Search Results (385 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-44017 3 Apple, Google, Gunosy 3 Ios, Android, Gunosy 2026-04-15 N/A
"Gunosy" App contains a vulnerability where sensitive information may be included in the application's outbound communication. If a user accesses a crafted URL, an attacker may obtain the JWT (JSON Web Token).
CVE-2024-32028 2026-04-15 4.1 Medium
OpenTelemetry dotnet is a dotnet telemetry framework. In affected versions of `OpenTelemetry.Instrumentation.Http` and `OpenTelemetry.Instrumentation.AspNetCore` the `url.full` writes attribute/tag on spans (`Activity`) when tracing is enabled for outgoing http requests and `OpenTelemetry.Instrumentation.AspNetCore` writes the `url.query` attribute/tag on spans (`Activity`) when tracing is enabled for incoming http requests. These attributes are defined by the Semantic Conventions for HTTP Spans. Up until version `1.8.1` the values written by `OpenTelemetry.Instrumentation.Http` & `OpenTelemetry.Instrumentation.AspNetCore` will pass-through the raw query string as was sent or received (respectively). This may lead to sensitive information (e.g. EUII - End User Identifiable Information, credentials, etc.) being leaked into telemetry backends (depending on the application(s) being instrumented) which could cause privacy and/or security incidents. Note: Older versions of `OpenTelemetry.Instrumentation.Http` & `OpenTelemetry.Instrumentation.AspNetCore` may use different tag names but have the same vulnerability. The `1.8.1` versions of `OpenTelemetry.Instrumentation.Http` & `OpenTelemetry.Instrumentation.AspNetCore` will now redact by default all values detected on transmitted or received query strings. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CVE-2025-68035 1 Wordpress 1 Wordpress 2026-04-15 7.5 High
Insertion of Sensitive Information Into Sent Data vulnerability in tabbyai Tabby Checkout tabby-checkout allows Retrieve Embedded Sensitive Data.This issue affects Tabby Checkout: from n/a through <= 5.8.4.
CVE-2025-53232 1 Wordpress 1 Wordpress 2026-04-15 5.8 Medium
Insertion of Sensitive Information Into Sent Data vulnerability in inkthemes WP Gmail SMTP wp-gmail-smtp allows Retrieve Embedded Sensitive Data.This issue affects WP Gmail SMTP: from n/a through <= 1.0.7.
CVE-2020-37093 1 Netis-systems 1 Netis E1+ 2026-04-15 7.5 High
Netis E1+ 1.2.32533 contains an information disclosure vulnerability that allows unauthenticated attackers to retrieve WiFi passwords through the netcore_get.cgi endpoint. Attackers can send a GET request to the endpoint to extract sensitive network credentials including SSID and WiFi passwords in plain text.
CVE-2025-8862 1 Yugabyte 1 Yugabytedb 2026-04-15 3.1 Low
YugabyteDB has been collecting diagnostics information from YugabyteDB servers, which may include sensitive gflag configurations. To mitigate this, we recommend upgrading the database to a version where this information is properly redacted.
CVE-2025-66566 2026-04-15 7.5 High
yawkat LZ4 Java provides LZ4 compression for Java. Insufficient clearing of the output buffer in Java-based decompressor implementations in lz4-java 1.10.0 and earlier allows remote attackers to read previous buffer contents via crafted compressed input. In applications where the output buffer is reused without being cleared, this may lead to disclosure of sensitive data. JNI-based implementations are not affected. This vulnerability is fixed in 1.10.1.
CVE-2025-59579 2 Presstigers, Wordpress 2 Simple Job Board, Wordpress 2026-04-15 7.5 High
Insertion of Sensitive Information Into Sent Data vulnerability in PressTigers Simple Job Board simple-job-board allows Retrieve Embedded Sensitive Data.This issue affects Simple Job Board: from n/a through <= 2.13.7.
CVE-2025-59578 1 Wordpress 1 Wordpress 2026-04-15 5.8 Medium
Insertion of Sensitive Information Into Sent Data vulnerability in wpdesk ShopMagic shopmagic-for-woocommerce allows Retrieve Embedded Sensitive Data.This issue affects ShopMagic: from n/a through <= 4.5.6.
