Total
8367 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-15962 | 1 Adobe | 1 Coldfusion | 2025-05-06 | 5.0 MEDIUM | 5.3 MEDIUM |
| Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a directory listing vulnerability. Successful exploitation could lead to information disclosure. | |||||
| CVE-2022-32877 | 1 Apple | 1 Macos | 2025-05-06 | N/A | 5.5 MEDIUM |
| A configuration issue was addressed with additional restrictions. This issue is fixed in macOS Big Sur 11.7, macOS Monterey 12.6. An app may be able to access user-sensitive data. | |||||
| CVE-2022-32875 | 1 Apple | 3 Iphone Os, Macos, Watchos | 2025-05-06 | N/A | 5.0 MEDIUM |
| A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.7, macOS Ventura 13, iOS 16, watchOS 9, macOS Monterey 12.6. An app may be able to read sensitive location information. | |||||
| CVE-2023-52341 | 2 Google, Unisoc | 5 Android, S8000, T760 and 2 more | 2025-05-06 | N/A | 7.5 HIGH |
| In Plaintext COUNTER CHECK message accepted before AS security activation, there is a possible missing permission check. This could lead to remote information disclosure no additional execution privileges needed | |||||
| CVE-2022-32870 | 1 Apple | 3 Iphone Os, Macos, Watchos | 2025-05-06 | N/A | 2.4 LOW |
| A logic issue was addressed with improved state management. This issue is fixed in iOS 16, macOS Ventura 13, watchOS 9. A user with physical access to a device may be able to use Siri to obtain some call history information. | |||||
| CVE-2025-4281 | 2025-05-05 | 4.0 MEDIUM | 4.3 MEDIUM | ||
| A vulnerability, which was classified as problematic, was found in Shenzhen Sixun Software Sixun Shanghui Group Business Management System 7. This affects an unknown part of the file /api/GylOperator/LoadData. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-46332 | 2025-05-05 | N/A | 6.5 MEDIUM | ||
| Flags SDK is an open-source feature flags toolkit for Next.js and SvelteKit. Impacted versions include flags from 3.2.0 and prior and @vercel/flags from 3.1.1 and prior as certain circumstances allows a bad actor with detailed knowledge of the vulnerability to list all flags returned by the flags discovery endpoint (.well-known/vercel/flags). This vulnerability allows for information disclosure, where a bad actor could gain access to a list of all feature flags exposed through the flags discovery endpoint, including the flag names, flag descriptions, available options and their labels (e.g. true, false), and default flag values. This issue has been patched in flags@4.0.0, users of flags and @vercel/flags should also migrate to flags@4.0.0. | |||||
| CVE-2025-29316 | 2025-05-05 | N/A | 6.2 MEDIUM | ||
| An issue in DataPatrol Screenshot watermark, printing watermark agent v.3.5.2.0 allows a physically proximate attacker to obtain sensitive information. NOTE: the Supplier disputes the Print Job Watermark Bypass claim because the watermark is added by hooking into the OS printing mechanism, and thus is not supposed to be visible when previewing a "generated printout" on screen. The Supplier disputes the Screenshot Watermark Bypass claim because the product's documentation explains the step of setting Developer Tools to Disallowed through AD Group Policy. | |||||
| CVE-2024-20019 | 1 Mediatek | 3 Mt7925, Mt7927, Software Package | 2025-05-05 | N/A | 5.9 MEDIUM |
| In wlan driver, there is a possible memory leak due to improper input handling. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00351241; Issue ID: MSV-1173. | |||||
| CVE-2021-0170 | 1 Intel | 44 Amt Ac 8260, Amt Ac 8260 Firmware, Amt Ac 8265 and 41 more | 2025-05-05 | 2.1 LOW | 5.5 MEDIUM |
| Exposure of Sensitive Information to an Unauthorized Actor in firmware for some Intel(R) PROSet/Wireless Wi-Fi in multiple operating systems and some Killer(TM) Wi-Fi in Windows 10 and 11 may allow an authenticated user to potentially enable information disclosure via local access. | |||||
| CVE-2021-0166 | 1 Intel | 44 Amt Ac 8260, Amt Ac 8260 Firmware, Amt Ac 8265 and 41 more | 2025-05-05 | 4.6 MEDIUM | 6.7 MEDIUM |
| Exposure of Sensitive Information to an Unauthorized Actor in firmware for some Intel(R) PROSet/Wireless Wi-Fi in multiple operating systems and some Killer(TM) Wi-Fi in Windows 10 and 11 may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-42442 | 2 Ibm, Redhat | 2 Robotic Process Automation For Cloud Pak, Openshift Container Platform | 2025-05-05 | N/A | 3.3 LOW |
| IBM Robotic Process Automation for Cloud Pak 21.0.1, 21.0.2, 21.0.3, 21.0.4, and 21.0.5 is vulnerable to exposure of the first tenant owner e-mail address to users with access to the container platform. IBM X-Force ID: 238214. | |||||
| CVE-2022-37930 | 1 Hpe | 18 Hf20, Hf20 Firmware, Hf20c and 15 more | 2025-05-02 | N/A | 6.7 MEDIUM |
| A security vulnerability has been identified in HPE Nimble Storage Hybrid Flash Arrays and HPE Nimble Storage Secondary Flash Arrays which could potentially allow local disclosure of sensitive information. | |||||
| CVE-2022-37909 | 1 Arubanetworks | 2 Arubaos, Sd-wan | 2025-05-02 | N/A | 5.3 MEDIUM |
| Aruba has identified certain configurations of ArubaOS that can lead to sensitive information disclosure from the configured ESSIDs. The scenarios in which disclosure of potentially sensitive information can occur are complex, and depend on factors beyond the control of attackers. | |||||
| CVE-2025-46552 | 2025-05-02 | N/A | N/A | ||
| KHC-INVITATION-AUTOMATION is a GitHub automation script that automatically invites followers of a bot account to join your organization. In some commits on version 1.2, a vulnerability was identified where user data, including email addresses and Discord usernames, were exposed in API responses without proper access controls. This allowed unauthorized users to access sensitive user information by directly calling specific endpoints. This issue has been patched in a later commit on version 1.2. | |||||
| CVE-2024-11994 | 2025-05-02 | N/A | 5.7 MEDIUM | ||
| APM server logs could contain parts of the document body from a partially failed bulk index request. Depending on the nature of the document, this could disclose sensitive information in APM Server error logs. | |||||
| CVE-2025-2880 | 2025-05-02 | N/A | 5.3 MEDIUM | ||
| The Yame | Link In Bio plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 0.9.0 through the publicly accessible phpinfo.php script. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in the exposed file. | |||||
| CVE-2024-42019 | 1 Veeam | 1 One | 2025-05-01 | N/A | 8.0 HIGH |
| A vulnerability that allows an attacker to access the NTLM hash of the Veeam Reporter Service service account. This attack requires user interaction and data collected from Veeam Backup & Replication. | |||||
| CVE-2024-34004 | 1 Moodle | 1 Moodle | 2025-05-01 | N/A | 6.5 MEDIUM |
| In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user with both access to restore wiki modules and direct access to the web server outside of the Moodle webroot could execute a local file include. | |||||
| CVE-2024-34005 | 1 Moodle | 1 Moodle | 2025-05-01 | N/A | 6.5 MEDIUM |
| In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user with both access to restore database activity modules and direct access to the web server outside of the Moodle webroot could execute a local file include. | |||||