Total
9615 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-45449 | 3 Acronis, Linux, Microsoft | 3 Cyber Protect, Linux Kernel, Windows | 2025-03-07 | N/A | 6.5 MEDIUM |
|
Sensitive information disclosure due to excessive privileges assigned to Acronis Agent. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 30984.
|
|||||
| CVE-2023-33979 | 1 Binary-husky | 1 Gpt Academic | 2025-03-07 | N/A | 6.5 MEDIUM |
|
gpt_academic provides a graphical interface for ChatGPT/GLM. A vulnerability was found in gpt_academic 3.37 and prior. This issue affects some unknown processing of the component Configuration File Handler. The manipulation of the argument file leads to information disclosure. Since no sensitive files are configured to be off-limits, sensitive information files in some working directories can be read through the `/file` route, leading to sensitive information leakage. This affects users that use ...
Show More |
|||||
| CVE-2022-31177 | 1 Dpgaspar | 1 Flask-appbuilder | 2025-03-07 | N/A | 2.7 LOW |
|
Flask-AppBuilder is an application development framework built on top of Flask python framework. In versions prior to 4.1.3 an authenticated Admin user could query other users by their salted and hashed passwords strings. These filters could be made by using partial hashed password strings. The response would not include the hashed passwords, but an attacker could infer partial password hashes and their respective users. This issue has been fixed in version 4.1.3. Users are advised to upgrade. T ...
Show More |
|||||
| CVE-2025-1714 | 2025-03-07 | N/A | N/A | ||
|
Lack of Rate Limiting in Sign-up workflow in Perforce Gliffy prior to version 4.14.0-7 on Gliffy online allows attacker to enumerate valid user emails and potentially DOS the server
|
|||||
| CVE-2024-12584 | 1 Wpxpro | 1 Xpro Addons For Elementor | 2025-03-06 | N/A | 4.3 MEDIUM |
|
The 140+ Widgets | Xpro Addons For Elementor – FREE plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.6.2 via the 'duplicate' function. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract potentially sensitive data from draft, scheduled (future), private, and password protected posts.
|
|||||
| CVE-2024-13796 | 1 Pickplugins | 1 Post Grid | 2025-03-06 | N/A | 5.3 MEDIUM |
|
The Post Grid and Gutenberg Blocks – ComboBlocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.3.6 via the /wp-json/post-grid/v2/get_users REST API This makes it possible for unauthenticated attackers to extract sensitive data including including emails and other user data.
|
|||||
| CVE-2024-53244 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2025-03-06 | N/A | 5.7 MEDIUM |
|
In Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7 and Splunk Cloud Platform versions below 9.2.2406.107, 9.2.2403.109, and 9.1.2312.206, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles could run a saved search with a risky command using the permissions of a higher-privileged user to bypass the SPL safeguards for risky commands on “/en-US/app/search/report“ endpoint through “s“ parameter.<br>The vulnerability requires the attacker to phish the victim by tric ...
Show More |
|||||
| CVE-2024-53245 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2025-03-06 | N/A | 3.1 LOW |
|
In Splunk Enterprise versions below 9.3.0, 9.2.4, and 9.1.7 and Splunk Cloud Platform versions below 9.1.2312.206, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles, that has a username with the same name as a role with read access to dashboards, could see the dashboard name and the dashboard XML by cloning the dashboard.
|
|||||
| CVE-2024-39313 | 1 Toy-blog Project | 1 Toy-blog | 2025-03-06 | N/A | 6.5 MEDIUM |
|
toy-blog is a headless content management system implementation. Starting in version 0.5.4 and prior to version 0.6.1, articles with private visibility can be read if the reader does not set credentials for the request. Users should upgrade to 0.6.1 or later to receive a patch. No known workarounds are available.
|
|||||
| CVE-2024-13638 | 1 Directsoftware | 1 Order Attachments For Woocommerce | 2025-03-06 | N/A | 5.9 MEDIUM |
|
The Order Attachments for WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.5.1 via the 'uploads' directory. This makes it possible for unauthenticated attackers to extract sensitive data stored insecurely in the /wp-content/uploads directory which can contain file attachments added to orders.
|
|||||
| CVE-2024-36118 | 1 Metersphere | 1 Metersphere | 2025-03-06 | N/A | 3.5 LOW |
|
MeterSphere is a test management and interface testing tool. In affected versions users without workspace permissions can view functional test cases of other workspaces beyond their authority. This issue has been addressed in version 2.10.15-lts. Users of MeterSphere are advised to upgrade. There are no known workarounds for this vulnerability.
