Total
9615 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-12363 | 1 Azure-access | 4 Blu-ic2, Blu-ic2 Firmware, Blu-ic4 and 1 more | 2025-11-10 | N/A | 7.5 HIGH |
|
Email Password Disclosure.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.
|
|||||
| CVE-2025-59184 | 1 Microsoft | 5 Windows Server 2016, Windows Server 2019, Windows Server 2022 and 2 more | 2025-11-07 | N/A | 5.5 MEDIUM |
|
Exposure of sensitive information to an unauthorized actor in Windows High Availability Services allows an authorized attacker to disclose information locally.
|
|||||
| CVE-2025-24263 | 1 Apple | 1 Macos | 2025-11-07 | N/A | 9.8 CRITICAL |
|
A privacy issue was addressed by moving sensitive data to a protected location. This issue is fixed in macOS Sequoia 15.4. An app may be able to observe unprotected user data.
|
|||||
| CVE-2025-54323 | 1 Samsung | 24 Exynos 1080, Exynos 1080 Firmware, Exynos 1280 and 21 more | 2025-11-07 | N/A | 7.5 HIGH |
|
An issue was discovered in the camera in Samsung Mobile Processor Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, and 1580. Improper debug printing leads to information leakage.
|
|||||
| CVE-2025-2348 | 1 Iroadau | 2 Fx2, Fx2 Firmware | 2025-11-06 | 3.3 LOW | 4.3 MEDIUM |
|
A vulnerability was found in IROAD Dash Cam FX2 up to 20250308. It has been classified as problematic. Affected is an unknown function of the file /mnt/extsd/event/ of the component HTTP/RTSP. The manipulation leads to information disclosure. The attack needs to be initiated within the local network. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2025-12677 | 2025-11-06 | N/A | 5.3 MEDIUM | ||
|
The KiotViet Sync plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.8.5 via the register_api_route() function in kiotvietsync/includes/public_actions/WebHookAction.php. This makes it possible for unauthenticated attackers to extract the webhook token value when configured.
|
|||||
| CVE-2025-20377 | 2025-11-06 | N/A | 4.3 MEDIUM | ||
|
A vulnerability in the API subsystem of Cisco Unified Intelligence Center could allow an authenticated, remote attacker to obtain sensitive information from an affected system.
This vulnerability is due to improper validation of requests to certain API endpoints. An attacker could exploit this vulnerability by sending a valid request to a specific API endpoint within the affected system. A successful exploit could allow a low-privileged user to view sensitive information on the affected syste ...
Show More |
|||||
| CVE-2025-11749 | 2025-11-06 | N/A | 9.8 CRITICAL | ||
|
The AI Engine plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.1.3 via the /mcp/v1/ REST API endpoint that exposes the 'Bearer Token' value when 'No-Auth URL' is enabled. This makes it possible for unauthenticated attackers to extract the bearer token, which can be used to gain access to a valid session and perform many actions like creating a new administrator account, leading to privilege escalation.
|
|||||
| CVE-2025-12139 | 2025-11-06 | N/A | 7.5 HIGH | ||
|
The File Manager for Google Drive – Integrate Google Drive with WordPress plugin for WordPress is vulnerable to sensitive information exposure in all versions up to, and including, 1.5.3 via the "get_localize_data" function. This makes it possible for unauthenticated attackers to extract sensitive data including Google OAuth credentials (client_id and client_secret) and Google account email addresses.
|
|||||
| CVE-2025-34272 | 1 Nagios | 1 Log Server | 2025-11-06 | N/A | 6.5 MEDIUM |
|
In Nagios Log Server versions prior to 2024R2.0.3, when a user's configured default dashboard is deleted, the application does not reliably fall back to an empty, default dashboard. In some implementations this can result in an unexpected dashboard being presented as the user's default view. Depending on the product's dashboard sharing and access policies, this behavior may cause information exposure or unexpected privilege exposure.
|
|||||
| CVE-2025-58739 | 1 Microsoft | 16 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 13 more | 2025-11-06 | N/A | 6.5 MEDIUM |
|
Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network.
|
|||||
| CVE-2024-29197 | 1 Pimcore | 1 Pimcore | 2025-11-05 | N/A | 6.5 MEDIUM |
|
Pimcore is an Open Source Data & Experience Management Platform. Any call with the query argument `?pimcore_preview=true` allows to view unpublished sites. In previous versions of Pimcore, session information would propagate to previews, so only a logged in user could open a preview. This no longer applies. Previews are broad open to any user and with just the hint of a restricted link one could gain access to possible confident / unreleased information. This vulnerability is fixed in 11.2.2 and ...
