Total
288 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-0887 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-01-22 | N/A | 4.3 MEDIUM |
|
Clickjacking issue, information disclosure in the PDF Viewer component. This vulnerability affects Firefox < 147, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.
|
|||||
| CVE-2025-69026 | 2026-01-20 | N/A | 4.3 MEDIUM | ||
|
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Roxnor PopupKit popup-builder-block allows Retrieve Embedded Sensitive Data.This issue affects PopupKit: from n/a through <= 2.1.5.
|
|||||
| CVE-2025-69025 | 2026-01-20 | N/A | 4.3 MEDIUM | ||
|
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Aethonic Poptics: AI-Powered Popup Builder for Lead Generation, Conversions, Exit-Intent, Email Opt-ins & WooCommerce Sales poptics allows Retrieve Embedded Sensitive Data.This issue affects Poptics: AI-Powered Popup Builder for Lead Generation, Conversions, Exit-Intent, Email Opt-ins & WooCommerce Sales: from n/a through <= 1.0.20.
|
|||||
| CVE-2025-68988 | 2026-01-20 | N/A | 7.5 HIGH | ||
|
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in o2oe E-Invoice App Malaysia einvoiceapp-malaysia allows Retrieve Embedded Sensitive Data.This issue affects E-Invoice App Malaysia: from n/a through <= 1.1.0.
|
|||||
| CVE-2025-68606 | 2026-01-20 | N/A | 7.5 HIGH | ||
|
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPXPO PostX ultimate-post allows Retrieve Embedded Sensitive Data.This issue affects PostX: from n/a through <= 5.0.3.
|
|||||
| CVE-2025-68576 | 2026-01-20 | N/A | 7.5 HIGH | ||
|
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Virusdie Virusdie virusdie allows Retrieve Embedded Sensitive Data.This issue affects Virusdie: from n/a through <= 1.1.6.
|
|||||
| CVE-2025-68551 | 2026-01-20 | N/A | 6.5 MEDIUM | ||
|
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Vikas Ratudi VPSUForm allows Retrieve Embedded Sensitive Data.This issue affects VPSUForm: from n/a through 3.2.24.
|
|||||
| CVE-2025-68494 | 1 Leap13 | 1 Premium Addons For Elementor | 2026-01-20 | N/A | 7.5 HIGH |
|
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Leap13 Premium Addons for Elementor premium-addons-for-elementor allows Retrieve Embedded Sensitive Data.This issue affects Premium Addons for Elementor: from n/a through <= 4.11.53.
|
|||||
| CVE-2025-67948 | 2026-01-20 | N/A | 4.3 MEDIUM | ||
|
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in SendPulse SendPulse Email Marketing Newsletter sendpulse-email-marketing-newsletter allows Retrieve Embedded Sensitive Data.This issue affects SendPulse Email Marketing Newsletter: from n/a through <= 2.2.1.
|
|||||
| CVE-2025-67621 | 2026-01-20 | N/A | 7.5 HIGH | ||
|
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in 10up Eight Day Week Print Workflow eight-day-week-print-workflow allows Retrieve Embedded Sensitive Data.This issue affects Eight Day Week Print Workflow: from n/a through <= 1.2.5.
|
|||||
| CVE-2025-67567 | 2026-01-20 | N/A | 5.3 MEDIUM | ||
|
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in uixthemes Sober sober allows Retrieve Embedded Sensitive Data.This issue affects Sober: from n/a through <= 3.5.11.
|
|||||
| CVE-2025-67565 | 2026-01-20 | N/A | 5.3 MEDIUM | ||
|
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in sizam Rehub rehub-theme allows Retrieve Embedded Sensitive Data.This issue affects Rehub: from n/a through <= 19.9.9.1.
|
|||||
| CVE-2025-67564 | 2026-01-20 | N/A | 5.3 MEDIUM | ||
|
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in alekv Pixel Manager for WooCommerce woocommerce-google-adwords-conversion-tracking-tag allows Retrieve Embedded Sensitive Data.This issue affects Pixel Manager for WooCommerce: from n/a through <= 1.51.1.
