Total
356 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-45242 | 1 Rhymix | 1 Rhymix | 2025-06-17 | N/A | 7.7 HIGH |
|
Rhymix v2.1.22 was discovered to contain an arbitrary file deletion vulnerability via the procFileAdminEditImage method in /file/file.admin.controller.php.
|
|||||
| CVE-2025-37100 | 2025-06-12 | N/A | 7.7 HIGH | ||
|
A vulnerability in the APIs of HPE Aruba Networking Private 5G Core could potentially expose sensitive information to unauthorized users.
A successful exploitation could allow an attacker to iteratively navigate through the filesystem and ultimately download protected system files containing sensitive information.
|
|||||
| CVE-2024-3678 | 1 Adenion | 1 Blog2social | 2025-06-05 | N/A | 5.3 MEDIUM |
|
The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.4.2. This makes it possible for unauthenticated attackers to view limited information from password protected posts.
|
|||||
| CVE-2024-22773 | 1 Intelbras | 2 Action Rf 1200, Action Rf 1200 Firmware | 2025-06-05 | N/A | 8.1 HIGH |
|
Intelbras Action RF 1200 routers 1.2.2 and earlier and Action RG 1200 routers 2.1.7 and earlier expose the Password in Cookie resulting in Login Bypass.
|
|||||
| CVE-2024-25940 | 1 Freebsd | 1 Freebsd | 2025-06-04 | N/A | 6.3 MEDIUM |
|
`bhyveload -h <host-path>` may be used to grant loader access to the <host-path> directory tree on the host. Affected versions of bhyveload(8) do not make any attempt to restrict loader's access to <host-path>, allowing the loader to read any file the host user has access to. In the bhyveload(8) model, the host supplies a userboot.so to boot with, but the loader scripts generally come from the guest image. A maliciously crafted script could be used to exfiltrate sensitive data from the host ac ...
Show More |
|||||
| CVE-2024-28069 | 1 Mitel | 1 Micontact Center Business | 2025-06-02 | N/A | 7.5 HIGH |
|
A vulnerability in the legacy chat component of Mitel MiContact Center Business through 10.0.0.4 could allow an unauthenticated attacker to conduct an information disclosure attack due to improper configuration. A successful exploit could allow an attacker to access sensitive information and potentially conduct unauthorized actions within the vulnerable component.
|
|||||
| CVE-2024-28808 | 1 Nokia | 2 Hit 7300, Hit 7300 Firmware | 2025-05-30 | N/A | 2.7 LOW |
|
An issue was discovered in Infinera hiT 7300 5.60.50. Hidden functionality in the web interface allows a remote authenticated attacker to access reserved information by accessing undocumented web applications.
|
|||||
| CVE-2022-44581 | 1 Wpmudev | 1 Defender | 2025-05-28 | N/A | 5.0 MEDIUM |
|
Insecure Storage of Sensitive Information vulnerability in WPMU DEV Defender Security allows : Screen Temporary Files for Sensitive Information.This issue affects Defender Security: from n/a through 3.3.2.
|
|||||
| CVE-2024-31404 | 1 Cybozu | 1 Garoon | 2025-05-28 | N/A | 4.3 MEDIUM |
|
Insertion of sensitive information into sent data issue exists in Cybozu Garoon 5.5.0 to 6.0.0, which may allow a user who can log in to the product to view the data of Scheduler.
|
|||||
| CVE-2022-41320 | 1 Veritas | 1 System Recovery | 2025-05-27 | N/A | 6.5 MEDIUM |
|
Veritas System Recovery (VSR) versions 18 and 21 store a network destination password in the Windows registry during configuration of the backup configuration. This vulnerability could provide a Windows user (who has sufficient privileges) to access a network file system that they were not authorized to access.
|
|||||
| CVE-2025-46627 | 1 Tenda | 2 Rx2 Pro, Rx2 Pro Firmware | 2025-05-27 | N/A | 8.2 HIGH |
|
Use of weak credentials in the Tenda RX2 Pro 16.03.30.14 allows an unauthenticated attacker to authenticate to the telnet service by calculating the root password based on easily-obtained device information. The password is based on the last two digits/octets of the MAC address.
|
|||||
| CVE-2024-13954 | 2025-05-23 | N/A | 6.5 MEDIUM | ||
|
Serialized configuration information may be disclosed during device commissioning while using ASPECT's configuration toolsetThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*.
|
|||||
| CVE-2024-21117 | 1 Oracle | 1 Outside In Technology | 2025-05-21 | N/A | 5.3 MEDIUM |
|
Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Core). Supported versions that are affected are 8.5.6 and 8.5.7. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Outside In Technology executes to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technolo ...
