptographic algorithms that are weaker than expected, allowing attackers to decrypt highly sensitive information without authentication. The vulnerability has a CVSS score of 5.9 with high confidentiality impact but no integrity or availability impact. A patch is available from IBM, and this represents a pure information disclosure risk affecting the confidentiality of encrypted data.

IBM Concert versions 1.0.0 through 2.2.0 suffer from improper buffer resource clearing that allows local attackers to read sensitive information directly from process memory without requiring privileges or user interaction. This information disclosure vulnerability (CVSS 6.2) affects IBM Concert across multiple versions and has a vendor patch available, though no evidence of active exploitation or public proof-of-concept has been reported in the provided intelligence.

IBM Concert versions 1.0.0 through 2.2.0 contain a missing function-level access control vulnerability that allows local users to obtain sensitive information without authentication. An attacker with local system access can bypass authorization checks to read confidential data stored within the application. While the CVSS score of 5.1 indicates moderate severity, the lack of authentication requirements and local attack vector present a meaningful risk in multi-tenant or shared system environments.

Iperius Backup 8.7.3 creates temporary files with insecure permissions in the Backup Service component, allowing local authenticated attackers to potentially escalate privileges or access sensitive data. The vulnerability requires local access and high attack complexity, but public exploit code exists. Upgrading to version 8.7.4 resolves the issue.

IBM InfoSphere Information Server versions 11.7.0.0 through 11.7.1.6 store user credentials and other sensitive information in plain text, allowing local users to read this data. This is a high-severity information disclosure vulnerability with a CVSS score of 7.1, primarily due to the potential for complete confidentiality breach across security boundaries. A patch is available from IBM, and there is no evidence of active exploitation or public proof-of-concept at this time.

IBM InfoSphere Information Server versions 11.7.0.0 through 11.7.1.6 contain an information disclosure vulnerability (CWE-209) that allows authenticated attackers to access sensitive information over the network without user interaction. The vulnerability has a CVSS score of 4.3 with low attack complexity and low privileges required, meaning any logged-in user can exploit it. A vendor patch is available, reducing immediate risk for organizations that can deploy updates promptly.

IBM WebSphere Application Server Liberty versions 17.0.0.3 through 26.0.0.3 contain a vulnerability in security settings administration that could allow authenticated attackers with high privileges to bypass expected security controls and gain unauthorized access to sensitive information. The vulnerability affects a critical administrative interface and, while it requires local access and high privileges to exploit, could enable lateral privilege escalation or information disclosure within enterprise environments. No evidence of active exploitation or public proof-of-concept has been reported, but a vendor patch is available.

IBM WebSphere Application Server Liberty versions 17.0.0.3 through 26.0.0.3 are vulnerable to privilege escalation due to improper access control (CWE-200: Information Exposure). A privileged user with existing authenticated access to the application server can exploit this vulnerability to gain additional unauthorized access to sensitive resources, potentially leading to information disclosure and integrity violations. While a CVSS score of 6.5 indicates moderate severity, the vulnerability requires high privileges to trigger (PR:H) and has no user interaction requirement, making it exploitable by insiders or compromised administrative accounts.

IBM InfoSphere Information Server versions 11.7.0.0 through 11.7.1.6 fail to invalidate user sessions when administrative privileges are revoked, allowing authenticated users to retain access to sensitive information they should no longer be able to access. The vulnerability affects the session management layer and requires an authenticated attacker with initial system access. A patch is available from IBM, and this represents a privilege escalation and information disclosure risk in enterprise data integration environments.

IBM InfoSphere Information Server versions 11.7.0.0 through 11.7.1.6 contain an information disclosure vulnerability where sensitive data is exposed through HTTP GET query strings, allowing attackers with low privileges and network access to obtain confidential information via man-in-the-middle techniques. The CVSS score of 3.1 reflects low severity due to high attack complexity and limited privileges required, though the vulnerability has a patch available from IBM and represents a classic cleartext credential exposure risk in enterprise data integration platforms.

IBM InfoSphere Information Server versions 11.7.0.0 through 11.7.1.6 contain a credential protection vulnerability that allows authenticated attackers to extract sensitive information without requiring user interaction. An attacker with valid login credentials can exploit insufficiently protected credential storage mechanisms to obtain additional sensitive data, compromising confidentiality. A patch is available from IBM, and this vulnerability affects enterprise data integration infrastructure used by organizations managing information governance and metadata.

PrestaShop versions prior to 8.2.5 and 9.1.0 contain an improper use of validation framework vulnerability that allows information disclosure through integrity violations. An attacker with high privileges and user interaction can potentially bypass validation controls to access or modify sensitive information. The vulnerability has a low CVSS score of 2.0 reflecting limited real-world impact, though it represents a validation framework weakness in a widely-deployed e-commerce platform.