Show More |
|||||
| CVE-2025-59186 | 1 Microsoft | 5 Windows Server 2016, Windows Server 2019, Windows Server 2022 and 2 more | 2025-11-05 | N/A | 5.5 MEDIUM |
|
Exposure of sensitive information to an unauthorized actor in Windows Kernel allows an authorized attacker to disclose information locally.
|
|||||
| CVE-2025-59188 | 1 Microsoft | 6 Windows Server 2012, Windows Server 2016, Windows Server 2019 and 3 more | 2025-11-05 | N/A | 5.5 MEDIUM |
|
Exposure of sensitive information to an unauthorized actor in Windows Failover Cluster allows an authorized attacker to disclose information locally.
|
|||||
| CVE-2025-12297 | 1 Pybbs Project | 1 Pybbs | 2025-11-05 | 4.0 MEDIUM | 4.3 MEDIUM |
|
A vulnerability was detected in atjiu pybbs up to 6.0.0. This affects an unknown function of the file UserApiController.java. The manipulation results in information disclosure. The attack may be launched remotely. The exploit is now public and may be used.
|
|||||
| CVE-2025-58458 | 1 Jenkins | 1 Git Client | 2025-11-04 | N/A | 4.3 MEDIUM |
|
In Jenkins Git client Plugin 6.3.2 and earlier, except 6.1.4 and 6.2.1, Git URL field form validation responses differ based on whether the specified file path exists on the controller when specifying `amazon-s3` protocol for use with JGit, allowing attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system.
|
|||||
| CVE-2025-55673 | 1 Apache | 1 Superset | 2025-11-04 | N/A | 4.3 MEDIUM |
|
When a guest user accesses a chart in Apache Superset, the API response from the /chart/data endpoint includes a query field in its payload. This field contains the underlying query, which improperly discloses database schema information, such as table names, to the low-privileged guest user.
This issue affects Apache Superset: before 4.1.3.
Users are recommended to upgrade to version 4.1.3, which fixes the issue.
|
|||||
| CVE-2025-43356 | 1 Apple | 7 Ipados, Iphone Os, Macos and 4 more | 2025-11-04 | N/A | 6.5 MEDIUM |
|
The issue was addressed with improved handling of caches. This issue is fixed in Safari 26, tvOS 26, watchOS 26, iOS 26 and iPadOS 26, visionOS 26, iOS 18.7 and iPadOS 18.7. A website may be able to access sensor information without user consent.
|
|||||
| CVE-2016-5597 | 1 Oracle | 2 Jdk, Jre | 2025-11-04 | 4.3 MEDIUM | 5.9 MEDIUM |
|
Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE Embedded 8u101 allows remote attackers to affect confidentiality via vectors related to Networking.
|
|||||
| CVE-2009-2260 | 1 Stardict | 1 Stardict | 2025-11-04 | 5.0 MEDIUM | N/A |
|
stardict 3.0.1, when Enable Net Dict is configured, sends the contents of the clipboard to a dictionary server, which allows remote attackers to obtain sensitive information by sniffing the network.
|
|||||
| CVE-2023-42936 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2025-11-04 | N/A | 5.5 MEDIUM |
|
This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Monterey 12.7.2, macOS Ventura 13.6.3, iOS 17.2 and iPadOS 17.2, tvOS 17.2, watchOS 10.2, macOS Sonoma 14.2. An app may be able to access user-sensitive data.
|
|||||
| CVE-2023-42934 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2025-11-04 | N/A | 4.2 MEDIUM |
|
An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14, iOS 17 and iPadOS 17. An app with root privileges may be able to access private information.
|
|||||
| CVE-2023-42884 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2025-11-04 | N/A | 5.5 MEDIUM |
|
This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sonoma 14.2, iOS 17.2 and iPadOS 17.2, macOS Ventura 13.6.3, tvOS 17.2, iOS 16.7.3 and iPadOS 16.7.3. An app may be able to disclose kernel memory.
|
|||||
| CVE-2023-41987 | 1 Apple | 1 Macos | 2025-11-04 | N/A | 5.5 MEDIUM |
|
This issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. An app may be able to access sensitive user data.
|
|||||
| CVE-2023-41260 | 1 Bestpractical | 1 Request Tracker | 2025-11-04 | N/A | 7.5 HIGH |
|
Best Practical Request Tracker (RT) before 4.4.7 and 5.x before 5.0.5 allows Information Exposure in responses to mail-gateway REST API calls.
|
|||||
| CVE-2023-41259 | 1 Bestpractical | 1 Request Tracker | 2025-11-04 | N/A | 7.5 HIGH |
|
Best Practical Request Tracker (RT) before 4.4.7 and 5.x before 5.0.5 allows Information Disclosure via fake or spoofed RT email headers in an email message or a mail-gateway REST API call.
|
|||||
| CVE-2023-40411 | 1 Apple | 1 Macos | 2025-11-04 | N/A | 5.5 MEDIUM |
|
This issue was addressed with improved data protection. This issue is fixed in macOS Sonoma 14. An app may be able to access user-sensitive data.