CVE-2025-27244 2026-04-15 N/A
AssetView and AssetView CLOUD contain an issue with acquiring sensitive information from sent data to the developer. If exploited, sensitive information may be obtained by a remote unauthenticated attacker.
CVE-2025-49300 1 Wordpress 1 Wordpress 2026-04-15 2.7 Low
Insertion of Sensitive Information Into Sent Data vulnerability in shinetheme Traveler Option Tree custom-option-tree allows Retrieve Embedded Sensitive Data.This issue affects Traveler Option Tree: from n/a through <= 2.8.
CVE-2025-62997 2 Levelfourdevelopment, Wordpress 2 Wp-easycart, Wordpress 2026-04-15 5.3 Medium
Insertion of Sensitive Information Into Sent Data vulnerability in levelfourdevelopment WP EasyCart wp-easycart allows Retrieve Embedded Sensitive Data.This issue affects WP EasyCart: from n/a through <= 5.8.11.
CVE-2025-68006 1 Wordpress 1 Wordpress 2026-04-15 6.5 Medium
Insertion of Sensitive Information Into Sent Data vulnerability in Deetronix Booking Ultra Pro booking-ultra-pro allows Retrieve Embedded Sensitive Data.This issue affects Booking Ultra Pro: from n/a through <= 1.1.23.
CVE-2025-67931 2 Ait-pro, Wordpress 2 Bulletproof-security, Wordpress 2026-04-15 7.5 High
Insertion of Sensitive Information Into Sent Data vulnerability in AITpro BulletProof Security bulletproof-security allows Retrieve Embedded Sensitive Data.This issue affects BulletProof Security: from n/a through <= 6.9.
CVE-2025-68855 2 Themeglow, Wordpress 2 Jobboard Job Listing, Wordpress 2026-04-15 5.9 Medium
Insertion of Sensitive Information Into Sent Data vulnerability in themeglow JobBoard Job listing job-board-light allows Retrieve Embedded Sensitive Data.This issue affects JobBoard Job listing: from n/a through <= 1.2.8.
CVE-2025-53218 1 Wordpress 1 Wordpress 2026-04-15 5.8 Medium
Insertion of Sensitive Information Into Sent Data vulnerability in Saad Iqbal AppExperts appexperts allows Retrieve Embedded Sensitive Data.This issue affects AppExperts: from n/a through <= 1.4.5.
CVE-2025-65944 2 Getsentry, Sentry 2 Sentry, Sentry 2026-04-15 N/A
Sentry-Javascript is an official Sentry SDKs for JavaScript. From version 10.11.0 to before 10.27.0, when a Node.js application using the Sentry SDK has sendDefaultPii: true it is possible to inadvertently send certain sensitive HTTP headers, including the Cookie header, to Sentry. Those headers would be stored within a Sentry organization as part of the associated trace. A person with access to the Sentry organization could then view and use these sensitive values to impersonate or escalate their privileges within the application. This issue has been patched in version 10.27.0.
CVE-2025-48219 2026-04-15 3.5 Low
O2 UK before 2025-05-19 allows subscribers to determine the Cell ID of other subscribers by initiating an IMS (IP Multimedia Subsystem) call and then reading the utran-cell-id-3gpp field of a Cellular-Network-Info SIP header, aka an ECI (E-UTRAN Cell Identity) leak. The Cell ID might be usable to identify a cell location via crowdsourced data, and might correspond to a small physical area (e.g., if the called party is in a city centre). Removal of the Cellular-Network-Info header is mentioned in section 4.4.19 of ETSI TS 124 229.
CVE-2025-62979 1 Wordpress 1 Wordpress 2026-04-15 5.3 Medium
Insertion of Sensitive Information Into Sent Data vulnerability in airesvsg ACF to REST API acf-to-rest-api allows Retrieve Embedded Sensitive Data.This issue affects ACF to REST API: from n/a through <= 3.3.4.
CVE-2025-62026 2 Blockspare, Wordpress 2 Blockspare, Wordpress 2026-04-15 4.3 Medium
Insertion of Sensitive Information Into Sent Data vulnerability in Blockspare Blockspare blockspare allows Retrieve Embedded Sensitive Data.This issue affects Blockspare: from n/a through <= 3.2.13.2.