Vulnerabilities (CVE)

Filtered by CWE-200
Total 8123 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2025-26795 2025-05-19 N/A 7.5 HIGH
Exposure of Sensitive Information to an Unauthorized Actor, Insertion of Sensitive Information into Log File vulnerability in Apache IoTDB JDBC driver. This issue affects iotdb-jdbc: from 0.10.0 through 1.3.3, from 2.0.1-beta before 2.0.2. Users are recommended to upgrade to version 2.0.2 and 1.3.4, which fix the issue.
CVE-2025-32703 1 Microsoft 3 Visual Studio 2017, Visual Studio 2019, Visual Studio 2022 2025-05-19 N/A 5.5 MEDIUM
Insufficient granularity of access control in Visual Studio allows an authorized attacker to disclose information locally.
CVE-2025-20624 2025-05-16 N/A 5.7 MEDIUM
Exposure of sensitive information to an unauthorized actor for some Edge Orchestrator software for Intel(R) Tiber™ Edge Platform may allow an authenticated user to potentially enable information disclosure via adjacent access.
CVE-2025-20013 2025-05-16 N/A 5.5 MEDIUM
Exposure of sensitive information to an unauthorized actor for some Edge Orchestrator software for Intel(R) Tiber™ Edge Platform may allow an authenticated user to potentially enable information disclosure via local access.
CVE-2025-20611 2025-05-16 N/A 4.7 MEDIUM
Exposure of sensitive information to an unauthorized actor for some Edge Orchestrator software for Intel(R) Tiber™ Edge Platform may allow an authenticated user to potentially enable information disclosure via local access.
CVE-2025-22895 2025-05-16 N/A 5.5 MEDIUM
Exposure of sensitive information to an unauthorized actor for some Edge Orchestrator software for Intel(R) Tiber™ Edge Platform may allow an authenticated user to potentially enable information disclosure via local access.
CVE-2025-20030 2025-05-16 N/A 2.6 LOW
Exposure of sensitive information to an unauthorized actor for some Edge Orchestrator software for Intel(R) Tiber™ Edge Platform may allow an authenticated user to potentially enable information disclosure via adjacent access.
CVE-2024-57096 2025-05-16 N/A 5.5 MEDIUM
An issue in wps office before v.19302 allows a local attacker to obtain sensitive information via a crafted file.
CVE-2025-25370 2025-05-16 N/A 4.6 MEDIUM
An issue in realme GT 2 (RMX3311) running Android 14 with realme UI 5.0 allows a physically proximate attacker to obtain sensitive information via the show app only setting function.
CVE-2024-42179 1 Hcltech 1 Dryice Myxalytics 2025-05-16 N/A 2.0 LOW
HCL MyXalytics is affected by sensitive information disclosure vulnerability. The HTTP response header exposes the Microsoft-HTTP API∕2.0 as the server's name & version.
CVE-2024-25839 1 Webbax 1 Super Newsletter 2025-05-15 N/A 7.5 HIGH
An issue was discovered in Webbax "Super Newsletter" (supernewsletter) module for PrestaShop versions 1.4.21 and before, allows local attackers to escalate privileges and obtain sensitive information.
CVE-2024-20904 1 Oracle 1 Business Intelligence 2025-05-15 N/A 5.0 MEDIUM
Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Pod Admin). Supported versions that are affected are 6.4.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. While the vulnerability is in Oracle Business Intelligence Enterprise Edition, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 5.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N).
CVE-2024-23206 1 Apple 6 Ipados, Iphone Os, Macos and 3 more 2025-05-15 N/A 6.5 MEDIUM
An access issue was addressed with improved access restrictions. This issue is fixed in watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, iOS 16.7.5 and iPadOS 16.7.5, Safari 17.3. A maliciously crafted webpage may be able to fingerprint the user.
CVE-2022-32931 1 Apple 1 Macos 2025-05-15 N/A 5.5 MEDIUM
This issue was addressed with improved data protection. This issue is fixed in macOS Ventura 13. An app with root privileges may be able to access private information.
CVE-2024-7128 2025-05-15 N/A 5.3 MEDIUM
A flaw was found in the OpenShift console. Several endpoints in the application use the authHandler() and authHandlerWithUser() middleware functions. When the default authentication provider ("openShiftAuth") is set, these functions do not perform any authentication checks, relying instead on the targeted service to handle authentication and authorization. This issue leads to various degrees of data exposure due to a lack of proper credential verification.
CVE-2024-29400 1 Ruoyi 1 Ruoyi 2025-05-14 N/A 7.5 HIGH
An issue was discovered in RuoYi v4.5.1, allows attackers to obtain sensitive information via the status parameter.
CVE-2024-56526 2025-05-14 N/A 7.5 HIGH
An issue was discovered in OXID eShop before 7. CMS pages in combination with Smarty may display user information if a CMS page contains a Smarty syntax error.
CVE-2024-0340 1 Linux 1 Linux Kernel 2025-05-14 N/A 4.4 MEDIUM
A vulnerability was found in vhost_new_msg in drivers/vhost/vhost.c in the Linux kernel, which does not properly initialize memory in messages passed between virtual guests and the host operating system in the vhost/vhost.c:vhost_new_msg() function. This issue can allow local privileged users to read some kernel memory contents when reading from the /dev/vhost-net device file.
CVE-2025-24899 1 Yogeshojha 1 Rengine 2025-05-13 N/A 7.5 HIGH
reNgine is an automated reconnaissance framework for web applications. A vulnerability was discovered in reNgine, where **an insider attacker with any role** (such as Auditor, Penetration Tester, or Sys Admin) **can extract sensitive information from other reNgine users.** After running a scan and obtaining vulnerabilities from a target, the attacker can retrieve details such as `username`, `password`, `email`, `role`, `first name`, `last name`, `status`, and `activity information` by making a GET request to `/api/listVulnerability/`. This issue has been addressed in version 2.2.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
CVE-2025-4222 2025-05-13 N/A 5.9 MEDIUM
The Database Toolset plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.8.4 via backup files stored in a publicly accessible location. This makes it possible for unauthenticated attackers to extract sensitive data from database backup files. An index file is present, so a brute force attack would need to be successful in order to compromise any data.