Total
9615 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-23592 | 1 Wallix | 1 Bastion Access Manager | 2025-03-24 | N/A | 7.5 HIGH |
|
WALLIX Access Manager 3.x through 4.0.x allows a remote attacker to access sensitive information.
|
|||||
| CVE-2024-48798 | 2025-03-24 | N/A | 7.5 HIGH | ||
|
An issue in Hubble Connected (com.hubbleconnected.vervelife) 2.00.81 allows a remote attacker to obtain sensitive information via the firmware update process.
|
|||||
| CVE-2024-31817 | 1 Totolink | 2 Ex200, Ex200 Firmware | 2025-03-24 | N/A | 7.5 HIGH |
|
In TOTOLINK EX200 V4.0.3c.7646_B20201211, an attacker can obtain sensitive information without authorization through the function getSysStatusCfg.
|
|||||
| CVE-2024-48799 | 2025-03-24 | N/A | 7.5 HIGH | ||
|
An issue in LOREX TECHNOLOGY INC com.lorexcorp.lorexping 1.4.22 allows a remote attacker to obtain sensitive information via the firmware update process.
|
|||||
| CVE-2022-46650 | 1 Sierrawireless | 9 Aleos, Es450, Gx450 and 6 more | 2025-03-24 | N/A | 4.9 MEDIUM |
|
Acemanager in ALEOS before version 4.16 allows a user with valid credentials to reconfigure the device to expose the ACEManager credentials on the pre-login status page.
|
|||||
| CVE-2024-30469 | 1 Wpexperts | 1 Wholesale For Woocommerce | 2025-03-24 | N/A | 5.3 MEDIUM |
|
Missing Authorization vulnerability in WPExperts Wholesale For WooCommerce.This issue affects Wholesale For WooCommerce: from n/a through 2.3.0.
|
|||||
| CVE-2022-48610 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2025-03-24 | N/A | 5.5 MEDIUM |
|
This issue was addressed through improved state management. This issue is fixed in macOS Ventura 13.1, watchOS 9.2, iOS 16.2 and iPadOS 16.2. An app may be able to access user-sensitive data.
|
|||||
| CVE-2024-44179 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2025-03-24 | N/A | 2.4 LOW |
|
This issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 17.7 and iPadOS 17.7, iOS 18 and iPadOS 18, macOS Sequoia 15. An attacker with physical access to a device may be able to read contact numbers from the lock screen.
|
|||||
| CVE-2024-20292 | 1 Cisco | 1 Duo Authentication For Windows Logon And Rdp | 2025-03-24 | N/A | 4.4 MEDIUM |
|
A vulnerability in the logging component of Cisco Duo Authentication for Windows Logon and RDP could allow an authenticated, local attacker to view sensitive information in clear text on an affected system.
This vulnerability is due to improper storage of an unencrypted registry key in certain logs. An attacker could exploit this vulnerability by accessing the logs on an affected system. A successful exploit could allow the attacker to view sensitive information in clear text.
|
|||||
| CVE-2024-51123 | 2025-03-22 | N/A | 7.5 HIGH | ||
|
An issue in Zertificon Z1 SecureMail Z1 SecureMail Gateway 4.44.2-7240-debian12 allows a remote attacker to obtain sensitive information via the /compose-pdf.xhtml?convid=[id] component.
|
|||||
| CVE-2024-32131 | 1 W3eden | 1 Download Manager | 2025-03-21 | N/A | 5.3 MEDIUM |
|
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in W3 Eden Inc. Download Manager allows Functionality Bypass.This issue affects Download Manager: from n/a through 3.2.82.
|
|||||
| CVE-2024-26864 | 1 Linux | 1 Linux Kernel | 2025-03-21 | N/A | 5.9 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
tcp: Fix refcnt handling in __inet_hash_connect().
syzbot reported a warning in sk_nulls_del_node_init_rcu().
The commit 66b60b0c8c4a ("dccp/tcp: Unhash sk from ehash for tb2 alloc
failure after check_estalblished().") tried to fix an issue that an
unconnected socket occupies an ehash entry when bhash2 allocation fails.
In such a case, we need to revert changes done by check_established(),
which does not hold refcnt when ins ...
