Total
8367 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-40554 | 1 Project Team | 1 Tmall Demo | 2025-06-13 | N/A | 7.5 HIGH |
| An access control issue in Tmall_demo v2024.07.03 allows attackers to obtain sensitive information. | |||||
| CVE-2024-48900 | 1 Moodle | 1 Moodle | 2025-06-13 | N/A | 4.3 MEDIUM |
| A vulnerability was found in Moodle. Additional checks are required to ensure users with permission to view badge recipients can only access lists of those they are intended to have access to. | |||||
| CVE-2025-4977 | 1 Netgear | 2 Dgnd3700, Dgnd3700 Firmware | 2025-06-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability, which was classified as problematic, has been found in Netgear DGND3700 1.1.00.15_1.00.15NA. Affected by this issue is some unknown functionality of the file /BRS_top.html. The manipulation leads to information disclosure. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Other products might be affected as well. The vendor was contacted early about this disclosure. | |||||
| CVE-2024-53359 | 1 Zalo | 1 Zalo | 2025-06-12 | N/A | 7.5 HIGH |
| An issue in Zalo v23.09.01 allows attackers to obtain sensitive user information via a crafted GET request. | |||||
| CVE-2025-4980 | 1 Netgear | 2 Dgnd3700, Dgnd3700 Firmware | 2025-06-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability has been found in Netgear DGND3700 1.1.00.15_1.00.15NA and classified as problematic. This vulnerability affects unknown code of the file /currentsetting.htm of the component mini_http. The manipulation leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Other products might be affected as well. The vendor was contacted early about this disclosure. | |||||
| CVE-2025-49653 | 2025-06-12 | N/A | 8.0 HIGH | ||
| Exposure of sensitive data in active sessions in Lablup's BackendAI allows attackers to retrieve credentials for users on the management platform. | |||||
| CVE-2025-40662 | 2025-06-12 | N/A | N/A | ||
| Absolute path disclosure vulnerability in DM Corporative CMS. This vulnerability allows an attacker to view the contents of webroot/file, if navigating to a non-existent file. | |||||
| CVE-2025-49200 | 2025-06-12 | N/A | 6.5 MEDIUM | ||
| The created backup files are unencrypted, making the application vulnerable for gathering sensitive information by downloading and decompressing the backup files. | |||||
| CVE-2025-49150 | 2025-06-12 | N/A | 5.9 MEDIUM | ||
| Cursor is a code editor built for programming with AI. Prior to 0.51.0, by default, the setting json.schemaDownload.enable was set to True. This means that by writing a JSON file, an attacker can trigger an arbitrary HTTP GET request that does not require user confirmation. Since the Cursor Agent can edit JSON files, this means a malicious agent, for example, after a prompt injection attack already succeeded, could trigger a GET request to an attacker controlled URL, potentially exfiltrating other data the agent may have access to. This vulnerability is fixed in 0.51.0. | |||||
| CVE-2025-49184 | 2025-06-12 | N/A | 7.5 HIGH | ||
| A remote unauthorized attacker may gather sensitive information of the application, due to missing authorization of configuration settings of the product. | |||||
| CVE-2023-41752 | 2 Apache, Fedoraproject | 2 Traffic Server, Fedora | 2025-06-12 | N/A | 7.5 HIGH |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Traffic Server.This issue affects Apache Traffic Server: from 8.0.0 through 8.1.8, from 9.0.0 through 9.2.2. Users are recommended to upgrade to version 8.1.9 or 9.2.3, which fixes the issue. | |||||
| CVE-2024-21136 | 1 Oracle | 1 Retail Xstore Office | 2025-06-09 | N/A | 8.6 HIGH |
| Vulnerability in the Oracle Retail Xstore Office product of Oracle Retail Applications (component: Security). Supported versions that are affected are 19.0.5, 20.0.3, 20.0.4, 22.0.0 and 23.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Xstore Office. While the vulnerability is in Oracle Retail Xstore Office, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Retail Xstore Office accessible data. CVSS 3.1 Base Score 8.6 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N). | |||||
| CVE-2024-24304 | 1 Sinch | 1 Mailjet | 2025-06-09 | N/A | 7.5 HIGH |
| In the module "Mailjet" (mailjet) from Mailjet for PrestaShop before versions 3.5.1, a guest can download technical information without restriction. | |||||
| CVE-2025-25946 | 1 Axiosys | 1 Bento4 | 2025-06-09 | N/A | 5.5 MEDIUM |
| An issue in Bento4 v1.6.0-641 allows an attacker to cause a memory leak via Ap4Marlin.cpp and Ap4Processor.cpp, specifically in AP4_MarlinIpmpEncryptingProcessor::Initialize and AP4_Processor::Process, during the execution of mp4encrypt with a specially crafted MP4 input file. | |||||
| CVE-2021-22876 | 8 Broadcom, Debian, Fedoraproject and 5 more | 12 Fabric Operating System, Debian Linux, Fedora and 9 more | 2025-06-09 | 5.0 MEDIUM | 5.3 MEDIUM |
| curl 7.1.1 to and including 7.75.0 is vulnerable to an "Exposure of Private Personal Information to an Unauthorized Actor" by leaking credentials in the HTTP Referer: header. libcurl does not strip off user credentials from the URL when automatically populating the Referer: HTTP request header field in outgoing HTTP requests, and therefore risks leaking sensitive data to the server that is the target of the second HTTP request. | |||||
| CVE-2025-25209 | 2025-06-09 | N/A | 5.7 MEDIUM | ||
| The AuthPolicy metadata on Red Hat Connectivity Link contains an object which stores secretes, however it assumes those secretes are already in the kuadrant-system instead of copying it to the referred namespace. This creates space for a malicious actor with a developer persona access to leak those secrets over HTTP connection, as long the attacker knows the name of the targeted secrets and those secrets are limited to one line only. | |||||
| CVE-2025-23216 | 1 Argoproj | 1 Argo Cd | 2025-06-06 | N/A | 6.8 MEDIUM |
| Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. A vulnerability was discovered in Argo CD that exposed secret values in error messages and the diff view when an invalid Kubernetes Secret resource was synced from a repository. The vulnerability assumes the user has write access to the repository and can exploit it, either intentionally or unintentionally, by committing an invalid Secret to repository and triggering a Sync. Once exploited, any user with read access to Argo CD can view the exposed secret data. The vulnerability is fixed in v2.13.4, v2.12.10, and v2.11.13. | |||||
| CVE-2025-5690 | 2025-06-05 | N/A | 6.5 MEDIUM | ||
| PostgreSQL Anonymizer v2.0 and v2.1 contain a vulnerability that allows a masked user to bypass the masking rules defined on a table and read the original data using a database cursor or the --insert option of pg_dump. This problem occurs only when dynamic masking is enabled, which is not the default setting. The problem is resolved in version 2.2.1 | |||||
| CVE-2022-34692 | 1 Microsoft | 1 Exchange Server | 2025-06-05 | N/A | 5.3 MEDIUM |
| Microsoft Exchange Server Information Disclosure Vulnerability | |||||
| CVE-2024-11083 | 1 Properfraction | 1 Profilepress | 2025-06-05 | N/A | 5.3 MEDIUM |
| The ProfilePress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.15.18 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as administrator. | |||||