|
|||||
| CVE-2025-67546 | 2026-01-20 | N/A | 6.5 MEDIUM | ||
|
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in weDevs WP ERP erp allows Retrieve Embedded Sensitive Data.This issue affects WP ERP: from n/a through <= 1.16.6.
|
|||||
| CVE-2025-67470 | 2026-01-20 | N/A | 4.3 MEDIUM | ||
|
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Essential Plugin Portfolio and Projects portfolio-and-projects allows Retrieve Embedded Sensitive Data.This issue affects Portfolio and Projects: from n/a through <= 1.5.5.
|
|||||
| CVE-2025-66059 | 1 Castos | 1 Seriously Simple Podcasting | 2026-01-20 | N/A | 5.3 MEDIUM |
|
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Craig Hewitt Seriously Simple Podcasting seriously-simple-podcasting allows Retrieve Embedded Sensitive Data.This issue affects Seriously Simple Podcasting: from n/a through <= 3.13.0.
|
|||||
| CVE-2025-66056 | 2026-01-20 | N/A | 4.3 MEDIUM | ||
|
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Uncanny Owl Uncanny Automator uncanny-automator allows Retrieve Embedded Sensitive Data.This issue affects Uncanny Automator: from n/a through < 6.10.0.
|
|||||
| CVE-2025-64272 | 2026-01-20 | N/A | 6.5 MEDIUM | ||
|
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in GetResponse Email marketing for WordPress by GetResponse Official getresponse-official allows Retrieve Embedded Sensitive Data.This issue affects Email marketing for WordPress by GetResponse Official: from n/a through <= 1.5.3.
|
|||||
| CVE-2025-64270 | 2026-01-20 | N/A | 6.5 MEDIUM | ||
|
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in masteriyo Masteriyo - LMS learning-management-system allows Retrieve Embedded Sensitive Data.This issue affects Masteriyo - LMS: from n/a through <= 2.0.3.
|
|||||
| CVE-2025-64267 | 2026-01-20 | N/A | 4.3 MEDIUM | ||
|
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPSwings WooCommerce Ultimate Points And Rewards woocommerce-ultimate-points-and-rewards allows Retrieve Embedded Sensitive Data.This issue affects WooCommerce Ultimate Points And Rewards: from n/a through <= 2.10.2.
|
|||||
| CVE-2025-64228 | 2026-01-20 | N/A | 4.3 MEDIUM | ||
|
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in FantasticPlugins SUMO Affiliates Pro affs allows Retrieve Embedded Sensitive Data.This issue affects SUMO Affiliates Pro: from n/a through <= 11.0.0.
|
|||||
| CVE-2025-63070 | 2026-01-20 | N/A | 4.3 MEDIUM | ||
|
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Shahjada Download Manager download-manager allows Retrieve Embedded Sensitive Data.This issue affects Download Manager: from n/a through <= 3.3.32.
|
|||||
| CVE-2025-63058 | 2026-01-20 | N/A | 4.4 MEDIUM | ||
|
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Hiroaki Miyashita Custom Field Template custom-field-template allows Retrieve Embedded Sensitive Data.This issue affects Custom Field Template: from n/a through <= 2.7.4.
|
|||||
| CVE-2025-63013 | 2026-01-20 | N/A | 4.3 MEDIUM | ||
|
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in ThimPress WP Hotel Booking wp-hotel-booking allows Retrieve Embedded Sensitive Data.This issue affects WP Hotel Booking: from n/a through <= 2.2.7.
|
|||||
| CVE-2025-63009 | 2026-01-20 | N/A | 5.3 MEDIUM | ||
|
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in yuvalo WP Google Analytics Events wp-google-analytics-events allows Retrieve Embedded Sensitive Data.This issue affects WP Google Analytics Events: from n/a through <= 2.8.2.
|
|||||
| CVE-2025-62955 | 2026-01-20 | N/A | 4.3 MEDIUM | ||
|
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in HappyDevs TempTool allows Retrieve Embedded Sensitive Data.This issue affects TempTool: from n/a through 1.3.1.
|
|||||
| CVE-2025-62902 | 1 Themehunk | 1 Wp Popup Builder | 2026-01-20 | N/A | 7.5 HIGH |
|
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in ThemeHunk WP Popup Builder wp-popup-builder allows Retrieve Embedded Sensitive Data.This issue affects WP Popup Builder: from n/a through <= 1.3.6.
