Total
164 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-13953 | 2025-05-23 | N/A | 4.9 MEDIUM | ||
|
Sensitive device logger information in ASPECT may be exposed if administrator credentials become compromisedThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*.
|
|||||
| CVE-2022-2720 | 1 Octopus | 1 Octopus Server | 2025-05-16 | N/A | 5.3 MEDIUM |
|
In affected versions of Octopus Server it was identified that when a sensitive value is a substring of another value, sensitive value masking will only partially work.
|
|||||
| CVE-2025-3035 | 1 Mozilla | 1 Firefox | 2025-04-15 | N/A | 5.3 MEDIUM |
|
By first using the AI chatbot in one tab and later activating it in another tab, the document title of the previous tab would leak into the chat prompt. This vulnerability affects Firefox < 137.
|
|||||
| CVE-2024-53258 | 1 Autolabproject | 1 Autolab | 2025-04-07 | N/A | 5.3 MEDIUM |
|
Autolab is a course management service that enables auto-graded programming assignments. From Autolab versions v.3.0.0 onward students can download all assignments from another student, as long as they are logged in, using the download_all_submissions feature. This can allow for leakage of submissions to unauthorized users, such as downloading submissions from other students in the class, or even instructor test submissions, given they know their user IDs. This issue has been patched in commit ` ...
Show More |
|||||
| CVE-2024-4767 | 2 Debian, Mozilla | 3 Debian Linux, Firefox, Thunderbird | 2025-04-01 | N/A | 4.3 MEDIUM |
|
If the `browser.privatebrowsing.autostart` preference is enabled, IndexedDB files were not properly deleted when the window was closed. This preference is disabled by default in Firefox. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.
|
|||||
| CVE-2024-13217 | 1 Jegtheme | 1 Jeg Elementor Kit | 2025-03-25 | N/A | 4.3 MEDIUM |
|
The Jeg Elementor Kit plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.11 via the 'expired_data' and 'build_content' functions. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, scheduled, and draft template data.
|
|||||
| CVE-2025-26816 | 2025-03-25 | N/A | 6.5 MEDIUM | ||
|
A vulnerability in Intrexx Portal Server 12.0.2 and earlier which was classified as problematic potentially allows users with particular permissions under certain conditions to see potentially sensitive data from a different user context.
|
|||||
| CVE-2025-20615 | 1 Qardio | 1 Qardio | 2025-03-24 | N/A | 6.2 MEDIUM |
|
The Qardio Arm iOS application exposes sensitive data such as usernames
and passwords in a plist file. This allows an attacker to log in to
production-level development accounts and access an engineering backdoor
in the application. The engineering backdoor allows the attacker to
send hex-based commands over a UI-based terminal.
|
|||||
| CVE-2024-41780 | 3 Ibm, Linux, Microsoft | 3 Jazz Foundation, Linux Kernel, Windows | 2025-03-21 | N/A | 4.2 MEDIUM |
|
IBM Jazz Foundation 7.0.2, 7.0.3, and 7.1.0 could
could allow a physical user to obtain sensitive information due to not masking passwords during entry.
|
|||||
| CVE-2025-27080 | 2025-03-18 | N/A | 6.0 MEDIUM | ||
|
Vulnerabilities in the command line interface of AOS-CX could allow an authenticated remote attacker to expose sensitive information. Successful exploitation could allow an attacker to gain unauthorized access to services outside of the impacted switch, potentially leading to lateral movement involving those services.
|
|||||
| CVE-2025-25042 | 2025-03-18 | N/A | 4.3 MEDIUM | ||
|
A vulnerability in the AOS-CX REST interface could allow an authenticated remote attacker with low privileges to view sensitive information. Successful exploitation could allow an attacker to read encrypted credentials of other users on the switch, potentially leading to further unauthorized access or data breaches.
|
|||||
| CVE-2025-20060 | 2025-02-28 | N/A | 7.5 HIGH | ||
|
An attacker could expose cross-user personal identifiable information (PII) and personal health information transmitted to the Android device via the Dario Health application database.
|
|||||
| CVE-2024-12041 | 1 Wpwax | 1 Directorist | 2025-02-24 | N/A | 5.3 MEDIUM |
|
The Directorist: AI-Powered WordPress Business Directory Plugin with Classified Ads Listings plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 8.0.12 via the /wp-json/directorist/v1/users/ endpoint. This makes it possible for unauthenticated attackers to extract sensitive data including including usernames, email addresses, names, and more information about users.
|
|||||
| CVE-2024-46979 | 1 Xwiki | 1 Xwiki | 2025-02-07 | N/A | 5.3 MEDIUM |
|
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to get access to notification filters of any user by using a URL such as `<hostname>xwiki/bin/get/XWiki/Notifications/Code/NotificationFilterPreferenceLivetableResults?outputSyntax=plain&type=custom&user=<username>`. This vulnerability impacts all versions of XWiki since 13.2-rc-1. The filters do not provide much information (they mainly contain references which are public data ...