|
|||||
| CVE-2023-22847 | 1 Sraoss | 1 Pg Ivm | 2025-03-06 | N/A | 4.3 MEDIUM |
|
Information disclosure vulnerability exists in pg_ivm versions prior to 1.5.1. An Incrementally Maintainable Materialized View (IMMV) created by pg_ivm may reflect rows with Row-Level Security that the owner of the IMMV should not have access to. As a result, information in tables protected by Row-Level Security may be retrieved by a user who is not authorized to access it.
|
|||||
| CVE-2024-10356 | 1 Quomodosoft | 1 Elementsready | 2025-03-06 | N/A | 4.3 MEDIUM |
|
The ElementsReady Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.4.8 in inc/Widgets/accordion/output/content.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft template data.
|
|||||
| CVE-2023-38547 | 1 Veeam | 1 One | 2025-03-06 | N/A | 9.8 CRITICAL |
|
A vulnerability in Veeam ONE allows an unauthenticated user to gain information about the SQL server connection Veeam ONE uses to access its configuration database. This may lead to remote code execution on the SQL server hosting the Veeam ONE configuration database.
|
|||||
| CVE-2023-32561 | 1 Ivanti | 1 Avalanche | 2025-03-06 | N/A | 7.5 HIGH |
|
A previously generated artifact by an administrator could be accessed by an attacker. The contents of this artifact could lead to authentication bypass. Fixed in version 6.4.1.
|
|||||
| CVE-2023-1203 | 1 Devolutions | 1 Remote Desktop Manager | 2025-03-06 | N/A | 6.5 MEDIUM |
|
Improper removal of sensitive data in the entry edit feature of Hub Business submodule in Devolutions Remote Desktop Manager PowerShell Module 2022.3.1.5 and earlier allows an authenticated user to access sensitive data on entries that were edited using the affected submodule.
|
|||||
| CVE-2023-49981 | 1 Oretnom23 | 1 School Fees Management System | 2025-03-05 | N/A | 7.5 HIGH |
|
A directory listing vulnerability in School Fees Management System v1.0 allows attackers to list directories and sensitive files within the application without requiring authorization.
|
|||||
| CVE-2025-24408 | 1 Adobe | 3 Commerce, Commerce B2b, Magento | 2025-03-05 | N/A | 6.5 MEDIUM |
|
Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Information Exposure vulnerability that could result in privilege escalation. A low-privileged attacker could gain unauthorized access to sensitive information. Exploitation of this issue does not require user interaction.
|
|||||
| CVE-2023-23327 | 1 Avantfax | 1 Avantfax | 2025-03-05 | N/A | 4.9 MEDIUM |
|
An Information Disclosure vulnerability exists in AvantFAX 3.3.7. Backups of the AvantFAX sent/received faxes, and database backups are stored using the current date as the filename and hosted on the web server without access controls.
|
|||||
| CVE-2024-58049 | 1 Huawei | 1 Harmonyos | 2025-03-05 | N/A | 5.0 MEDIUM |
|
Permission verification vulnerability in the media library module
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
|
|||||
| CVE-2024-58047 | 1 Huawei | 1 Harmonyos | 2025-03-05 | N/A | 5.0 MEDIUM |
|
Permission verification vulnerability in the media library module
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
|
|||||
| CVE-2024-11153 | 2025-03-05 | N/A | 5.3 MEDIUM | ||
|
The Content Control – The Ultimate Content Restriction Plugin! Restrict Content, Create Conditional Blocks & More plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.5.0 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as logged-in users.
|
|||||
| CVE-2024-56902 | 2025-03-04 | N/A | 7.5 HIGH | ||
|
Information disclosure vulnerability in Geovision GV-ASManager web application with the version v6.1.0.0 or less, which discloses account information, including cleartext password.
|
|||||
| CVE-2019-1815 | 2025-03-04 | N/A | 5.3 MEDIUM | ||
|
A security vulnerability was discovered in the local status page functionality of Cisco Meraki’s MX67 and MX68 security appliance models that may allow unauthenticated individuals to access and download logs containing sensitive, privileged device information. The vulnerability is due to improper access control to the files holding debugging and maintenance information, and is only exploitable when the local status page is enabled on the device. An attacker exploiting this vulnerability may obta ...