|
|||||
| CVE-2025-1115 | 1 Rt-thread | 1 Rt-thread | 2025-11-04 | 1.7 LOW | 3.3 LOW |
|
A vulnerability classified as problematic was found in RT-Thread up to 5.1.0. Affected by this vulnerability is the function sys_device_close/sys_device_control/sys_device_find/sys_device_init/sys_device_open/sys_device_read/sys_device_register/sys_device_write/sys_event_delete/sys_event_recv/sys_event_send/sys_mb_delete/sys_mb_recv/sys_mb_send/sys_mb_send_wait/sys_mq_recv/sys_mq_send/sys_mq_urgent/sys_mutex_delete/sys_mutex_release/sys_mutex_take/sys_rt_timer_control/sys_rt_timer_delete/sys_rt_ ...
Show More |
|||||
| CVE-2024-25734 | 1 Wyrestorm | 2 Apollo Vx20, Apollo Vx20 Firmware | 2025-11-04 | N/A | 7.5 HIGH |
|
An issue was discovered on WyreStorm Apollo VX20 devices before 1.3.58. The TELNET service prompts for a password only after a valid username is entered, which might make it easier for remote attackers to enumerate user accounts.
|
|||||
| CVE-2024-23292 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2025-11-04 | N/A | 3.3 LOW |
|
This issue was addressed with improved data protection. This issue is fixed in macOS Sonoma 14.4, iOS 17.4 and iPadOS 17.4. An app may be able to access information about a user's contacts.
|
|||||
| CVE-2024-23235 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2025-11-04 | N/A | 4.7 MEDIUM |
|
A race condition was addressed with additional validation. This issue is fixed in macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6, tvOS 17.4. An app may be able to access user-sensitive data.
|
|||||
| CVE-2024-23228 | 1 Apple | 2 Ipados, Iphone Os | 2025-11-04 | N/A | 3.3 LOW |
|
This issue was addressed through improved state management. This issue is fixed in iOS 17.3 and iPadOS 17.3. Locked Notes content may have been unexpectedly unlocked.
|
|||||
| CVE-2024-23224 | 1 Apple | 1 Macos | 2025-11-04 | N/A | 5.5 MEDIUM |
|
The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.3, macOS Ventura 13.6.4. An app may be able to access sensitive user data.
|
|||||
| CVE-2024-23207 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2025-11-04 | N/A | 5.5 MEDIUM |
|
This issue was addressed with improved redaction of sensitive information. This issue is fixed in watchOS 10.3, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, macOS Ventura 13.6.4, macOS Monterey 12.7.3. An app may be able to access sensitive user data.
|
|||||
| CVE-2023-45236 | 1 Tianocore | 1 Edk2 | 2025-11-04 | N/A | 5.8 MEDIUM |
|
EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number. This
vulnerability can be exploited by an attacker to gain unauthorized
access and potentially lead to a loss of Confidentiality.
|
|||||
| CVE-2023-42940 | 1 Apple | 1 Macos | 2025-11-04 | N/A | 5.7 MEDIUM |
|
A session rendering issue was addressed with improved session tracking. This issue is fixed in macOS Sonoma 14.2.1. A user who shares their screen may unintentionally share the incorrect content.
|
|||||
| CVE-2023-42888 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2025-11-04 | N/A | 5.5 MEDIUM |
|
The issue was addressed with improved checks. This issue is fixed in iOS 16.7.5 and iPadOS 16.7.5, watchOS 10.2, macOS Ventura 13.6.4, macOS Sonoma 14.2, macOS Monterey 12.7.3, iOS 17.2 and iPadOS 17.2. Processing a maliciously crafted image may result in disclosure of process memory.
|
|||||
| CVE-2023-28826 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2025-11-04 | N/A | 5.5 MEDIUM |
|
This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, macOS Monterey 12.7.4, macOS Sonoma 14.1, macOS Ventura 13.6.5. An app may be able to access sensitive user data.
|
|||||
| CVE-2025-43449 | 1 Apple | 2 Ipados, Iphone Os | 2025-11-04 | N/A | 7.5 HIGH |
|
The issue was addressed with improved handling of caches. This issue is fixed in iOS 26.1 and iPadOS 26.1. A malicious app may be able to track users between installs.
|
|||||
| CVE-2025-62524 | 1 Thm | 1 Pilos | 2025-11-04 | N/A | 5.3 MEDIUM |
|
PILOS (Platform for Interactive Live-Online Seminars) is a frontend for BigBlueButton. PILOS before 4.8.0 exposes the PHP version via the X-Powered-By header, enabling attackers to fingerprint the server and assess potential exploits. This information disclosure vulnerability originates from PHP’s base image. Additionally, the PHP version can also be inferred through the PILOS version displayed in the footer and by examining the source code available on GitHub. This information disclosure vulner ...
Show More |
|||||