Show More |
|||||
| CVE-2024-48824 | 2025-03-20 | N/A | 7.5 HIGH | ||
|
An issue in Automatic Systems Maintenance SlimLane 29565_d74ecce0c1081d50546db573a499941b10799fb7 allows a remote attacker to obtain sensitive information via the Racine & FileName parameters in the download-file.php component.
|
|||||
| CVE-2023-42925 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2025-03-20 | N/A | 3.3 LOW |
|
The issue was addressed with improved restriction of data container access. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to access Notes attachments.
|
|||||
| CVE-2024-38970 | 1 Vaethink | 1 Vaethink | 2025-03-20 | N/A | 4.9 MEDIUM |
|
vaeThink 1.0.2 is vulnerable to Information Disclosure via the system backend,access management administrator function.
|
|||||
| CVE-2024-27362 | 1 Samsung | 10 Exynos 1280, Exynos 1280 Firmware, Exynos 1330 and 7 more | 2025-03-20 | N/A | 4.4 MEDIUM |
|
A vulnerability was discovered in Samsung Mobile Processors Exynos 1280, Exynos 2200, Exynos 1330, Exynos 1380, and Exynos 2400 where they do not properly check the length of the data, which can lead to a Information disclosure.
|
|||||
| CVE-2023-23458 | 1 Sunellsecurity | 14 Sn-adr3804e1, Sn-adr3804e1 Firmware, Sn-adr3808e1 and 11 more | 2025-03-19 | N/A | 6.5 MEDIUM |
|
Sunell DVR, latest version, CWE-200: Exposure of Sensitive Information to an Unauthorized Actor through an unspecified request.
|
|||||
| CVE-2024-33880 | 2 Microsoft, Virtosoftware | 2 Sharepoint Server, Sharepoint Bulk File Download | 2025-03-19 | N/A | 5.3 MEDIUM |
|
An issue was discovered in VirtoSoftware Virto Bulk File Download 5.5.44 for SharePoint 2019. It discloses full pathnames via Virto.SharePoint.FileDownloader/Api/Download.ashx?action=archive.
|
|||||
| CVE-2024-22260 | 2025-03-19 | N/A | 6.8 MEDIUM | ||
|
VMware Workspace One UEM update addresses an information exposure vulnerability.
A malicious actor with network access to the Workspace One UEM may be
able to perform an attack resulting in an information exposure.
|
|||||
| CVE-2025-26263 | 2025-03-19 | N/A | 5.1 MEDIUM | ||
|
GeoVision ASManager Windows desktop application with the version 6.1.2.0 or less (fixed in 6.2.0), is vulnerable to credentials disclosure due to improper memory handling in the ASManagerService.exe process.
|
|||||
| CVE-2024-48789 | 2025-03-19 | N/A | 7.5 HIGH | ||
|
An issue in INATRONIC com.inatronic.drivedeck.home 2.6.23 allows a remote attacker to obtain sensitve information via the firmware update process.
|
|||||
| CVE-2024-0020 | 1 Google | 1 Android | 2025-03-19 | N/A | 5.5 MEDIUM |
|
In onActivityResult of NotificationSoundPreference.java, there is a possible way to hear audio files belonging to a different user due to a confused deputy. This could lead to local information disclosure across users of a device with no additional execution privileges needed. User interaction is not needed for exploitation.
|
|||||
| CVE-2024-39817 | 1 Cybozu | 1 Office | 2025-03-18 | N/A | 6.5 MEDIUM |
|
Insertion of sensitive information into sent data issue exists in Cybozu Office 10.0.0 to 10.8.6, which may allow a user who can login to the product to view data that the user does not have access by conducting 'search' under certain conditions in Custom App.
|
|||||
| CVE-2024-34897 | 2025-03-18 | N/A | 7.5 HIGH | ||
|
Nedis SmartLife android app v1.4.0 was discovered to contain an API key disclosure vulnerability.
|
|||||
| CVE-2024-42006 | 1 Keyfactor | 1 Aws Orchestrator | 2025-03-18 | N/A | 7.5 HIGH |
|
Keyfactor AWS Orchestrator through 2.0 allows Information Disclosure.
|
|||||
| CVE-2025-22918 | 2025-03-18 | N/A | 7.5 HIGH | ||
|
Polycom RealPresence Group 500 <=20 has Insecure Permissions due to automatically loaded cookies. This allows for the use of administrator functions, resulting in the leakage of sensitive user information.
|
|||||
| CVE-2024-51163 | 2025-03-18 | N/A | 7.5 HIGH | ||
|
A Local File Inclusion vulnerability in Vegam Solutions Vegam 4i versions 6.3.47.0 and earlier allows a remote attacker to obtain sensitive information through the print label function. Specifically, the filePathList parameter is susceptible to LFI, enabling a malicious user to include files from the web server, such as web.config or /etc/host, leading to the disclosure of sensitive information.
|
|||||
| CVE-2024-26312 | 1 Archerirm | 1 Archer | 2025-03-18 | N/A | 4.3 MEDIUM |
|
Archer Platform 6 before 2024.03 contains a sensitive information disclosure vulnerability. An authenticated attacker could potentially obtain access to sensitive information via a popup warning message.
|
|||||
| CVE-2022-32933 | 1 Apple | 1 Macos | 2025-03-18 | N/A | 5.3 MEDIUM |
|
An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed in macOS Monterey 12.5. A website may be able to track the websites a user visited in Safari private browsing mode.