Show More |
|||||
| CVE-2025-21626 | 1 Glpi-project | 1 Glpi | 2025-03-04 | N/A | 5.8 MEDIUM |
|
GLPI is a free asset and IT management software package. Starting in version 0.71 and prior to version 10.0.18, an anonymous user can fetch sensitive information from the `status.php` endpoint. Version 10.0.18 contains a fix for the issue. Some workarounds are available. One may delete the `status.php` file, restrict its access, or remove any sensitive values from the `name` field of the active LDAP directories, mail servers authentication providers and mail receivers.
|
|||||
| CVE-2025-1868 | 2025-03-03 | N/A | 6.8 MEDIUM | ||
|
Vulnerability of unauthorized exposure of confidential information affecting Advanced IP Scanner and Advanced Port Scanner. It occurs when these applications initiate a network scan, inadvertently sending the NTLM hash of the user performing the scan. This vulnerability can be exploited by intercepting network traffic to a legitimate server or by setting up a fake server, in both local and remote scenarios. This exposure is relevant for both HTTP/HTTPS and SMB protocols.
|
|||||
| CVE-2024-13546 | 2025-03-01 | N/A | 4.3 MEDIUM | ||
|
The GenerateBlocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.9.1 via the 'get_image_description' function. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data including the content of private, draft, and scheduled posts and pages.
|
|||||
| CVE-2024-13911 | 2025-03-01 | N/A | 7.2 HIGH | ||
|
The Database Backup and check Tables Automated With Scheduler 2024 plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.35 via the /dashboard/backup.php file. This makes it possible for authenticated attackers, with Administrator-level access and above, to extract sensitive data including full database credentials.
|
|||||
| CVE-2024-6567 | 1 Shopfiles | 1 Ebook Store | 2025-03-01 | N/A | 5.3 MEDIUM |
|
The Ebook Store plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 5.8001. This is due to the plugin utilizing fpdi-protection and not preventing direct access to test files that have display_errors set to true. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be presen ...
Show More |
|||||
| CVE-2024-7412 | 1 Coffee2code | 1 No Update Nag | 2025-03-01 | N/A | 5.3 MEDIUM |
|
The No Update Nag plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.4.12. This is due to the plugin allowing direct access to the bootstrap.php file which has display_errors on. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected web ...
Show More |
|||||
| CVE-2024-5354 | 1 Anji-plus | 1 Aj-report | 2025-03-01 | 4.0 MEDIUM | 4.3 MEDIUM |
|
A vulnerability classified as problematic was found in anji-plus AJ-Report up to 1.4.1. This vulnerability affects unknown code of the file /reportShare/detailByCode. The manipulation of the argument shareToken leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-266266 is the identifier assigned to this vulnerability.
|
|||||
| CVE-2023-24923 | 1 Microsoft | 1 Onedrive | 2025-02-28 | N/A | 5.5 MEDIUM |
|
Microsoft OneDrive for Android Information Disclosure Vulnerability
|
|||||
| CVE-2023-24882 | 1 Microsoft | 1 Onedrive | 2025-02-28 | N/A | 5.5 MEDIUM |
|
Microsoft OneDrive for Android Information Disclosure Vulnerability
|
|||||
| CVE-2023-38158 | 1 Microsoft | 1 Edge Chromium | 2025-02-28 | N/A | 3.1 LOW |
|
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability
|
|||||
| CVE-2023-36894 | 1 Microsoft | 1 Sharepoint Server | 2025-02-28 | N/A | 6.5 MEDIUM |
|
Microsoft SharePoint Server Information Disclosure Vulnerability
|
|||||
| CVE-2022-30184 | 3 Apple, Fedoraproject, Microsoft | 7 Macos, Fedora, .net and 4 more | 2025-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
|
.NET and Visual Studio Information Disclosure Vulnerability
|
|||||
| CVE-2021-31173 | 1 Microsoft | 2 Sharepoint Foundation, Sharepoint Server | 2025-02-28 | 4.0 MEDIUM | 5.3 MEDIUM |
|
Microsoft SharePoint Server Information Disclosure Vulnerability
|
|||||
| CVE-2025-1606 | 1 Mayurik | 1 Best Employee Management System | 2025-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
|
A vulnerability classified as problematic was found in SourceCodester Best Employee Management System 1.0. This vulnerability affects unknown code of the file /admin/backup/backups.php. The manipulation leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
|
|||||
| CVE-2021-34125 | 2 Dronecode, Yuneec | 3 Px4 Drone Autopilot, Mantis Q, Mantis Q Firmware | 2025-02-28 | N/A | 7.5 HIGH |
|
An issue discovered in Yuneec Mantis Q and PX4-Autopilot v 1.11.3 and below allow attacker to gain access to sensitive information via various nuttx commands.
|
|||||
| CVE-2025-25729 | 2025-02-28 | N/A | 7.5 HIGH | ||
|
An information disclosure vulnerability in Bosscomm IF740 Firmware versions:11001.7078 & v11001.0000 and System versions: 6.25 & 6.00 allows attackers to obtain hardcoded cleartext credentials via the update or boot process.
|
|||||