Total
288 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-46747 | 2025-05-12 | N/A | 5.7 MEDIUM | ||
|
An authenticated user without user-management permissions could identify other user accounts.
|
|||||
| CVE-2025-3606 | 2025-04-29 | N/A | 7.5 HIGH | ||
|
Vestel AC Charger
version
3.75.0 contains a vulnerability that
could enable an attacker to access files containing sensitive
information, such as credentials which could be used to further
compromise the device.
|
|||||
| CVE-2025-30686 | 1 Oracle | 1 Hospitality Simphony | 2025-04-21 | N/A | 7.6 HIGH |
|
Vulnerability in the Oracle Hospitality Simphony product of Oracle Food and Beverage Applications (component: EMC). Supported versions that are affected are 19.1-19.7. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Simphony. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Simphony accessible data as well as unauthorized update ...
Show More |
|||||
| CVE-2025-32792 | 2025-04-21 | N/A | N/A | ||
|
SES safely executes third-party JavaScript 'strict' mode programs in compartments that have no excess authority in their global scope. Prior to version 1.12.0, web pages and web extensions using `ses` and the Compartment API to evaluate third-party code in an isolated execution environment that have also elsewhere used `const`, `let`, and `class` bindings in the top-level scope of a `<script>` tag will have inadvertently revealed these bindings in the lexical scope of third-party code. This issu ...
Show More |
|||||
| CVE-2025-39439 | 2025-04-17 | N/A | 5.3 MEDIUM | ||
|
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Markus Drubba wpLike2Get allows Retrieve Embedded Sensitive Data. This issue affects wpLike2Get: from n/a through 1.2.9.
|
|||||
| CVE-2025-39556 | 2025-04-16 | N/A | 5.3 MEDIUM | ||
|
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in mediavine Mediavine Control Panel allows Retrieve Embedded Sensitive Data. This issue affects Mediavine Control Panel: from n/a through 2.10.6.
|
|||||
| CVE-2025-26730 | 2025-04-16 | N/A | 7.5 HIGH | ||
|
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in NotFound Macro Calculator with Admin Email Optin & Data. This issue affects Macro Calculator with Admin Email Optin & Data: from n/a through 1.0.
|
|||||
| CVE-2025-32228 | 2025-04-11 | N/A | 4.3 MEDIUM | ||
|
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WP Messiah Ai Image Alt Text Generator for WP. This issue affects Ai Image Alt Text Generator for WP: from n/a through 1.0.8.
|
|||||
| CVE-2025-31003 | 2025-04-09 | N/A | 2.7 LOW | ||
|
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Bogdan Bendziukov Squeeze allows Retrieve Embedded Sensitive Data. This issue affects Squeeze: from n/a through 1.6.
|
|||||
| CVE-2025-27934 | 2025-04-09 | N/A | 7.5 HIGH | ||
|
Information disclosure of authentication information in the specific service vulnerability exists in Wi-Fi AP UNIT 'AC-WPS-11ac series'. If exploited, a remote unauthenticated attacker may obtain the product authentication information.
|
|||||
| CVE-2025-32026 | 2025-04-08 | N/A | 3.8 LOW | ||
|
Element Web is a Matrix web client built using the Matrix React SDK. Element Web, starting from version 1.11.16 up to version 1.11.96, can be configured to load Element Call from an external URL. Under certain conditions, the external page is able to get access to the media encryption keys used for an Element Call call. Version 1.11.97 fixes the problem.
|
|||||
| CVE-2025-32164 | 2025-04-08 | N/A | 6.5 MEDIUM | ||
|
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in maennchen1.de m1.DownloadList. This issue affects m1.DownloadList: from n/a through 0.21.
|
|||||
| CVE-2025-32251 | 2025-04-07 | N/A | 5.3 MEDIUM | ||
|
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in J. Tyler Wiest Jetpack Feedback Exporter allows Retrieve Embedded Sensitive Data. This issue affects Jetpack Feedback Exporter: from n/a through 1.23.
|
|||||
| CVE-2025-32255 | 2025-04-07 | N/A | 5.3 MEDIUM | ||
|
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in ERA404 StaffList allows Retrieve Embedded Sensitive Data. This issue affects StaffList: from n/a through 3.2.6.
|
|||||
| CVE-2025-30802 | 2025-04-01 | N/A | 4.3 MEDIUM | ||
|
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPBean Our Team Members. This issue affects Our Team Members: from n/a through 2.2.
