Total
271 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-24589 | 2026-01-23 | 5.3 Medium | ||
| Insertion of Sensitive Information Into Sent Data vulnerability in Cargus eCommerce Cargus cargus allows Retrieve Embedded Sensitive Data.This issue affects Cargus: from n/a through <= 1.5.8. | ||||
| CVE-2025-63019 | 1 Wordpress | 1 Wordpress | 2026-01-23 | N/A |
| Insertion of Sensitive Information Into Sent Data vulnerability in Johan Jonk Stenström Cookies and Content Security Policy cookies-and-content-security-policy allows Retrieve Embedded Sensitive Data.This issue affects Cookies and Content Security Policy: from n/a through <= 2.34. | ||||
| CVE-2025-68006 | 1 Wordpress | 1 Wordpress | 2026-01-23 | N/A |
| Insertion of Sensitive Information Into Sent Data vulnerability in Deetronix Booking Ultra Pro booking-ultra-pro allows Retrieve Embedded Sensitive Data.This issue affects Booking Ultra Pro: from n/a through <= 1.1.23. | ||||
| CVE-2025-68035 | 1 Wordpress | 1 Wordpress | 2026-01-23 | N/A |
| Insertion of Sensitive Information Into Sent Data vulnerability in tabbyai Tabby Checkout tabby-checkout allows Retrieve Embedded Sensitive Data.This issue affects Tabby Checkout: from n/a through <= 5.8.4. | ||||
| CVE-2026-24565 | 2026-01-23 | N/A | ||
| Insertion of Sensitive Information Into Sent Data vulnerability in bPlugins B Accordion b-accordion allows Retrieve Embedded Sensitive Data.This issue affects B Accordion: from n/a through <= 2.0.0. | ||||
| CVE-2026-24559 | 2026-01-23 | N/A | ||
| Insertion of Sensitive Information Into Sent Data vulnerability in CRM Perks Integration for Contact Form 7 HubSpot cf7-hubspot allows Retrieve Embedded Sensitive Data.This issue affects Integration for Contact Form 7 HubSpot: from n/a through <= 1.4.3. | ||||
| CVE-2026-24557 | 2026-01-23 | N/A | ||
| Insertion of Sensitive Information Into Sent Data vulnerability in WEN Solutions Contact Form 7 GetResponse Extension contact-form-7-getresponse-extension allows Retrieve Embedded Sensitive Data.This issue affects Contact Form 7 GetResponse Extension: from n/a through <= 1.0.8. | ||||
| CVE-2026-22246 | 1 Joinmastodon | 1 Mastodon | 2026-01-22 | 6.5 Medium |
| Mastodon is a free, open-source social network server based on ActivityPub. Mastodon 4.3 added notifications of severed relationships, allowing end-users to inspect the relationships they lost as the result of a moderation action. The code allowing users to download lists of severed relationships for a particular event fails to check the owner of the list before returning the lost relationships. Any registered local user can access the list of lost followers and followed users caused by any severance event, and go through all severance events this way. The leaked information does not include the name of the account which has lost follows and followers. This has been fixed in Mastodon v4.3.17, v4.4.11 and v4.5.4. | ||||
| CVE-2025-58098 | 1 Apache | 1 Http Server | 2026-01-22 | 8.3 High |
| Apache HTTP Server 2.4.65 and earlier with Server Side Includes (SSI) enabled and mod_cgid (but not mod_cgi) passes the shell-escaped query string to #exec cmd="..." directives. This issue affects Apache HTTP Server before 2.4.66. Users are recommended to upgrade to version 2.4.66, which fixes the issue. | ||||
| CVE-2026-23878 | 1 Hotcrp | 1 Hotcrp | 2026-01-20 | 6.5 Medium |