An unauthenticated information disclosure vulnerability exists in SiYuan note-taking application that allows remote attackers to read the content of all documents, including encrypted or access-restricted files, through two API endpoints (/api/file/readDir and /api/block/getChildBlocks). A working proof-of-concept Python exploit has been published demonstrating complete document enumeration and content retrieval. With a CVSS score of 9.8 (Critical) indicating network-based exploitation requiring no privileges or user interaction, this represents a severe confidentiality breach for all published SiYuan instances.

Memory exhaustion in TIFF image processing allows unauthenticated remote attackers to trigger allocation of up to 4GiB of memory by submitting malicious image files, resulting in denial of service through resource depletion or application crashes. Affected systems lack available patches, leaving deployed instances vulnerable to this attack vector requiring only network access and no user interaction.

An information disclosure vulnerability exists in n8n workflow automation software when Task Runners are enabled, allowing authenticated users with workflow creation or modification permissions to allocate uninitialized memory buffers through the JavaScript Task Runner. These buffers may contain residual data from the same Node.js process including secrets, tokens, and data from prior requests, leading to sensitive information exposure. This vulnerability requires CVE-2026-27496 has a CVSS 4.0 score of 7.1 with high confidentiality impact and affects npm package installations of n8n.

Kiteworks Secure Data Forms prior to version 9.2.1 contains a misconfiguration of security attributes that allows unprotected transport of credentials over the network. This vulnerability affects all versions below 9.2.1 and enables attackers to intercept sensitive authentication material in transit, potentially leading to account compromise and unauthorized access to the private data network. No active exploitation in the wild (KEV) or public proof-of-concept has been reported, though the CVSS 6.5 score and high confidentiality impact indicate meaningful risk.

The Requests library before version 2.33.0 contains a predictable temporary file extraction vulnerability in the `extract_zipped_paths()` utility function that allows local attackers to perform file injection attacks. An attacker with write access to the system temporary directory can pre-create a malicious file at a predictable location that will be loaded instead of the legitimate extracted file, potentially leading to code execution or privilege escalation. This vulnerability only affects applications that directly call the vulnerable utility function, as standard Requests library usage is not impacted.

Mattermost fails to properly validate user identity in OpenID Connect authentication logic due to an overly permissive substring matching flaw in the IsSameUser() comparison function, allowing attackers with high privileges to take over arbitrary user accounts through the user discovery flow. This affects Mattermost versions 10.11.0-10.11.11, 11.2.0-11.2.3, 11.3.0-11.3.1, and 11.4.0. While the CVSS score of 5.7 is moderate and requires high privilege access and user interaction, the core impact is account takeover with full account compromise possible.

The SMTP Mailer plugin for WordPress (versions up to 1.1.24) contains an Insertion of Sensitive Information Into Sent Data vulnerability that allows attackers to retrieve embedded sensitive data through the plugin's email transmission functionality. This information disclosure flaw affects all installations of the affected SMTP Mailer versions and could expose credentials, configuration data, or other sensitive information transmitted via the plugin's SMTP implementation. No CVSS score or EPSS data is currently available, and no indication of active exploitation or public proof-of-concept has been documented at this time.

A Local File Inclusion (LFI) vulnerability exists in the nK Visual Portfolio, Photo Gallery & Post Grid WordPress plugin through version 3.5.1, allowing attackers to include and execute arbitrary local files on the server via improper control of filename parameters in PHP include/require statements. An attacker with network access can exploit this vulnerability to disclose sensitive information such as configuration files, database credentials, or other local files stored on the web server. While CVSS and EPSS scores are not publicly available, the vulnerability is classified under CWE-98 (Improper Control of Filename for Include/Require) and affects all installations of this plugin running version 3.5.1 or earlier.

A Local File Inclusion (LFI) vulnerability exists in Gavias Kunco WordPress theme versions prior to 1.4.5, allowing attackers to read arbitrary files from the affected server through improper control of filename parameters in PHP include/require statements. This vulnerability enables information disclosure attacks where sensitive files such as configuration files, source code, or system files could be exposed to unauthenticated or low-privileged attackers. No CVSS score or EPSS data is currently available, but the vulnerability is classified under CWE-98 (Improper Control of Filename for Include/Require Statement), a critical class of PHP-based remote/local file inclusion flaws.

A Local File Inclusion (LFI) vulnerability exists in the CreativeWS Kiddy WordPress theme through version 2.0.8, allowing attackers to read arbitrary files from the affected server through improper control of filename parameters in PHP include/require statements. An attacker can exploit this vulnerability to disclose sensitive information such as configuration files, database credentials, or other locally stored data without requiring authentication or special privileges. While no CVSS score or EPSS data is currently available, the vulnerability is actively tracked by multiple security intelligence sources including Patchstack and ENISA, indicating confirmed exploitability.

