Total
8284 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-43189 | 1 Apple | 1 Macos | 2025-07-31 | N/A | 9.8 CRITICAL |
| This issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7. A malicious app may be able to read kernel memory. | |||||
| CVE-2025-43215 | 1 Apple | 1 Macos | 2025-07-31 | N/A | 5.5 MEDIUM |
| The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.6. Processing a maliciously crafted image may result in disclosure of process memory. | |||||
| CVE-2025-4426 | 2025-07-31 | N/A | 6.0 MEDIUM | ||
| The vulnerability was identified in the code developed specifically for Lenovo. Please visit "Lenovo Product Security Advisories and Announcements" webpage for more information about the vulnerability. https://support.lenovo.com/us/en/product_security/home | |||||
| CVE-2025-54425 | 2025-07-31 | N/A | 5.3 MEDIUM | ||
| Umbraco is an ASP.NET CMS. In versions 13.0.0 through 13.9.2, 15.0.0 through 15.4.1 and 16.0.0 through 16.1.0, the content delivery API can be restricted from public access where an API key must be provided in a header to authorize the request. It's also possible to configure output caching, such that the delivery API outputs will be cached for a period of time, improving performance. There's an issue when these two things are used together, where caching doesn't vary by the header that contains the API key. As such, it's possible for a user without a valid API key to retrieve a response for a given path and query if it has recently been requested and cached by request with a valid key. This is fixed in versions 13.9.3, 15.4.4 and 16.1.1. | |||||
| CVE-2025-43018 | 2025-07-31 | N/A | N/A | ||
| Certain HP LaserJet Pro printers may be vulnerable to information disclosure when a non-authenticated user queries a device’s local address book. | |||||
| CVE-2024-20396 | 1 Cisco | 1 Webex Teams | 2025-07-31 | N/A | 5.3 MEDIUM |
| A vulnerability in the protocol handlers of Cisco Webex App could allow an unauthenticated, remote attacker to gain access to sensitive information. This vulnerability exists because the affected application does not safely handle file protocol handlers. An attacker could exploit this vulnerability by persuading a user to follow a link that is designed to cause the application to send requests. If the attacker can observe transmitted traffic in a privileged network position, a successful exploit could allow the attacker to capture sensitive information, including credential information, from the requests. | |||||
| CVE-2024-24919 | 1 Checkpoint | 5 Cloudguard Network Security, Quantum Security Gateway, Quantum Security Gateway Firmware and 2 more | 2025-07-30 | N/A | 8.6 HIGH |
| Potentially allowing an attacker to read certain information on Check Point Security Gateways once connected to the internet and enabled with remote Access VPN or Mobile Access Software Blades. A Security fix that mitigates this vulnerability is available. | |||||
| CVE-2024-28442 | 1 Yealink | 2 Vp59, Vp59 Firmware | 2025-07-30 | N/A | 7.5 HIGH |
| Directory Traversal vulnerability in Yealink VP59 v.91.15.0.118 allows a physically proximate attacker to obtain sensitive information via terms of use function in the company portal component. | |||||
| CVE-2020-36848 | 1 Boldgrid | 1 Total Upkeep | 2025-07-29 | N/A | 7.5 HIGH |
| The Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.14.9 via the env-info.php and restore-info.json files. This makes it possible for unauthenticated attackers to find the location of back-up files and subsequently download them. | |||||
| CVE-2025-30758 | 1 Oracle | 1 Siebel Crm Deployment | 2025-07-29 | N/A | 5.3 MEDIUM |
| Vulnerability in the Siebel CRM End User product of Oracle Siebel CRM (component: User Interface). Supported versions that are affected are 25.0-25.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel CRM End User. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Siebel CRM End User accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N). | |||||
| CVE-2020-36850 | 2025-07-29 | N/A | N/A | ||
| An information disclosure vulnerability exits in Sitecore JSS React Sample Application 11.0.0 - 14.0.1 that may cause page content intended for one user to be shown to another user. | |||||
| CVE-2025-54380 | 2025-07-29 | N/A | 6.5 MEDIUM | ||
| Opencast is a free, open-source platform to support the management of educational audio and video content. Prior to version 17.6, Opencast would incorrectly send the hashed global system account credentials (ie: org.opencastproject.security.digest.user and org.opencastproject.security.digest.pass) when attempting to fetch mediapackage elements included in a mediapackage XML file. A previous CVE prevented many cases where the credentials were inappropriately sent, but not all. Anyone with ingest permissions could cause Opencast to send its hashed global system account credentials to a url of their choosing. This issue is fixed in Opencast 17.6. | |||||
| CVE-2025-3508 | 2025-07-29 | N/A | N/A | ||
| Certain HP DesignJet products may be vulnerable to information disclosure though printer's web interface allowing unauthenticated users to view sensitive print job information. | |||||
| CVE-2025-29628 | 2025-07-29 | N/A | 8.1 HIGH | ||
| An issue in Gardyn 4 allows a remote attacker to obtain sensitive information and execute arbitrary code via a request | |||||
| CVE-2025-29629 | 2025-07-29 | N/A | 8.8 HIGH | ||
| An issue in Gardyn 4 allows a remote attacker to obtain sensitive information and execute arbitrary code via the Gardyn Home component | |||||
| CVE-2024-3574 | 1 Scrapy | 1 Scrapy | 2025-07-28 | N/A | 7.5 HIGH |
| In scrapy version 2.10.1, an issue was identified where the Authorization header, containing credentials for server authentication, is leaked to a third-party site during a cross-domain redirect. This vulnerability arises from the failure to remove the Authorization header when redirecting across domains. The exposure of the Authorization header to unauthorized actors could potentially allow for account hijacking. | |||||
| CVE-2025-8039 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-07-28 | N/A | 8.1 HIGH |
| In some cases search terms persisted in the URL bar even after navigating away from the search page. This vulnerability affects Firefox < 141, Firefox ESR < 140.1, Thunderbird < 141, and Thunderbird < 140.1. | |||||
| CVE-2025-30086 | 2025-07-25 | N/A | 4.9 MEDIUM | ||
| CNCF Harbor 2.13.x before 2.13.1 and 2.12.x before 2.12.4 allows information disclosure by administrators who can exploit an ORM Leak present in the /api/v2.0/users endpoint to leak users' password hash and salt values. The q URL parameter allows a user to filter users by any column, and filter password=~ could be abused to leak out a user's password hash character by character. An attacker with administrator access could exploit this to leak highly sensitive information stored in the Harbor database. All endpoints that support the q URL parameter are vulnerable to this ORM leak attack. | |||||
| CVE-2024-51769 | 1 Hpe | 1 Autopass License Server | 2025-07-25 | N/A | 7.5 HIGH |
| An information disclosure vulnerability exists in HPE AutoPass License Server (APLS) prior to 9.17. | |||||
| CVE-2025-31955 | 2025-07-25 | N/A | 7.6 HIGH | ||
| HCL iAutomate is affected by a sensitive data exposure vulnerability. This issue may allow unauthorized access to sensitive information within the system. | |||||