Total
147 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-0679 | 1 Gitlab | 1 Gitlab | 2025-05-29 | N/A | 4.3 MEDIUM |
| An issue has been discovered in GitLab CE/EE affecting all versions from 17.1 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. Under certain conditions un-authorised users can view full email addresses that should be partially obscured. | |||||
| CVE-2024-13228 | 1 Themeum | 1 Qubely | 2025-05-26 | N/A | 4.3 MEDIUM |
| The Qubely – Advanced Gutenberg Blocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.8.13 via the 'qubely_get_content'. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, scheduled, password-protected, draft, and trashed post data. | |||||
| CVE-2024-13953 | 2025-05-23 | N/A | 4.9 MEDIUM | ||
| Sensitive device logger information in ASPECT may be exposed if administrator credentials become compromisedThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*. | |||||
| CVE-2022-2720 | 1 Octopus | 1 Octopus Server | 2025-05-16 | N/A | 5.3 MEDIUM |
| In affected versions of Octopus Server it was identified that when a sensitive value is a substring of another value, sensitive value masking will only partially work. | |||||
| CVE-2025-3035 | 1 Mozilla | 1 Firefox | 2025-04-15 | N/A | 5.3 MEDIUM |
| By first using the AI chatbot in one tab and later activating it in another tab, the document title of the previous tab would leak into the chat prompt. This vulnerability affects Firefox < 137. | |||||
| CVE-2024-53258 | 1 Autolabproject | 1 Autolab | 2025-04-07 | N/A | 5.3 MEDIUM |
| Autolab is a course management service that enables auto-graded programming assignments. From Autolab versions v.3.0.0 onward students can download all assignments from another student, as long as they are logged in, using the download_all_submissions feature. This can allow for leakage of submissions to unauthorized users, such as downloading submissions from other students in the class, or even instructor test submissions, given they know their user IDs. This issue has been patched in commit `1aa4c769` which is not yet in a release version, but is expected to be included in version 3.0.3. Users are advised to either manually patch or to wait for version 3.0.3. As a workaround administrators can disable the feature. | |||||
| CVE-2024-4767 | 2 Debian, Mozilla | 3 Debian Linux, Firefox, Thunderbird | 2025-04-01 | N/A | 4.3 MEDIUM |
| If the `browser.privatebrowsing.autostart` preference is enabled, IndexedDB files were not properly deleted when the window was closed. This preference is disabled by default in Firefox. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11. | |||||
| CVE-2024-13217 | 1 Jegtheme | 1 Jeg Elementor Kit | 2025-03-25 | N/A | 4.3 MEDIUM |
| The Jeg Elementor Kit plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.11 via the 'expired_data' and 'build_content' functions. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, scheduled, and draft template data. | |||||
| CVE-2025-26816 | 2025-03-25 | N/A | 6.5 MEDIUM | ||
| A vulnerability in Intrexx Portal Server 12.0.2 and earlier which was classified as problematic potentially allows users with particular permissions under certain conditions to see potentially sensitive data from a different user context. | |||||
| CVE-2025-20615 | 1 Qardio | 1 Qardio | 2025-03-24 | N/A | 6.2 MEDIUM |
| The Qardio Arm iOS application exposes sensitive data such as usernames and passwords in a plist file. This allows an attacker to log in to production-level development accounts and access an engineering backdoor in the application. The engineering backdoor allows the attacker to send hex-based commands over a UI-based terminal. | |||||
| CVE-2024-41780 | 3 Ibm, Linux, Microsoft | 3 Jazz Foundation, Linux Kernel, Windows | 2025-03-21 | N/A | 4.2 MEDIUM |
| IBM Jazz Foundation 7.0.2, 7.0.3, and 7.1.0 could could allow a physical user to obtain sensitive information due to not masking passwords during entry. | |||||
| CVE-2025-27080 | 2025-03-18 | N/A | 6.0 MEDIUM | ||
| Vulnerabilities in the command line interface of AOS-CX could allow an authenticated remote attacker to expose sensitive information. Successful exploitation could allow an attacker to gain unauthorized access to services outside of the impacted switch, potentially leading to lateral movement involving those services. | |||||
| CVE-2025-25042 | 2025-03-18 | N/A | 4.3 MEDIUM | ||
| A vulnerability in the AOS-CX REST interface could allow an authenticated remote attacker with low privileges to view sensitive information. Successful exploitation could allow an attacker to read encrypted credentials of other users on the switch, potentially leading to further unauthorized access or data breaches. | |||||
| CVE-2025-20060 | 2025-02-28 | N/A | 7.5 HIGH | ||
| An attacker could expose cross-user personal identifiable information (PII) and personal health information transmitted to the Android device via the Dario Health application database. | |||||
| CVE-2024-12041 | 1 Wpwax | 1 Directorist | 2025-02-24 | N/A | 5.3 MEDIUM |
| The Directorist: AI-Powered WordPress Business Directory Plugin with Classified Ads Listings plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 8.0.12 via the /wp-json/directorist/v1/users/ endpoint. This makes it possible for unauthenticated attackers to extract sensitive data including including usernames, email addresses, names, and more information about users. | |||||
| CVE-2024-46979 | 1 Xwiki | 1 Xwiki | 2025-02-07 | N/A | 5.3 MEDIUM |
| XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to get access to notification filters of any user by using a URL such as `<hostname>xwiki/bin/get/XWiki/Notifications/Code/NotificationFilterPreferenceLivetableResults?outputSyntax=plain&type=custom&user=<username>`. This vulnerability impacts all versions of XWiki since 13.2-rc-1. The filters do not provide much information (they mainly contain references which are public data in XWiki), though some info could be used in combination with other vulnerabilities. This vulnerability has been patched in XWiki 14.10.21, 15.5.5, 15.10.1, 16.0RC1. The patch consists in checking the rights of the user when sending the data. Users are advised to upgrade. It's possible to workaround the vulnerability by applying manually the patch: it's possible for an administrator to edit directly the document `XWiki.Notifications.Code.NotificationFilterPreferenceLivetableResults` to apply the same changes as in the patch. See commit c8c6545f9bde6f5aade994aa5b5903a67b5c2582. | |||||
| CVE-2023-48680 | 3 Acronis, Apple, Microsoft | 3 Cyber Protect, Macos, Windows | 2025-02-06 | N/A | 5.5 MEDIUM |
| Sensitive information disclosure due to excessive collection of system information. The following products are affected: Acronis Cyber Protect 16 (macOS, Windows) before build 37391. | |||||
| CVE-2024-11712 | 1 Wpjobportal | 1 Wp Job Portal | 2025-02-05 | N/A | 5.3 MEDIUM |
| The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the getResumeFileDownloadById() function in all versions up to, and including, 2.2.2. This makes it possible for unauthenticated attackers to download other users resumes. | |||||
| CVE-2025-0683 | 2025-01-31 | N/A | 5.9 MEDIUM | ||
| In its default configuration, Contec Health CMS8000 Patient Monitor transmits plain-text patient data to a hard-coded public IP address when a patient is hooked up to the monitor. This could lead to a leakage of confidential patient data to any device with that IP address or an attacker in a machine-in-the-middle scenario. | |||||
| CVE-2024-13216 | 2025-01-31 | N/A | 4.3 MEDIUM | ||
| The HT Event – WordPress Event Manager Plugin for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.7 via the 'render' function in /includes/widgets/htevent_sponsor.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, scheduled, and draft template data. | |||||