A Local File Inclusion (LFI) vulnerability exists in CreativeWS VintWood WordPress theme versions up to and including 1.1.8, stemming from improper control of filenames in PHP include/require statements. This vulnerability allows unauthenticated attackers to read arbitrary files from the affected server, potentially exposing sensitive configuration files, database credentials, and other confidential information. No CVSS score, EPSS data, or KEV status is currently available, but the issue is documented across multiple security intelligence sources including Patchstack and ENISA.

A Local File Inclusion (LFI) vulnerability exists in CreativeWS Trendustry WordPress theme versions up to 1.1.4, allowing attackers to include and execute arbitrary local files through improper control of filename parameters in PHP include/require statements. This vulnerability can lead to information disclosure by allowing attackers to read sensitive files on the server without requiring authentication or special privileges. While no CVSS or EPSS scores are currently published, the LFI classification and information disclosure impact indicate this represents a significant security risk for affected installations.

A Local File Inclusion (LFI) vulnerability exists in CreativeWS MetaMax theme versions up to and including 1.1.4, allowing attackers to include and execute arbitrary local files through improper handling of PHP include/require statements. An unauthenticated remote attacker can exploit this to disclose sensitive files, read configuration data containing credentials, or potentially achieve remote code execution by including files with executable content. While no CVSS score or EPSS data is currently available, the vulnerability has been confirmed and documented by Patchstack with a direct reference to the affected WordPress theme.

A weak authentication vulnerability in the PickPlugins User Verification WordPress plugin (versions up to 2.0.45) allows attackers to bypass email verification mechanisms, enabling authentication abuse and unauthorized account creation or takeover. This vulnerability has been identified by Patchstack as an email verification bypass issue affecting the user verification functionality, potentially exposing sites using this plugin to account compromise and unauthorized access. The practical impact depends on how the plugin integrates with site authentication workflows, but successful exploitation could allow attackers to register accounts, access user data, or impersonate legitimate users.

A Local File Inclusion (LFI) vulnerability exists in the Mikado-Themes Rosebud WordPress theme through version 1.4, allowing attackers to include and execute arbitrary local files on the server via improper control of filename parameters in PHP include/require statements. This vulnerability enables information disclosure and potential remote code execution by reading sensitive files or including PHP files from the web root. No active exploitation in the wild has been publicly confirmed, but the vulnerability affects all installations of Rosebud up to and including version 1.4.

A Local File Inclusion (LFI) vulnerability exists in the Mikado-Themes Deston WordPress theme through version 1.0, allowing attackers to read arbitrary files from the server filesystem via improper control of filename parameters in PHP include/require statements. This vulnerability, classified as CWE-98 (PHP Remote File Inclusion), enables information disclosure attacks where sensitive files such as configuration files, database credentials, or source code could be exposed. The vulnerability affects all versions of Deston up to and including 1.0, and has been documented by Patchstack with an EUVD ID (EUVD-2026-15787), though CVSS scoring and KEV status are not yet available.

A Local File Inclusion (LFI) vulnerability exists in the Mikado-Themes Amfissa WordPress theme through version 1.1, allowing attackers to improperly control filenames in PHP include/require statements. This vulnerability enables unauthorized information disclosure by reading arbitrary local files from the affected server. The issue stems from improper input validation on file inclusion parameters and affects all versions of Amfissa up to and including version 1.1.

A Local File Inclusion (LFI) vulnerability exists in the Mikado-Themes Emaurri WordPress theme through version 1.0.1, allowing attackers to include and execute arbitrary local files on the affected server. The vulnerability stems from improper control of filenames in PHP include/require statements (CWE-98), enabling information disclosure and potential remote code execution depending on file access and PHP configuration. While CVSS and EPSS scores are not available, the attack vector appears to be network-based with low complexity, and the vulnerability has been documented by Patchstack but exploitation status and proof-of-concept availability require verification from primary sources.

A Local File Inclusion (LFI) vulnerability exists in Mikado-Themes' MultiOffice WordPress theme versions up to and including 1.2, stemming from improper control of filenames in PHP include/require statements. An attacker can exploit this vulnerability to read arbitrary files from the affected server, potentially disclosing sensitive configuration files, database credentials, or other confidential information. No CVSS score, EPSS data, or active exploitation (KEV) status has been assigned to this vulnerability.

A Local File Inclusion (LFI) vulnerability exists in the Mikado-Themes LuxeDrive WordPress theme (version 1.0 and earlier) that allows attackers to read arbitrary files from the affected server through improper control of filename parameters in PHP include/require statements. An unauthenticated attacker can exploit this vulnerability to disclose sensitive information such as configuration files, database credentials, or other system files without requiring special privileges or user interaction. While no CVSS score or EPSS data is currently available, the vulnerability class (CWE-98: Improper Control of Filename for Include/Require Statement) indicates a high-severity condition with straightforward exploitation mechanics.