| HotCRP is conference review software. Starting in commit aa20ef288828b04550950cf67c831af8a525f508 and prior to commit ceacd5f1476458792c44c6a993670f02c984b4a0, authors with at least one submission on a HotCRP site could use the document API to download any documents (PDFs, attachments) associated with any submission. The problem was patched in commit ceacd5f1476458792c44c6a993670f02c984b4a0. | ||||
| CVE-2025-68989 | 2 Renzojohnson, Wordpress | 2 Contact Form 7 Extension For Mailchimp, Wordpress | 2026-01-20 | 7.5 High |
| Insertion of Sensitive Information Into Sent Data vulnerability in Renzo Johnson Contact Form 7 Extension For Mailchimp contact-form-7-mailchimp-extension allows Retrieve Embedded Sensitive Data.This issue affects Contact Form 7 Extension For Mailchimp: from n/a through <= 0.9.49. | ||||
| CVE-2025-68516 | 2 Essekia, Wordpress | 2 Tablesome Table, Wordpress | 2026-01-20 | 7.5 High |
| Insertion of Sensitive Information Into Sent Data vulnerability in Essekia Tablesome tablesome allows Retrieve Embedded Sensitive Data.This issue affects Tablesome: from n/a through <= 1.1.35.1. | ||||
| CVE-2025-68040 | 2 Wedevs, Wordpress | 2 Wp Project Manager, Wordpress | 2026-01-20 | 6.5 Medium |
| Insertion of Sensitive Information Into Sent Data vulnerability in weDevs WP Project Manager wedevs-project-manager allows Retrieve Embedded Sensitive Data.This issue affects WP Project Manager: from n/a through 3.0.1. | ||||
| CVE-2025-68033 | 2 Brechtvds, Wordpress | 2 Custom Related Posts, Wordpress | 2026-01-20 | 7.5 High |
| Insertion of Sensitive Information Into Sent Data vulnerability in Brecht Custom Related Posts allows Retrieve Embedded Sensitive Data.This issue affects Custom Related Posts: from n/a through 1.8.0. | ||||
| CVE-2025-68029 | 2 Wordpress, Wpswings | 2 Wordpress, Wallet System For Woocommerce | 2026-01-20 | 6.3 Medium |
| Insertion of Sensitive Information Into Sent Data vulnerability in WP Swings Wallet System for WooCommerce allows Retrieve Embedded Sensitive Data.This issue affects Wallet System for WooCommerce: from n/a through 2.7.2. | ||||
| CVE-2025-68014 | 1 Wordpress | 1 Wordpress | 2026-01-20 | 6.5 Medium |
| Insertion of Sensitive Information Into Sent Data vulnerability in Awethemes AweBooking allows Retrieve Embedded Sensitive Data.This issue affects AweBooking: from n/a through 3.2.26. | ||||
| CVE-2025-67931 | 2 Ait-pro, Wordpress | 2 Bulletproof-security, Wordpress | 2026-01-20 | 7.5 High |
| Insertion of Sensitive Information Into Sent Data vulnerability in AITpro BulletProof Security bulletproof-security allows Retrieve Embedded Sensitive Data.This issue affects BulletProof Security: from n/a through <= 6.9. | ||||
| CVE-2025-66126 | 1 Wordpress | 1 Wordpress | 2026-01-20 | 5.3 Medium |
| Insertion of Sensitive Information Into Sent Data vulnerability in wowpress.host Fix Media Library wow-media-library-fix allows Retrieve Embedded Sensitive Data.This issue affects Fix Media Library: from n/a through <= 2.0. | ||||
| CVE-2025-66125 | 2 Nitesh Singh, Wordpress | 2 Ultimate Wordpress Auction Plugin, Wordpress | 2026-01-20 | 5.3 Medium |
| Insertion of Sensitive Information Into Sent Data vulnerability in Nitesh Ultimate Auction ultimate-auction allows Retrieve Embedded Sensitive Data.This issue affects Ultimate Auction : from n/a through <= 4.3.2. | ||||
| CVE-2025-66116 | 2 Userelements, Wordpress | 2 Ultimate Member Widgets For Elementor, Wordpress | 2026-01-20 | 7.5 High |
| Insertion of Sensitive Information Into Sent Data vulnerability in UserElements Ultimate Member Widgets for Elementor ultimate-member-widgets-for-elementor allows Retrieve Embedded Sensitive Data.This issue affects Ultimate Member Widgets for Elementor: from n/a through <= 2.3. | ||||