|
|||||
| CVE-2024-31816 | 1 Totolink | 2 Ex200, Ex200 Firmware | 2025-03-18 | N/A | 7.5 HIGH |
|
In TOTOLINK EX200 V4.0.3c.7646_B20201211, an attacker can obtain sensitive information without authorization through the function getEasyWizardCfg.
|
|||||
| CVE-2025-29781 | 2025-03-18 | N/A | 6.5 MEDIUM | ||
|
The Bare Metal Operator (BMO) implements a Kubernetes API for managing bare metal hosts in Metal3. Baremetal Operator enables users to load Secret from arbitrary namespaces upon deployment of the namespace scoped Custom Resource `BMCEventSubscription`. Prior to versions 0.8.1 and 0.9.1, an adversary Kubernetes account with only namespace level roles (e.g. a tenant controlling a namespace) may create a `BMCEventSubscription` in his authorized namespace and then load Secrets from his unauthorized ...
Show More |
|||||
| CVE-2024-48125 | 2025-03-18 | N/A | 7.5 HIGH | ||
|
An issue in the AsDB service of HI-SCAN 6040i Hitrax HX-03-19-I allows attackers to enumerate user credentials via crafted GIOP protocol requests.
|
|||||
| CVE-2025-22960 | 2025-03-17 | N/A | 8.0 HIGH | ||
|
A session hijacking vulnerability exists in the web-based management interface of GatesAir Maxiva UAXT, VAXT transmitters. Unauthenticated attackers can access exposed log files (/logs/debug/xteLog*), potentially revealing sensitive session-related information such as session IDs (sess_id) and authentication success tokens (user_check_password OK). Exploiting this flaw could allow attackers to hijack active sessions, gain unauthorized access, and escalate privileges on affected devices.
|
|||||
| CVE-2023-42948 | 1 Apple | 1 Macos | 2025-03-17 | N/A | 3.3 LOW |
|
This issue was addressed through improved state management. This issue is fixed in macOS Sonoma 14. A Wi-Fi password may not be deleted when activating a Mac in macOS Recovery.
|
|||||
| CVE-2024-47197 | 1 Apache | 1 Maven Archetype | 2025-03-17 | N/A | 7.5 HIGH |
|
Exposure of Sensitive Information to an Unauthorized Actor, Insecure Storage of Sensitive Information vulnerability in Maven Archetype Plugin.
This issue affects Maven Archetype Plugin: from 3.2.1 before 3.3.0.
Users are recommended to upgrade to version 3.3.0, which fixes the issue.
Archetype integration testing creates a file
called ./target/classes/archetype-it/archetype-settings.xml
This file contains all the content from the users ~/.m2/settings.xml file,
which often contains information ...
Show More |
|||||
| CVE-2024-21685 | 1 Atlassian | 2 Jira Data Center, Jira Server | 2025-03-17 | N/A | 6.5 MEDIUM |
|
This High severity Information Disclosure vulnerability was introduced in versions 9.4.0, 9.12.0, and 9.15.0 of Jira Core Data Center.
This Information Disclosure vulnerability, with a CVSS Score of 7.4, allows an unauthenticated attacker to view sensitive information via an Information Disclosure vulnerability which has high impact to confidentiality, no impact to integrity, no impact to availability, and requires user interaction.
Atlassian recommends that Jira Core Data Center cus ...
Show More |
|||||
| CVE-2024-13622 | 1 Imaginate-solutions | 1 File Uploads Addon For Woocommerce | 2025-03-17 | N/A | 7.5 HIGH |
|
The File Uploads Addon for WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.7.1 via the 'uploads' directory. This makes it possible for unauthenticated attackers to extract sensitive data stored insecurely in the /wp-content/uploads directory which can contain file attachments uploaded by customers.
|
|||||
| CVE-2024-55272 | 2025-03-15 | N/A | 7.5 HIGH | ||
|
An issue in Brainasoft Braina v2.8 allows a remote attacker to obtain sensitive information via the chat window function.
|
|||||
| CVE-2023-48957 | 1 Purevpn | 1 Purevpn | 2025-03-14 | N/A | 5.3 MEDIUM |
|
PureVPN Linux client 2.0.2-Productions fails to properly handle DNS queries, allowing them to bypass the VPN tunnel and be sent directly to the ISP or default DNS servers.
|
|||||
| CVE-2024-39676 | 1 Apache | 1 Pinot | 2025-03-14 | N/A | 7.5 HIGH |
|
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Pinot.
This issue affects Apache Pinot: from 0.1 before 1.0.0.
Users are recommended to upgrade to version 1.0.0 and configure RBAC, which fixes the issue.
Details:
When using a request to path “/appconfigs” to the controller, it can lead to the disclosure of sensitive information such as system information (e.g. arch, os version), environment information (e.g. maxHeapSize) and Pinot configurations (e.g. zook ...
Show More |
|||||