Total
8123 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2025-26795 | 2025-05-19 | N/A | 7.5 HIGH | ||
Exposure of Sensitive Information to an Unauthorized Actor, Insertion of Sensitive Information into Log File vulnerability in Apache IoTDB JDBC driver. This issue affects iotdb-jdbc: from 0.10.0 through 1.3.3, from 2.0.1-beta before 2.0.2. Users are recommended to upgrade to version 2.0.2 and 1.3.4, which fix the issue. | |||||
CVE-2025-32703 | 1 Microsoft | 3 Visual Studio 2017, Visual Studio 2019, Visual Studio 2022 | 2025-05-19 | N/A | 5.5 MEDIUM |
Insufficient granularity of access control in Visual Studio allows an authorized attacker to disclose information locally. | |||||
CVE-2025-20624 | 2025-05-16 | N/A | 5.7 MEDIUM | ||
Exposure of sensitive information to an unauthorized actor for some Edge Orchestrator software for Intel(R) Tiber™ Edge Platform may allow an authenticated user to potentially enable information disclosure via adjacent access. | |||||
CVE-2025-20013 | 2025-05-16 | N/A | 5.5 MEDIUM | ||
Exposure of sensitive information to an unauthorized actor for some Edge Orchestrator software for Intel(R) Tiber™ Edge Platform may allow an authenticated user to potentially enable information disclosure via local access. | |||||
CVE-2025-20611 | 2025-05-16 | N/A | 4.7 MEDIUM | ||
Exposure of sensitive information to an unauthorized actor for some Edge Orchestrator software for Intel(R) Tiber™ Edge Platform may allow an authenticated user to potentially enable information disclosure via local access. | |||||
CVE-2025-22895 | 2025-05-16 | N/A | 5.5 MEDIUM | ||
Exposure of sensitive information to an unauthorized actor for some Edge Orchestrator software for Intel(R) Tiber™ Edge Platform may allow an authenticated user to potentially enable information disclosure via local access. | |||||
CVE-2025-20030 | 2025-05-16 | N/A | 2.6 LOW | ||
Exposure of sensitive information to an unauthorized actor for some Edge Orchestrator software for Intel(R) Tiber™ Edge Platform may allow an authenticated user to potentially enable information disclosure via adjacent access. | |||||
CVE-2024-57096 | 2025-05-16 | N/A | 5.5 MEDIUM | ||
An issue in wps office before v.19302 allows a local attacker to obtain sensitive information via a crafted file. | |||||
CVE-2025-25370 | 2025-05-16 | N/A | 4.6 MEDIUM | ||
An issue in realme GT 2 (RMX3311) running Android 14 with realme UI 5.0 allows a physically proximate attacker to obtain sensitive information via the show app only setting function. | |||||
CVE-2024-42179 | 1 Hcltech | 1 Dryice Myxalytics | 2025-05-16 | N/A | 2.0 LOW |
HCL MyXalytics is affected by sensitive information disclosure vulnerability. The HTTP response header exposes the Microsoft-HTTP API∕2.0 as the server's name & version. | |||||
CVE-2024-25839 | 1 Webbax | 1 Super Newsletter | 2025-05-15 | N/A | 7.5 HIGH |
An issue was discovered in Webbax "Super Newsletter" (supernewsletter) module for PrestaShop versions 1.4.21 and before, allows local attackers to escalate privileges and obtain sensitive information. | |||||
CVE-2024-20904 | 1 Oracle | 1 Business Intelligence | 2025-05-15 | N/A | 5.0 MEDIUM |
Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Pod Admin). Supported versions that are affected are 6.4.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. While the vulnerability is in Oracle Business Intelligence Enterprise Edition, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 5.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N). | |||||
CVE-2024-23206 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2025-05-15 | N/A | 6.5 MEDIUM |
An access issue was addressed with improved access restrictions. This issue is fixed in watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, iOS 16.7.5 and iPadOS 16.7.5, Safari 17.3. A maliciously crafted webpage may be able to fingerprint the user. | |||||
CVE-2022-32931 | 1 Apple | 1 Macos | 2025-05-15 | N/A | 5.5 MEDIUM |
This issue was addressed with improved data protection. This issue is fixed in macOS Ventura 13. An app with root privileges may be able to access private information. | |||||
CVE-2024-7128 | 2025-05-15 | N/A | 5.3 MEDIUM | ||
A flaw was found in the OpenShift console. Several endpoints in the application use the authHandler() and authHandlerWithUser() middleware functions. When the default authentication provider ("openShiftAuth") is set, these functions do not perform any authentication checks, relying instead on the targeted service to handle authentication and authorization. This issue leads to various degrees of data exposure due to a lack of proper credential verification. | |||||
CVE-2024-29400 | 1 Ruoyi | 1 Ruoyi | 2025-05-14 | N/A | 7.5 HIGH |
An issue was discovered in RuoYi v4.5.1, allows attackers to obtain sensitive information via the status parameter. | |||||
CVE-2024-56526 | 2025-05-14 | N/A | 7.5 HIGH | ||
An issue was discovered in OXID eShop before 7. CMS pages in combination with Smarty may display user information if a CMS page contains a Smarty syntax error. | |||||
CVE-2024-0340 | 1 Linux | 1 Linux Kernel | 2025-05-14 | N/A | 4.4 MEDIUM |
A vulnerability was found in vhost_new_msg in drivers/vhost/vhost.c in the Linux kernel, which does not properly initialize memory in messages passed between virtual guests and the host operating system in the vhost/vhost.c:vhost_new_msg() function. This issue can allow local privileged users to read some kernel memory contents when reading from the /dev/vhost-net device file. | |||||
CVE-2025-24899 | 1 Yogeshojha | 1 Rengine | 2025-05-13 | N/A | 7.5 HIGH |
reNgine is an automated reconnaissance framework for web applications. A vulnerability was discovered in reNgine, where **an insider attacker with any role** (such as Auditor, Penetration Tester, or Sys Admin) **can extract sensitive information from other reNgine users.** After running a scan and obtaining vulnerabilities from a target, the attacker can retrieve details such as `username`, `password`, `email`, `role`, `first name`, `last name`, `status`, and `activity information` by making a GET request to `/api/listVulnerability/`. This issue has been addressed in version 2.2.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
CVE-2025-4222 | 2025-05-13 | N/A | 5.9 MEDIUM | ||
The Database Toolset plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.8.4 via backup files stored in a publicly accessible location. This makes it possible for unauthenticated attackers to extract sensitive data from database backup files. An index file is present, so a brute force attack would need to be successful in order to compromise any data. |