A Local File Inclusion (LFI) vulnerability exists in the Mikado-Themes Belfort WordPress theme version 1.0 and earlier, allowing attackers to include and execute arbitrary local files through improper control of filename parameters in PHP include/require statements. While classified as a Remote File Inclusion vulnerability in the CVE description, the actual impact is Local File Inclusion, enabling information disclosure through the reading of sensitive files such as configuration files, database credentials, and source code. No CVSS score, EPSS data, or KEV status is currently available, but the vulnerability's nature suggests moderate to high real-world risk given the prevalence of WordPress themes and the ease of exploitation.

A Local File Inclusion (LFI) vulnerability exists in Elated-Themes' The Aisle Core WordPress plugin through version 2.0.5, stemming from improper control of filenames in PHP include/require statements. This vulnerability allows unauthenticated attackers to read arbitrary files from the affected server, potentially exposing sensitive configuration files, database credentials, and other confidential information. No CVSS score, EPSS data, or active KEV status is currently available, but the vulnerability has been publicly documented by Patchstack and assigned EUVD-2026-15765.

A Local File Inclusion (LFI) vulnerability exists in Mikado-Themes Curly Core plugin for WordPress through version 2.1.6, allowing improper control of filenames in PHP include/require statements. Attackers can exploit this to read arbitrary local files from the affected server, potentially disclosing sensitive configuration files, database credentials, and other confidential data. No CVSS score or EPSS data is currently available, and KEV/active exploitation status is unknown, but the vulnerability has been documented by Patchstack with a public reference URL.

A Local File Inclusion (LFI) vulnerability exists in TieLabs Jannah WordPress theme through version 7.6.3, stemming from improper control of filename parameters in PHP include/require statements. An attacker can exploit this vulnerability to read arbitrary local files from the affected server, potentially disclosing sensitive configuration files, credentials, or source code. No CVSS score, EPSS data, or active KEV listing is currently available, but the LFI classification and information disclosure impact indicate moderate to high real-world risk depending on server configuration and file permissions.

The Select-Themes Moments WordPress theme versions 2.2 and earlier contain a Local File Inclusion (LFI) vulnerability that allows attackers to improperly control filename parameters in PHP include/require statements. An unauthenticated attacker can exploit this vulnerability to read arbitrary files from the affected server, potentially disclosing sensitive configuration files, source code, or other confidential information. While no CVSS score or EPSS data is currently available and no active KEV listing is confirmed, the vulnerability is catalogued by Patchstack and has been assigned EUVD-2026-15740, indicating documented exploitation potential.

A Local File Inclusion (LFI) vulnerability exists in the Select-Themes Mixtape WordPress theme through version 2.1, allowing attackers to include and execute arbitrary local files on the affected server. The vulnerability stems from improper control of filenames in PHP include/require statements (CWE-98), enabling information disclosure and potential remote code execution depending on file accessibility. While no CVSS score or EPSS data is currently available, the LFI classification and PHP nature of the vulnerability indicate moderate to high exploitability with network-based attack vectors.

A Local File Inclusion (LFI) vulnerability exists in jwsthemes IdealAuto WordPress theme versions prior to 3.8.6, where improper control of filenames in PHP include/require statements allows attackers to read arbitrary files from the affected server. An unauthenticated remote attacker can exploit this vulnerability to disclose sensitive information such as configuration files, database credentials, and other system files. This vulnerability has been documented by Patchstack and tracked under EUVD-2026-15701; no CVSS score is currently assigned, though the tags indicate it enables information disclosure through PHP-based file inclusion.

A Local File Inclusion (LFI) vulnerability exists in the JWSThemes LoveDate WordPress theme through version 3.8.5, allowing attackers to read arbitrary files from the affected server through improper control of filename parameters in PHP include/require statements. The vulnerability affects all versions of LoveDate prior to 3.8.6, and an attacker can exploit this to disclose sensitive information such as configuration files, database credentials, and other system files without requiring authentication or special privileges.

A PHP Local File Inclusion (LFI) vulnerability exists in jwsthemes Feedy theme versions prior to 2.1.5, stemming from improper control of filenames in PHP include/require statements. This vulnerability allows unauthenticated attackers to read arbitrary files from the affected server, potentially exposing sensitive configuration files, database credentials, and other confidential information. The vulnerability is classified under CWE-98 (Improper Control of Filename for Include/Require Statement) and was reported by Patchstack, affecting WordPress installations using the vulnerable Feedy theme.