|
|||||
| CVE-2025-62737 | 2026-01-20 | N/A | 5.3 MEDIUM | ||
|
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in opicron Image Cleanup image-cleanup allows Retrieve Embedded Sensitive Data.This issue affects Image Cleanup: from n/a through <= 1.9.2.
|
|||||
| CVE-2025-62735 | 2026-01-20 | N/A | 5.3 MEDIUM | ||
|
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Joel User Spam Remover user-spam-remover allows Retrieve Embedded Sensitive Data.This issue affects User Spam Remover: from n/a through <= 1.1.
|
|||||
| CVE-2025-62143 | 2026-01-20 | N/A | 4.3 MEDIUM | ||
|
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in nicashmu Post Video Players allows Retrieve Embedded Sensitive Data.This issue affects Post Video Players: from n/a through 1.163.
|
|||||
| CVE-2025-62114 | 2026-01-20 | N/A | 5.3 MEDIUM | ||
|
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Marcelo Torres Download Media Library allows Retrieve Embedded Sensitive Data.This issue affects Download Media Library: from n/a through 0.2.1.
|
|||||
| CVE-2025-62083 | 2026-01-20 | N/A | 4.3 MEDIUM | ||
|
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WP Messiah BoomDevs WordPress Coming Soon Plugin allows Retrieve Embedded Sensitive Data.This issue affects BoomDevs WordPress Coming Soon Plugin: from n/a through 1.0.4.
|
|||||
| CVE-2025-59575 | 2026-01-20 | N/A | 5.0 MEDIUM | ||
|
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Stylemix MasterStudy LMS masterstudy-lms-learning-management-system allows Retrieve Embedded Sensitive Data.This issue affects MasterStudy LMS: from n/a through <= 3.6.20.
|
|||||
| CVE-2025-52752 | 2026-01-20 | N/A | 6.5 MEDIUM | ||
|
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in ThemeAtelier IDonatePro idonate-pro allows Retrieve Embedded Sensitive Data.This issue affects IDonatePro: from n/a through <= 2.1.9.
|
|||||
| CVE-2025-49914 | 2026-01-20 | N/A | 6.5 MEDIUM | ||
|
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in jetmonsters Restaurant Menu by MotoPress mp-restaurant-menu allows Retrieve Embedded Sensitive Data.This issue affects Restaurant Menu by MotoPress: from n/a through <= 2.4.7.
|
|||||
| CVE-2025-49340 | 2026-01-20 | N/A | 4.3 MEDIUM | ||
|
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Digages Direct Payments WP allows Retrieve Embedded Sensitive Data.This issue affects Direct Payments WP: from n/a through 1.3.0.
|
|||||
| CVE-2026-0494 | 2026-01-13 | N/A | 4.3 MEDIUM | ||
|
Under certain conditions SAP Fiori App Intercompany Balance Reconciliation application allows an attacker to access information which would otherwise be restricted. This has low impact on confidentiality of the application, integrity and availability are not impacted.
|
|||||
| CVE-2026-0853 | 2026-01-13 | N/A | 5.3 MEDIUM | ||
|
Certain NVR models developed by A-Plus Video Technologies has a Sensitive Data Exposure vulnerability, allowing unauthenticated remote attackers to access the debug page and obtain device status information.
|
|||||
| CVE-2025-24473 | 1 Fortinet | 1 Forticlient | 2026-01-08 | N/A | 3.7 LOW |
|
A exposure of sensitive system information to an unauthorized control sphere vulnerability in Fortinet FortiClientWindows 7.2.0 through 7.2.1, FortiClientWindows 7.0.13 through 7.0.14 may allow an unauthorized remote attacker to view application information via navigation to a hosted webpage, if Windows is configured to accept incoming connections to port 8053 (non-default setup)
|
|||||
| CVE-2025-31051 | 2026-01-08 | N/A | 5.3 MEDIUM | ||
|
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in EngoTheme Plant - Gardening & Houseplants WordPress Theme allows Retrieve Embedded Sensitive Data.This issue affects Plant - Gardening & Houseplants WordPress Theme: from n/a through 1.0.0.
|
|||||