Show More |
|||||
| CVE-2024-57436 | 1 Ruoyi | 1 Ruoyi | 2025-05-14 | N/A | 7.2 HIGH |
|
RuoYi v4.8.0 was discovered to allow unauthorized attackers to view the session ID of the admin in the system monitoring. This issue can allow attackers to impersonate Admin users via using a crafted cookie.
|
|||||
| CVE-2023-45859 | 1 Hazelcast | 1 Hazelcast | 2025-05-13 | N/A | 7.6 HIGH |
|
In Hazelcast through 4.1.10, 4.2 through 4.2.8, 5.0 through 5.0.5, 5.1 through 5.1.7, 5.2 through 5.2.4, and 5.3 through 5.3.2, some client operations don't check permissions properly, allowing authenticated users to access data stored in the cluster.
|
|||||
| CVE-2022-28170 | 1 Broadcom | 1 Fabric Operating System | 2025-05-09 | N/A | 6.5 MEDIUM |
|
Brocade Fabric OS Web Application services before Brocade Fabric v9.1.0, v9.0.1e, v8.2.3c, v7.4.2j store server and user passwords in the debug statements. This could allow a local user to extract the passwords from a debug file.
|
|||||
| CVE-2024-26559 | 1 Dagg | 1 Uverif | 2025-05-08 | N/A | 5.3 MEDIUM |
|
An issue in uverif v.2.0 allows a remote attacker to obtain sensitive information.
|
|||||
| CVE-2022-32867 | 1 Apple | 2 Iphone Os, Macos | 2025-05-06 | N/A | 2.4 LOW |
|
This issue was addressed with improved data protection. This issue is fixed in iOS 16, macOS Ventura 13. A user with physical access to an iOS device may be able to read past diagnostic logs.
|
|||||
| CVE-2024-43427 | 1 Moodle | 1 Moodle | 2025-05-01 | N/A | 3.7 LOW |
|
A flaw was found in moodle. When creating an export of site administration presets, some sensitive secrets and keys are not being excluded from the export, which could result in them unintentionally being leaked if the presets are shared with a third party.
|
|||||
| CVE-2024-22371 | 1 Apache | 1 Camel | 2025-04-25 | N/A | 2.9 LOW |
|
Exposure of sensitive data by by crafting a malicious EventFactory and providing a custom ExchangeCreatedEvent that exposes sensitive data. Vulnerability in Apache Camel.This issue affects Apache Camel: from 3.21.X through 3.21.3, from 3.22.X through 3.22.0, from 4.0.X through 4.0.3, from 4.X through 4.3.0.
Users are recommended to upgrade to version 3.21.4, 3.22.1, 4.0.4 or 4.4.0, which fixes the issue.
|
|||||
| CVE-2024-20050 | 5 Google, Linuxfoundation, Mediatek and 2 more | 47 Android, Yocto, Mt2713 and 44 more | 2025-04-23 | N/A | 4.4 MEDIUM |
|
In flashc, there is a possible information disclosure due to an uncaught exception. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541757; Issue ID: ALPS08541757.
|
|||||
| CVE-2022-32833 | 1 Apple | 3 Iphone Os, Macos, Safari | 2025-04-21 | N/A | 5.3 MEDIUM |
|
An issue existed with the file paths used to store website data. The issue was resolved by improving how website data is stored. This issue is fixed in iOS 16. An unauthorized user may be able to access browsing history.
|
|||||
| CVE-2025-22983 | 1 Thecosy | 1 Icecms | 2025-04-21 | N/A | 7.5 HIGH |
|
An access control issue in the component /square/getAllSquare/circle of iceCMS v2.2.0 allows unauthenticated attackers to access sensitive information.
|
|||||
| CVE-2017-16560 | 1 Sandisk | 1 Secureaccess | 2025-04-20 | 2.1 LOW | 4.3 MEDIUM |
|
SanDisk Secure Access 3.01 vault decrypts and copies encrypted files to a temporary folder, where they can remain indefinitely in certain situations, such as if the file is being edited when the user exits the application or if the application crashes.
|
|||||
| CVE-2017-0493 | 1 Google | 1 Android | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
|
An information disclosure vulnerability in File-Based Encryption could enable a local malicious attacker to bypass operating system protections for the lock screen. This issue is rated as Moderate due to the possibility of bypassing the lock screen. Product: Android. Versions: 7.0, 7.1.1. Android ID: A-32793550.
|
|||||
| CVE-2017-7253 | 1 Dahuasecurity | 2 Ip Camera, Ip Camera Firmware | 2025-04-20 | 9.0 HIGH | 8.8 HIGH |
|
Dahua IP Camera devices 3.200.0001.6 can be exploited via these steps: 1. Use the default low-privilege credentials to list all users via a request to a certain URI. 2. Login to the IP camera with admin credentials so as to obtain full control of the target IP camera. During exploitation, the first JSON object encountered has a "Component error: login challenge!" message. The second JSON object encountered has a result indicating a successful admin login.
