Total
9363 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-53036 | 1 Oracle | 1 Financial Services Analytical Applications Infrastructure | 2025-10-23 | N/A | 8.6 HIGH |
| Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Platform). Supported versions that are affected are 8.0.7.9, 8.0.8.7 and 8.1.2.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. While the vulnerability is in Oracle Financial Services Analytical Applications Infrastructure, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Financial Services Analytical Applications Infrastructure accessible data. CVSS 3.1 Base Score 8.6 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N). | |||||
| CVE-2025-53043 | 1 Oracle | 1 Product Hub | 2025-10-23 | N/A | 8.1 HIGH |
| Vulnerability in the Oracle Product Hub product of Oracle E-Business Suite (component: Item Catalog). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Product Hub. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Product Hub accessible data as well as unauthorized access to critical data or complete access to all Oracle Product Hub accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). | |||||
| CVE-2025-53047 | 1 Oracle | 1 Database Server | 2025-10-23 | N/A | 5.8 MEDIUM |
| Vulnerability in the Portable Clusterware component of Oracle Database Server. Supported versions that are affected are 19.3-19.28, 21.3-21.19 and 23.4-23.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via Bonjour to compromise Portable Clusterware. While the vulnerability is in Portable Clusterware, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized read access to a subset of Portable Clusterware accessible data. CVSS 3.1 Base Score 5.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N). | |||||
| CVE-2023-21237 | 1 Google | 1 Android | 2025-10-23 | N/A | 5.5 MEDIUM |
| In applyRemoteView of NotificationContentInflater.java, there is a possible way to hide foreground service notification due to misleading or insufficient UI. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-251586912 | |||||
| CVE-2024-5524 | 1 Codester | 1 Astrotalks | 2025-10-23 | N/A | 5.3 MEDIUM |
| Information exposure vulnerability in Astrotalks affecting version 10/03/2023. This vulnerability allows unregistered users to access all internal links of the application without providing any credentials. | |||||
| CVE-2025-59294 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-10-22 | N/A | 2.1 LOW |
| Exposure of sensitive information to an unauthorized actor in Windows Taskbar Live allows an unauthorized attacker to disclose information with a physical attack. | |||||
| CVE-2025-58277 | 1 Huawei | 1 Harmonyos | 2025-10-22 | N/A | 4.0 MEDIUM |
| Permission verification bypass vulnerability in the Camera app. Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2025-40662 | 1 Acc | 1 Dm Corporative Cms | 2025-10-22 | N/A | 7.5 HIGH |
| Absolute path disclosure vulnerability in DM Corporative CMS. This vulnerability allows an attacker to view the contents of webroot/file, if navigating to a non-existent file. | |||||
| CVE-2013-7331 | 1 Microsoft | 10 Internet Explorer, Windows 7, Windows 8 and 7 more | 2025-10-22 | 4.3 MEDIUM | 6.5 MEDIUM |
| The Microsoft.XMLDOM ActiveX control in Microsoft Windows 8.1 and earlier allows remote attackers to determine the existence of local pathnames, UNC share pathnames, intranet hostnames, and intranet IP addresses by examining error codes, as demonstrated by a res:// URL, and exploited in the wild in February 2014. | |||||
| CVE-2016-6415 | 1 Cisco | 3 Ios, Ios Xe, Ios Xr | 2025-10-22 | 5.0 MEDIUM | 7.5 HIGH |
| The server IKEv1 implementation in Cisco IOS 12.2 through 12.4 and 15.0 through 15.6, IOS XE through 3.18S, IOS XR 4.3.x and 5.0.x through 5.2.x, and PIX before 7.0 allows remote attackers to obtain sensitive information from device memory via a Security Association (SA) negotiation request, aka Bug IDs CSCvb29204 and CSCvb36055 or BENIGNCERTAIN. | |||||
| CVE-2016-2388 | 1 Sap | 1 Netweaver Application Server Java | 2025-10-22 | 5.0 MEDIUM | 5.3 MEDIUM |
| The Universal Worklist Configuration in SAP NetWeaver AS JAVA 7.4 allows remote attackers to obtain sensitive user information via a crafted HTTP request, aka SAP Security Note 2256846. | |||||
| CVE-2015-5317 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2025-10-22 | 5.0 MEDIUM | 7.5 HIGH |
| The Fingerprints pages in Jenkins before 1.638 and LTS before 1.625.2 might allow remote attackers to obtain sensitive job and build name information via a direct request. | |||||
| CVE-2025-61220 | 2025-10-21 | N/A | 7.5 HIGH | ||
| The incomplete verification mechanism in the AutoBizLine com.mysecondline.app 1.2.91 allows attackers to log in as other users and gain unauthorized access to their personal information. | |||||
| CVE-2025-60344 | 2025-10-21 | N/A | 6.6 MEDIUM | ||
| An unauthenticated Local File Inclusion (LFI) vulnerability in D-Link DSR series routers allows remote attackers to retrieve sensitive configuration files in clear text. The exposed files contain administrative credentials, VPN settings, and other sensitive information, enabling full administrative access to the router. Affected Products include: DSR-150, DSR-150N, and DSR-250N v1.09B32_WW. | |||||
| CVE-2025-62699 | 2025-10-21 | N/A | N/A | ||
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in The Wikimedia Foundation Mediawiki - Translate Extension allows Footprinting. Translate extension appears to use jobs to make edits to translation pages. This causes the CheckUser tool to log the wrong IP and User-Agent making these edits un-auditable via the CheckUser tool.This issue affects Mediawiki - Translate Extension: from master before 1.39. | |||||
| CVE-2025-11151 | 2025-10-21 | N/A | 8.2 HIGH | ||
| Exposure of Sensitive Information to an Unauthorized Actor, Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Beyaz Bilgisayar Software Design Industry and Trade Ltd. Co. CityPLus allows Detect Unpublicized Web Pages.This issue affects CityPLus: before V24.29500.1.0. | |||||
| CVE-2025-62669 | 2025-10-21 | N/A | N/A | ||
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in The Wikimedia Foundation Mediawiki - CentralAuth Extension allows Resource Leak Exposure.This issue affects Mediawiki - CentralAuth Extension: from master before 1.39. | |||||
| CVE-2025-57838 | 2025-10-21 | N/A | 4.0 MEDIUM | ||
| Some Honor products are affected by information leak vulnerability, successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2025-57837 | 2025-10-21 | N/A | 2.9 LOW | ||
| Tileservice module is affected by information leak vulnerability, successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2025-10750 | 2025-10-21 | N/A | 5.3 MEDIUM | ||
| The PowerBI Embed Reports plugin for WordPress is vulnerable to Sensitive Information Disclosure in all versions up to, and including, 1.2.0. This is due to missing capability checks and authentication verification on the 'testUser' endpoint accessible via the mo_epbr_admin_observer() function hooked on 'init'. This makes it possible for unauthenticated attackers to access sensitive Azure AD user information including personal identifiable information (PII) such as displayName, mail, phones, department, or detailed OAuth error data including Azure AD Application/Client IDs, error codes, trace IDs, and correlation IDs. | |||||