|
|||||
| CVE-2025-31832 | 2025-04-01 | N/A | 5.3 MEDIUM | ||
|
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Beee ACF City Selector allows Retrieve Embedded Sensitive Data. This issue affects ACF City Selector: from n/a through 1.16.0.
|
|||||
| CVE-2024-36070 | 2025-03-27 | N/A | 7.5 HIGH | ||
|
tine before 2023.11.8, when an LDAP backend is used, allows anonymous remote attackers to obtain sensitive authentication information via setup.php because of getRegistryData in Setup/Frontend/Json.php. (An update is also available for the 2022.11 series.)
|
|||||
| CVE-2024-8313 | 2025-03-27 | N/A | N/A | ||
|
An Exposure of Sensitive System Information to an Unauthorized Control Sphere and Initialization of a Resource with an Insecure Default vulnerability in the SNMP component of B&R APROL <4.4-00P5 may allow an unauthenticated adjacent-based attacker to read and alter configuration using SNMP.
|
|||||
| CVE-2024-0053 | 1 Google | 1 Android | 2025-03-27 | N/A | 3.3 LOW |
|
In getCustomPrinterIcon of PrintManagerService.java, there is a possible way to view other user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
|
|||||
| CVE-2024-10940 | 2025-03-20 | N/A | 5.3 MEDIUM | ||
|
A vulnerability in langchain-core versions >=0.1.17,<0.1.53, >=0.2.0,<0.2.43, and >=0.3.0,<0.3.15 allows unauthorized users to read arbitrary files from the host file system. The issue arises from the ability to create langchain_core.prompts.ImagePromptTemplate's (and by extension langchain_core.prompts.ChatPromptTemplate's) with input variables that can read any user-specified path from the server file system. If the outputs of these prompt templates are exposed to the user, either directly or ...
Show More |
|||||
| CVE-2024-40706 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2025-03-11 | N/A | 5.3 MEDIUM |
|
IBM InfoSphere Information Server 11.7 could allow a remote user to obtain sensitive version information that could aid in further attacks against the system.
|
|||||
| CVE-2023-23472 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2025-03-11 | N/A | 3.1 LOW |
|
IBM InfoSphere DataStage Flow Designer (InfoSphere Information Server 11.7) could allow an authenticated user to obtain sensitive information that could aid in further attacks against the system.
|
|||||
| CVE-2024-11035 | 2025-03-05 | N/A | 2.5 LOW | ||
|
Carbon Black Cloud Windows Sensor, prior to 4.0.3, may be susceptible to an Information Leak vulnerability, which s a type of issue whereby sensitive information may b exposed due to a vulnerability in software.
|
|||||
| CVE-2025-26911 | 2025-02-25 | N/A | 4.3 MEDIUM | ||
|
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Bowo System Dashboard allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects System Dashboard: from n/a through 2.8.18.
|
|||||
| CVE-2025-26758 | 2025-02-17 | N/A | 5.3 MEDIUM | ||
|
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in RebelCode Spotlight Social Media Feeds allows Retrieve Embedded Sensitive Data. This issue affects Spotlight Social Media Feeds: from n/a through 1.7.1.
|
|||||
| CVE-2024-36554 | 2025-02-10 | N/A | 9.8 CRITICAL | ||
|
Forever KidsWatch Call Me KW-50 R36_YDR_A3PW_GM7S_V1.0_2019_07_15_16.19.24_cob_h and Forever KidsWatch Call Me KW-60 R36CW_YDE_S4_A29_2_V1.0_2023.05.24_22.49.44_cob_b allow a malicious user to gain information about the device by sending an SMS to the device which returns sensitive information.
|
|||||
| CVE-2024-53683 | 2025-01-17 | N/A | 4.4 MEDIUM | ||
|
A valid set of credentials in a .js file and a static token for
communication were obtained from the decompiled IPA. An attacker could
use the information to disrupt normal use of the application by changing
the translation files and thus weaken the integrity of normal use.
|
|||||
| CVE-2024-11029 | 2025-01-15 | N/A | 5.5 MEDIUM | ||
|
A flaw was found in the FreeIPA API audit, where it sends the whole FreeIPA command line to journalctl. As a consequence, during the FreeIPA installation process, it inadvertently leaks the administrative user credentials, including the administrator password, to the journal database. In the worst-case scenario, where the journal log is centralized, users with access to it can have improper access to the FreeIPA administrator credentials.