|
|||||
| CVE-2017-6911 | 1 Usb Pratirodh Project | 1 Usb Pratirodh | 2025-04-20 | 2.1 LOW | 6.6 MEDIUM |
|
USB Pratirodh is prone to sensitive information disclosure. It stores sensitive information such as username and password in simple usb.xml. An attacker with physical access to the system can modify the file according his own requirements that may aid in further attack.
|
|||||
| CVE-2025-22984 | 1 Thecosy | 1 Icecms | 2025-04-18 | N/A | 7.5 HIGH |
|
An access control issue in the component /api/squareComment/DelectSquareById of iceCMS v2.2.0 allows unauthenticated attackers to access sensitive information.
|
|||||
| CVE-2024-57546 | 1 Cmsimple | 1 Cmsimple | 2025-04-16 | N/A | 7.5 HIGH |
|
An issue in CMSimple v.5.16 allows a remote attacker to obtain sensitive information via a crafted script to the validate link function.
|
|||||
| CVE-2023-41965 | 1 Socomec | 2 Modulys Gp, Modulys Gp Firmware | 2025-04-15 | N/A | 7.5 HIGH |
|
Sending some requests in the web application of the vulnerable device allows information to be obtained due to the lack of security in the authentication process.
|
|||||
| CVE-2022-40959 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2025-04-15 | N/A | 6.5 MEDIUM |
|
During iframe navigation, certain pages did not have their FeaturePolicy fully initialized leading to a bypass that leaked device permissions into untrusted subdocuments. This vulnerability affects Firefox ESR < 102.3, Thunderbird < 102.3, and Firefox < 105.
|
|||||
| CVE-2024-32236 | 1 Cmseasy | 1 Cmseasy | 2025-04-14 | N/A | 3.5 LOW |
|
An issue in CmsEasy v.7.7 and before allows a remote attacker to obtain sensitive information via the update function in the index.php component.
|
|||||
| CVE-2024-23561 | 1 Hcltechsw | 2 Hcl Devops Deploy, Hcl Launch | 2025-04-11 | N/A | 4.3 MEDIUM |
|
HCL DevOps Deploy / HCL Launch is vulnerable to sensitive information disclosure vulnerability due to insufficient obfuscation of sensitive values.
|
|||||
| CVE-2025-2440 | 2025-04-09 | N/A | 4.2 MEDIUM | ||
|
CWE-922: Insecure Storage of Sensitive Information vulnerability exists that could potentially lead to unauthorized
access of confidential data when a malicious user, having physical access and advanced information on the file
system, sets the radio in factory default mode.
|
|||||
| CVE-2021-36546 | 1 Kitesky | 1 Kitecms | 2025-03-26 | N/A | 7.5 HIGH |
|
Incorrect Access Control issue discovered in KiteCMS 1.1 allows remote attackers to view sensitive information via path in application URL.
|
|||||
| CVE-2025-20886 | 1 Samsung | 1 Android | 2025-03-25 | N/A | 4.1 MEDIUM |
|
Inclusion of sensitive information in test code in softsim trustlet prior to SMR Jan-2025 Release 1 allows local privileged attackers to get test key.
|
|||||
| CVE-2024-38312 | 1 Mozilla | 1 Firefox | 2025-03-19 | N/A | 6.5 MEDIUM |
|
When browsing private tabs, some data related to location history or webpage thumbnails could be persisted incorrectly within the sandboxed app bundle after app termination This vulnerability affects Firefox for iOS < 127.
|
|||||
| CVE-2024-54541 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2025-03-18 | N/A | 5.5 MEDIUM |
|
This issue was addressed through improved state management. This issue is fixed in macOS Ventura 13.7.2, visionOS 2.2, tvOS 18.2, watchOS 11.2, iOS 18.2 and iPadOS 18.2, macOS Sonoma 14.7.2, macOS Sequoia 15.2. An app may be able to access user-sensitive data.
|
|||||
| CVE-2025-2489 | 2025-03-18 | N/A | N/A | ||
|
Insecure information storage vulnerability in NTFS Tools version 3.5.1. Exploitation of this vulnerability could allow an attacker to know the application password, stored in /Users/user/Library/Application Support/ntfs-tool/config.json.
|
|||||
| CVE-2024-47197 | 1 Apache | 1 Maven Archetype | 2025-03-17 | N/A | 7.5 HIGH |
|
Exposure of Sensitive Information to an Unauthorized Actor, Insecure Storage of Sensitive Information vulnerability in Maven Archetype Plugin.
This issue affects Maven Archetype Plugin: from 3.2.1 before 3.3.0.
Users are recommended to upgrade to version 3.3.0, which fixes the issue.
Archetype integration testing creates a file
called ./target/classes/archetype-it/archetype-settings.xml
This file contains all the content from the users ~/.m2/settings.xml file,
which often contains information ...
Show More |
|||||