A Local File Inclusion (LFI) vulnerability exists in jwsthemes StreamVid WordPress theme versions prior to 6.8.6, where improper control of filename parameters in PHP include/require statements allows attackers to read arbitrary files from the server. The vulnerability is classified as CWE-98 (Improper Control of Filename for Include/Require Statement in PHP Program) and has been documented by Patchstack with ENISA tracking ID EUVD-2026-15696. While no CVSS score or EPSS data is currently published, the LFI classification indicates potential for sensitive information disclosure including configuration files, source code, and credentials.

A improper input validation vulnerability in GalleryCreator SimpLy Gallery plugin (versions up to 3.3.2) allows attackers to access functionality that should be restricted by access control lists (ACLs), potentially leading to information disclosure and arbitrary code execution. The vulnerability affects WordPress installations using the simply-gallery-block plugin and stems from insufficient validation of quantity inputs combined with inadequate authorization checks. While CVSS scoring is unavailable, the reported nature of the vulnerability suggests elevated risk due to the potential for unauthorized functionality access and code execution capabilities.

The RadiusTheme Review Schema WordPress plugin versions up to and including 2.2.6 contains an information disclosure vulnerability (CWE-497) that allows unauthorized attackers to retrieve embedded sensitive data through the plugin's schema implementation. An attacker can exploit this vulnerability to access system information that should not be exposed, potentially leveraging the data for reconnaissance or further attacks. No CVSS score, EPSS data, or confirmed KEV/POC status is currently available, but the vulnerability has been documented by Patchstack and assigned EUVD-2026-15657.

Contact Form by WPForms versions up to 1.9.8.7 contain an Insertion of Sensitive Information Into Sent Data vulnerability (CWE-201) that allows attackers to retrieve embedded sensitive data from contact form submissions. This information disclosure flaw affects the popular WordPress plugin maintained by Syed Balkhi, potentially exposing user data submitted through contact forms. While CVSS and EPSS scores are not yet published and KEV/POC status is unknown, the vulnerability was reported through Patchstack and tracked under ENISA EUVD-2026-15649.

A Local File Inclusion (LFI) vulnerability exists in the NaturaLife Extensions WordPress plugin (versions up to 2.1) due to improper control of filenames in PHP include/require statements. This vulnerability allows unauthenticated attackers to read arbitrary files from the affected server, potentially leading to sensitive information disclosure such as configuration files, database credentials, and application source code. No CVSS score, EPSS data, or active KEV status is available, but the vulnerability is confirmed by Patchstack and tracked under EUVD-2026-15617.

AncoraThemes Wizor's investment theme for WordPress versions through 2.12 contains a Local File Inclusion (LFI) vulnerability that allows attackers to include and execute arbitrary local files on the server through improper handling of filename parameters in PHP include/require statements. This vulnerability enables information disclosure and potential remote code execution depending on server configuration and available files. While no CVSS score or EPSS data has been assigned, the vulnerability is tracked in the ENISA EUVD database (EUVD-2026-15532) and was reported by Patchstack, indicating active security research and likely proof-of-concept availability.

A Local File Inclusion (LFI) vulnerability exists in AncoraThemes VegaDays WordPress theme through version 1.2.0, allowing improper control of filenames in PHP include/require statements. Attackers can leverage this vulnerability to read arbitrary files from the affected server, potentially disclosing sensitive configuration files, database credentials, and other confidential data. While no CVSS score or EPSS data is currently available and KEV status is unknown, the vulnerability is classified as an information disclosure issue with a straightforward exploitation path typical of LFI vulnerabilities in WordPress themes.

This is a Local File Inclusion (LFI) vulnerability in AncoraThemes Unica WordPress theme versions up to and including 1.4.1, where improper control of filenames in PHP include/require statements allows attackers to read arbitrary local files from the affected server. An unauthenticated remote attacker can exploit this vulnerability to disclose sensitive information such as configuration files, database credentials, or other sensitive data stored on the server. The vulnerability is classified as CWE-98 (Improper Control of Filename for Include/Require Statement in PHP Program) and has been documented by Patchstack with ENISA EUVD tracking ID EUVD-2026-15528.

A Local File Inclusion (LFI) vulnerability exists in AncoraThemes Triompher WordPress theme versions up to and including 1.1.0, caused by improper control of filename parameters in PHP include/require statements. An unauthenticated attacker can exploit this vulnerability to read arbitrary files from the server, leading to information disclosure of sensitive data such as configuration files, database credentials, and other system files. No CVSS score, EPSS data, or known exploitation in the wild (KEV status) has been published, but the vulnerability is confirmed and documented by Patchstack with an available reference.

A security vulnerability in Elated-Themes Roisin roisin allows PHP Local File Inclusion (CVSS 8.1). High severity vulnerability requiring prompt remediation.