|
|||||
| CVE-2025-0059 | 2025-01-14 | N/A | 6.0 MEDIUM | ||
|
Applications based on SAP GUI for HTML in SAP NetWeaver Application Server ABAP store user input in the local browser storage to improve usability. An attacker with administrative privileges or access to the victim�s user directory on the Operating System level would be able to read this data. Depending on the user input provided in transactions, the disclosed data could range from non-critical data to highly sensitive data, causing high impact on confidentiality of the application.
|
|||||
| CVE-2025-0056 | 2025-01-14 | N/A | 6.0 MEDIUM | ||
|
SAP GUI for Java saves user input on the client PC to improve usability. An attacker with administrative privileges or access to the victim�s user directory on the Operating System level would be able to read this data. Depending on the user input provided in transactions, the disclosed data could range from non-critical data to highly sensitive data, causing high impact on confidentiality of the application.
|
|||||
| CVE-2025-0055 | 2025-01-14 | N/A | 6.0 MEDIUM | ||
|
SAP GUI for Windows stores user input on the client PC to improve usability. Under very specific circumstances an attacker with administrative privileges or access to the victim�s user directory on the Operating System level would be able to read this data. Depending on the user input provided in transactions, the disclosed data could range from non-critical data to highly sensitive data, causing high impact on confidentiality of the application.
|
|||||
| CVE-2024-12993 | 2024-12-30 | N/A | N/A | ||
|
Infinix devices contain a pre-loaded "com.rlk.weathers" application, that exposes an unsecured content provider. An attacker can communicate with the provider and reveal the user’s location without any privileges.
After multiple attempts to contact the vendor we did not receive any answer. We suppose this issue affects all Infinix Mobile devices.
|
|||||
| CVE-2024-52321 | 2024-12-23 | N/A | 5.9 MEDIUM | ||
|
Multiple SHARP routers contain an improper authentication vulnerability in the configuration backup function. The product's backup files containing sensitive information may be retrieved by a remote unauthenticated attacker.
|
|||||
| CVE-2024-25634 | 1 Alf | 1 Alf | 2024-12-18 | N/A | 7.2 HIGH |
|
alf.io is an open source ticket reservation system. Prior to version 2.0-Mr-2402, an attacker can access data from other organizers. The attacker can use a specially crafted request to receive the e-mail log sent by other events. Version 2.0-M4-2402 fixes this issue.
|
|||||
| CVE-2024-54279 | 2024-12-16 | N/A | 7.5 HIGH | ||
|
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPNERD WP-NERD Toolkit.This issue affects WP-NERD Toolkit: from n/a through 1.1.
|
|||||
| CVE-2024-10240 | 1 Gitlab | 1 Gitlab | 2024-12-13 | N/A | 5.3 MEDIUM |
|
An issue has been discovered in GitLab EE affecting all versions starting from 17.3 before 17.3.7, all versions starting from 17.4 before 17.4.4, all versions starting from 17.5 before 17.5.2 in which an unauthenticated user may be able to read some information about an MR in a private project, under certain circumstances.
|
|||||
| CVE-2024-25035 | 1 Ibm | 1 Cognos Controller | 2024-12-11 | N/A | 5.3 MEDIUM |
|
IBM Cognos Controller 11.0.0 and 11.0.1
exposes server details that could allow an attacker to obtain information of the application environment to conduct further attacks.
|
|||||
| CVE-2024-53867 | 2024-12-03 | N/A | 4.3 MEDIUM | ||
|
Synapse is an open-source Matrix homeserver. The Sliding Sync feature on Synapse versions between 1.113.0rc1 and 1.120.0 can leak partial room state changes to users no longer in a room. Non-state events, like messages, are unaffected. This vulnerability is fixed in 1.120.1.
|
|||||
| CVE-2024-53768 | 2024-11-30 | N/A | 5.3 MEDIUM | ||
|
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in IDE Interactive Content Audit Exporter allows Retrieve Embedded Sensitive Data.This issue affects Content Audit Exporter: from n/a through 1.1.
|
|||||
| CVE-2024-22037 | 2024-11-28 | N/A | 5.5 MEDIUM | ||
|
The uyuni-server-attestation systemd service needs a database_password environment variable. This file has 640 permission, and cannot be shown users, but the environment is still exposed by systemd to non-privileged users.
|
|||||