Show More |
|||||
| CVE-2023-48680 | 3 Acronis, Apple, Microsoft | 3 Cyber Protect, Macos, Windows | 2025-02-06 | N/A | 5.5 MEDIUM |
|
Sensitive information disclosure due to excessive collection of system information. The following products are affected: Acronis Cyber Protect 16 (macOS, Windows) before build 37391.
|
|||||
| CVE-2024-11712 | 1 Wpjobportal | 1 Wp Job Portal | 2025-02-05 | N/A | 5.3 MEDIUM |
|
The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the getResumeFileDownloadById() function in all versions up to, and including, 2.2.2. This makes it possible for unauthenticated attackers to download other users resumes.
|
|||||
| CVE-2025-0683 | 2025-01-31 | N/A | 5.9 MEDIUM | ||
|
In its default configuration, Contec Health CMS8000 Patient Monitor transmits plain-text
patient data to a hard-coded public IP address when a patient is hooked
up to the monitor. This could lead to a leakage of confidential patient
data to any device with that IP address or an attacker in a
machine-in-the-middle scenario.
|
|||||
| CVE-2024-13216 | 2025-01-31 | N/A | 4.3 MEDIUM | ||
|
The HT Event – WordPress Event Manager Plugin for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.7 via the 'render' function in /includes/widgets/htevent_sponsor.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, scheduled, and draft template data.
|
|||||
| CVE-2025-24355 | 2025-01-24 | N/A | 7.1 HIGH | ||
|
Updatecli is a tool used to apply file update strategies. Prior to version 0.93.0, private maven repository credentials may be leaked in application logs in case of unsuccessful retrieval operation. During the execution of an updatecli pipeline which contains a `maven` source configured with basic auth credentials, the credentials are being leaked in the application execution logs in case of failure. Credentials are properly sanitized when the operation is successful but not when for whatever re ...
Show More |
|||||
| CVE-2024-13215 | 1 Webtechstreet | 1 Elementor Addon Elements | 2025-01-23 | N/A | 4.3 MEDIUM |
|
The Elementor Addon Elements plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.13.10 via the 'render' function in modules/modal-popup/widgets/modal-popup.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, scheduled, and draft template data.
|
|||||
| CVE-2023-44255 | 1 Fortinet | 3 Fortianalyzer, Fortianalyzer Big Data, Fortimanager | 2025-01-21 | N/A | 4.1 MEDIUM |
|
An exposure of sensitive information to an unauthorized actor [CWE-200] in Fortinet FortiManager before 7.4.2, FortiAnalyzer before 7.4.2 and FortiAnalyzer-BigData before 7.2.5 may allow a privileged attacker with administrative read permissions to read event logs of another adom via crafted HTTP or HTTPs requests.
|
|||||
| CVE-2024-29987 | 1 Microsoft | 1 Edge Chromium | 2025-01-17 | N/A | 6.5 MEDIUM |
|
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability
|
|||||
| CVE-2024-29986 | 2 Google, Microsoft | 2 Android, Edge Chromium | 2025-01-17 | N/A | 5.4 MEDIUM |
|
Microsoft Edge for Android (Chromium-based) Information Disclosure Vulnerability
|
|||||
| CVE-2024-30056 | 1 Microsoft | 1 Edge Chromium | 2025-01-08 | N/A | 7.1 HIGH |
|
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability
|
|||||
| CVE-2024-49025 | 1 Microsoft | 1 Edge Chromium | 2025-01-07 | N/A | 5.4 MEDIUM |
|
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability
|
|||||
| CVE-2024-42494 | 1 Ruijienetworks | 1 Reyee Os | 2024-12-10 | N/A | 6.5 MEDIUM |
|
Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x contains a a feature that could enable sub accounts or attackers to view and exfiltrate sensitive information from all cloud accounts registered to Ruijie's services
|
|||||
| CVE-2024-26192 | 1 Microsoft | 1 Edge Chromium | 2024-11-29 | N/A | 8.2 HIGH |
|
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability
|
|||||
| CVE-2024-38103 | 1 Microsoft | 1 Edge | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability
|
|||||
| CVE-2024-37533 | 1 Ibm | 1 Infosphere Information Server | 2024-11-21 | N/A | 2.4 LOW |
|
IBM InfoSphere Information Server 11.7 could disclose sensitive user information to another user with physical access to the machine. IBM X-Force ID: 294727.