A Local File Inclusion (LFI) vulnerability exists in the Elated-Themes NeoBeat WordPress theme through version 1.2, allowing attackers to read arbitrary files from the affected server through improper control of filename parameters in PHP include/require statements. The vulnerability enables information disclosure attacks where an attacker can access sensitive files such as configuration files, database credentials, and source code without requiring authentication or special privileges. This is a CWE-98 vulnerability that transforms what was initially reported as PHP Remote File Inclusion (RFI) into a confirmed Local File Inclusion attack vector.

A Local File Inclusion (LFI) vulnerability exists in the Elated-Themes Gioia WordPress theme through version 1.4, allowing improper control of filenames in PHP include/require statements. Attackers can leverage this vulnerability to read sensitive local files from the affected web server, potentially disclosing configuration files, database credentials, or other confidential information. The vulnerability affects all installations of Gioia version 1.4 and earlier, with no CVSS or EPSS scoring data currently available, though the CWE-98 classification and LFI nature suggest moderate to high practical risk.

A Local File Inclusion (LFI) vulnerability exists in the AncoraThemes Dentalux WordPress theme through version 3.3, allowing attackers to include and execute arbitrary local files on the server. This vulnerability stems from improper control of filenames in PHP include/require statements (CWE-98), enabling attackers to read sensitive files or execute malicious code without requiring authentication. While no CVSS score or EPSS probability is currently available, the LFI classification and information disclosure tags indicate this poses a significant risk for unauthorized file access and potential remote code execution.

A Local File Inclusion (LFI) vulnerability exists in the Elated-Themes Amoli WordPress theme version 1.0 and earlier, stemming from improper control of filenames in PHP include/require statements. An attacker can exploit this weakness to read arbitrary files from the affected server, potentially disclosing sensitive configuration files, database credentials, or other confidential information. The vulnerability is classified under CWE-98 (Improper Control of Filename for Include/Require Statement in PHP Program) and has been documented by Patchstack with ENISA EUVD identifier EUVD-2026-15514.

A security vulnerability in ThemeREX ProLingua prolingua allows PHP Local File Inclusion (CVSS 8.1). High severity vulnerability requiring prompt remediation.

A Local File Inclusion (LFI) vulnerability exists in the ThemeREX Nelson WordPress theme through version 1.2.0, allowing attackers to read arbitrary files from the affected server. The vulnerability stems from improper control of filenames in PHP include/require statements (CWE-98), enabling information disclosure attacks without authentication. While no CVSS score or EPSS data is currently available, the LFI classification and public disclosure via Patchstack indicate this is a genuine security concern affecting WordPress installations using vulnerable Nelson theme versions.

A Local File Inclusion (LFI) vulnerability exists in AncoraThemes Mr. Cobbler WordPress theme through version 1.1.9, stemming from improper control of filenames in PHP include/require statements (CWE-98). An attacker can exploit this vulnerability to disclose sensitive local files from the affected server by manipulating include parameters. While no CVSS score or EPSS data is currently available and KEV status is unknown, the vulnerability is classified as high-severity due to its information disclosure impact and the ease with which LFI vulnerabilities are typically exploited.

This vulnerability is a Local File Inclusion (LFI) flaw in the Elated-Themes Lella WordPress theme that allows improper control of filename parameters in PHP include/require statements, enabling attackers to read arbitrary files from the affected server. The vulnerability affects Lella theme versions through 1.2, and while CVSS and EPSS scores are not available, the nature of LFI vulnerabilities typically permits information disclosure of sensitive files such as configuration files, database credentials, and source code. No KEV status or public proof-of-concept has been confirmed in this intelligence dataset, but the vulnerability was reported by Patchstack, a reputable WordPress security researcher.

A Local File Inclusion (LFI) vulnerability exists in the Laurent WordPress theme (versions up to 3.1) due to improper control of filenames in PHP include/require statements, allowing attackers to read arbitrary files from the affected server. This vulnerability, reported by Patchstack and tracked as EUVD-2026-15503, enables information disclosure attacks without requiring authentication or special privileges. The vulnerability is classified under CWE-98 (Improper Control of Filename for Include/Require Statement in PHP) and affects all installations of Laurent theme version 3.1 and earlier.

A Local File Inclusion (LFI) vulnerability exists in the AncoraThemes Hypnotherapy WordPress theme through version 1.2.10, allowing attackers to read arbitrary files from the affected server by manipulating filename parameters in PHP include/require statements. This vulnerability is classified as CWE-98 (Improper Control of Filename for Include/Require Statement) and enables information disclosure attacks. The vulnerability has been documented by Patchstack and assigned EUVD ID EUVD-2026-15502, though no CVSS score or CVSS vector has been formally assigned, and active exploitation status remains unconfirmed in public intelligence.