|
|||||
| CVE-2024-36682 | 2024-11-21 | N/A | 7.5 HIGH | ||
|
In the module "Theme settings" (pk_themesettings) <= 1.8.8 from Promokit.eu for PrestaShop, a guest can download all email collected while SHOP is in maintenance mode. Due to a lack of permissions control, a guest can access the txt file which collect email when maintenance is enable which can lead to leak of personal information.
|
|||||
| CVE-2024-36677 | 2024-11-21 | N/A | 7.5 HIGH | ||
|
In the module "Login as customer PRO" (loginascustomerpro) <1.2.7 from Weblir for PrestaShop, a guest can access direct link to connect to each customer account of the Shop if the module is not installed OR if a secret accessible to administrator is stolen.
|
|||||
| CVE-2024-33271 | 2024-11-21 | N/A | 7.5 HIGH | ||
|
An issue in FME Modules eventsmanager before 4.4.0 allows an attacker to obtain sensitive information from the ps_customer component.
|
|||||
| CVE-2024-30321 | 2024-11-21 | N/A | 5.9 MEDIUM | ||
|
A vulnerability has been identified in SIMATIC PCS 7 V9.1 (All versions < V9.1 SP2 UC05), SIMATIC WinCC Runtime Professional V18 (All versions < V18 Update 5), SIMATIC WinCC Runtime Professional V19 (All versions < V19 Update 2), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Update 23), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 17), SIMATIC WinCC V8.0 (All versions < V8.0 Update 5). The affected products do not properly handle certain requests to their web application, which may lead to t ...
Show More |
|||||
| CVE-2023-5983 | 1 Botanikyazilim | 1 Pharmacy Automation | 2024-11-21 | N/A | 7.5 HIGH |
|
Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Botanik Software Pharmacy Automation allows Retrieve Embedded Sensitive Data.This issue affects Pharmacy Automation: before 2.1.133.0.
|
|||||
| CVE-2023-50719 | 1 Xwiki | 1 Xwiki | 2024-11-21 | N/A | 7.5 HIGH |
|
XWiki Platform is a generic wiki platform. Starting in 7.2-milestone-2 and prior to versions 14.10.15, 15.5.2, and 15.7-rc-1, the Solr-based search in XWiki discloses the password hashes of all users to anyone with view right on the respective user profiles. By default, all user profiles are public. This vulnerability also affects any configurations used by extensions that contain passwords like API keys that are viewable for the attacker. Normally, such passwords aren't accessible but this vuln ...
Show More |
|||||
| CVE-2023-50053 | 2024-11-21 | N/A | 7.6 HIGH | ||
|
An issue in Foundation.app Foundation platform 1.0 allows a remote attacker to obtain sensitive information via the Web3 authentication process of Foundation, the signed message lacks a nonce (random number)
|
|||||
| CVE-2023-44213 | 2 Acronis, Microsoft | 2 Agent, Windows | 2024-11-21 | N/A | 5.5 MEDIUM |
|
Sensitive information disclosure due to excessive collection of system information. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 35739, Acronis Cyber Protect 16 (Windows) before build 37391.
|
|||||
| CVE-2023-44156 | 3 Acronis, Linux, Microsoft | 3 Cyber Protect, Linux Kernel, Windows | 2024-11-21 | N/A | 7.5 HIGH |
|
Sensitive information disclosure due to spell-jacking. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 35979.
|
|||||
| CVE-2023-36018 | 1 Microsoft | 1 Jupyter | 2024-11-21 | N/A | 7.8 HIGH |
|
Visual Studio Code Jupyter Extension Spoofing Vulnerability
|
|||||
| CVE-2023-35151 | 1 Xwiki | 1 Xwiki | 2024-11-21 | N/A | 7.5 HIGH |
|
XWiki Platform is a generic wiki platform. Starting in version 7.3-milestone-1 and prior to versions 14.4.8, 14.10.6, and 15.1, ny user can call a REST endpoint and obtain the obfuscated passwords, even when the mail obfuscation is activated. The issue has been patched in XWiki 14.4.8, 14.10.6, and 15.1. There is no known workaround.
|
|||||