AncoraThemes Greenville WordPress theme versions up to and including 1.3.2 contain a Local File Inclusion (LFI) vulnerability resulting from improper control of filenames in PHP include/require statements (CWE-98). An attacker can exploit this vulnerability to read arbitrary files from the affected server, leading to information disclosure of sensitive configuration files, source code, and other locally stored data. No CVSS score, EPSS probability, or KEV status have been assigned at this time, though the vulnerability has been formally documented by Patchstack and assigned an ENISA EUVD ID.

A Local File Inclusion (LFI) vulnerability exists in the ThemeREX Good Homes WordPress theme through version 1.3.13, allowing attackers to include and execute arbitrary local files on the affected server. The vulnerability stems from improper control of filenames in PHP include/require statements (CWE-98), enabling unauthenticated attackers to disclose sensitive information or achieve remote code execution by accessing system files. No CVSS score, EPSS data, or active KEV designation was reported, but the LFI classification and information disclosure impact indicate this requires prompt patching.

A Local File Inclusion (LFI) vulnerability exists in the Elated-Themes Gaspard WordPress theme through version 1.3, stemming from improper control of filenames in PHP include/require statements. An unauthenticated attacker can exploit this vulnerability to read arbitrary files from the affected server, potentially disclosing sensitive information such as configuration files, database credentials, or other sensitive data. The vulnerability affects all versions up to and including 1.3, and while no CVSS score or EPSS data is currently published, the LFI classification and information disclosure impact indicate this requires prompt remediation.

Insufficient parameter validation in Cisco IOS XE Software's Lobby Ambassador management API allows authenticated remote attackers to bypass access controls and create unauthorized administrative accounts. An attacker with standard Lobby Ambassador credentials can exploit this flaw to escalate privileges and gain full management API access on affected devices. This impacts Cisco and Apple products and currently has no available patch.

Cisco Meraki devices running vulnerable IOS XE Software transmit configuration data over unencrypted channels, enabling remote attackers to intercept sensitive device information through on-path attacks. The vulnerability requires user interaction and network proximity but carries no patch availability, leaving affected organizations exposed until remediation is implemented. This affects both Cisco and Apple products integrating the vulnerable software.

Memory exhaustion in BIND 9 resolver allows unauthenticated remote attackers to cause denial of service by querying specially crafted domains, affecting versions 9.20.0-9.20.20, 9.21.0-9.21.19, and 9.20.9-S1-9.20.20-S1. The vulnerability stems from improper memory management (CWE-772) and can be triggered without authentication or user interaction. Patches are available for affected Ubuntu, SUSE, and Debian systems.

BIND resolver servers performing DNSSEC validation can be forced into excessive CPU consumption when encountering a maliciously crafted DNS zone, resulting in denial of service. The vulnerability affects BIND 9 versions from 9.11.0 through current versions across multiple branches (9.16.50, 9.18.46, 9.20.20, 9.21.19) including BIND Supported Preview Edition variants. The CVSS score of 7.5 indicates high availability impact with network-based exploitation requiring no authentication, though no active exploitation (KEV) or proof-of-concept availability has been indicated in the provided data.

A privilege escalation vulnerability exists in Panorama Suite where certificate private keys installed via the Network and Security tool are granted unnecessary access rights to the operator group, potentially allowing local privileged users to access sensitive cryptographic material. Panorama Suite 2025 versions up to 25.00.004 are affected unless patch PS-2500-00-0357 or higher is applied, while version 25.10.007 (Updated Dec. 25) is not vulnerable. This vulnerability has not been reported as actively exploited (no KEV status), but represents a real information disclosure risk due to improper Windows file permission assignment on security-critical objects.

Panorama Web HMI contains a path traversal vulnerability (CWE-552) that allows unauthenticated remote attackers to read arbitrary server files if their paths are known and accessible to the service account. The vulnerability affects Panorama Suite versions 2022-SP1, 2023, and 2025 installations, requiring specific security updates to remediate. Currently no patch is available for the latest affected versions.

A race condition exists in the Linux kernel's bridge CFM (Connectivity Fault Management) peer MEP (Maintenance End Point) deletion code where a delayed work queue can be rescheduled between the cancellation check and memory freeing, leading to use-after-free on freed memory. This affects all Linux kernel versions with the vulnerable bridge CFM implementation. An attacker with local access to trigger peer MEP deletion while CFM frame reception occurs could cause a kernel use-after-free condition potentially leading to information disclosure or denial of service.

A use-after-free vulnerability exists in the Linux kernel's netfilter nf_tables flowtable implementation during error handling in the hook registration path. When hook registration fails (due to reaching maximum hook limits or hardware offload setup failures), the flowtable is not properly synchronized with RCU grace periods before being released, allowing concurrent packet processing or control plane operations (nfnetlink_hook) to access freed memory. This vulnerability affects all Linux kernel versions with the vulnerable nf_tables code and was discovered via KASAN reports during hook dumping operations; while not currently listed in known exploited vulnerabilities (KEV) databases, the use-after-free nature presents a real risk for denial of service or information disclosure in environments utilizing netfilter flowtables.

A use-after-free vulnerability exists in the Linux kernel's netfilter xt_CT module where pending enqueued packets maintain references to template objects that can be freed when helper modules are removed or timeout policies are deleted via nfnetlink_cttimeout. An attacker with the ability to unload kernel modules or manipulate netfilter timeout policies could trigger a kernel crash or information disclosure by causing the kernel to access freed memory when processing queued packets. While no CVSS score, EPSS probability, or KEV status has been assigned, the availability of six distinct kernel patch commits across stable branches indicates active remediation and acknowledgment of the vulnerability as a real kernel stability issue.

A kernel stack memory leak exists in the Linux kernel's RDMA/ionic driver within the ionic_create_cq() function, where uninitialized stack memory is copied to userspace via the ionic_cq_resp structure. An unprivileged local attacker with access to RDMA/ionic devices can trigger this vulnerability to leak up to 11 bytes of sensitive kernel stack data, potentially revealing kernel addresses, cryptographic material, or other sensitive information useful for further exploitation. The vulnerability is not listed in CISA's Known Exploited Vulnerabilities catalog, and no public proof-of-concept has been disclosed; however, patches are available across multiple stable kernel branches.

This vulnerability affects the Linux kernel's ARM64 BPF JIT compiler, where insufficient alignment requirements (4 bytes instead of 8 bytes) for the JIT buffer cause the bpf_plt structure's u64 target field to be misaligned. This misalignment creates two critical issues: UBSAN generates warnings for undefined behavior, and more dangerously, concurrent updates to the target field via WRITE_ONCE() in bpf_arch_text_poke() can result in torn 64-bit reads on ARM64 systems, causing the JIT to jump to corrupted addresses. Linux kernel versions using ARM64 BPF JIT are affected, and while there is no public exploit code available, this represents a memory corruption vulnerability that could lead to privilege escalation or denial of service. Multiple stable kernel patches are available addressing this issue.

A race condition exists in the Linux kernel's NFC rawsock implementation where the tx_work function can execute concurrently with socket teardown, leading to use-after-free vulnerabilities when accessing NCI device structures. This affects all Linux kernel versions with the vulnerable NFC rawsock code path, particularly impacting systems where processes are forcefully terminated (e.g., via SIGKILL). An attacker with local access to trigger socket teardown race conditions could cause kernel memory corruption, information disclosure, or denial of service.

A credential disclosure vulnerability exists in the Linux kernel's Dell WMI System Management (dell-wmi-sysman) module where the set_new_password() function performs hex dumps of memory buffers containing plaintext password data, including both current and new passwords. This affects all Linux kernel versions with the vulnerable dell-wmi-sysman driver, allowing local attackers with access to kernel logs or debug output to extract sensitive authentication credentials. While no CVSS score, EPSS probability, or active KEV status is currently assigned, the patch availability across six stable kernel branches indicates the vulnerability has been formally addressed by the Linux kernel maintainers.

The Linux kernel's ksmbd (SMB server implementation) component uses the non-constant-time memcmp() function to compare Message Authentication Codes (MACs) instead of the cryptographically-secure crypto_memneq() function, enabling timing-based attacks to leak authentication credentials. All Linux kernel versions with ksmbd are affected, allowing attackers to potentially forge authentication by measuring response time differences during MAC validation. While no public exploit code is confirmed, multiple stable kernel branches have received patches addressing this vulnerability, indicating kernel maintainers treated this as a legitimate information disclosure risk.

A resource management vulnerability exists in the Linux kernel's DRM/XE (Intel Graphics Execution Manager) queue initialization code where the finalization function is not called when execution queue creation fails, leaving the queue registered in the GuC (GPU Unified Compute) list and potentially causing invalid memory references. This affects all Linux kernel versions containing the vulnerable DRM/XE driver code. The vulnerability could lead to memory corruption or system instability when an exec queue creation failure occurs, though exploitation would require local kernel code execution capability or ability to trigger queue creation failures.

A use-after-free (UAF) vulnerability exists in the Linux kernel's network queue discipline (qdisc) subsystem when shrinking the number of transmit queues on network interfaces. The vulnerability occurs because qdisc_reset_all_tx_gt() can reset and free skb buffers concurrently with the lockless dequeue path (qdisc_run_begin/end), allowing freed memory to be accessed during packet dequeuing. All Linux kernels with lockless qdisc support are affected, and the vulnerability has been demonstrated via a practical reproduction case involving virtio-net devices under heavy traffic while changing queue pair counts. Multiple stable kernel patches are available addressing the issue.