Total
134 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-13276 | 1 File Entity Project | 1 File Entity | 2025-09-02 | N/A | 7.5 HIGH |
| Insertion of Sensitive Information Into Sent Data vulnerability in Drupal File Entity (fieldable files) allows Forceful Browsing.This issue affects File Entity (fieldable files): from 7.X-* before 7.X-2.39. | |||||
| CVE-2025-44017 | 2025-09-02 | N/A | 4.3 MEDIUM | ||
| "Gunosy" App contains a vulnerability where sensitive information may be included in the application's outbound communication. If a user accesses a crafted URL, an attacker may obtain the JWT (JSON Web Token). | |||||
| CVE-2025-55750 | 2025-08-29 | N/A | 6.5 MEDIUM | ||
| Gitpod is a developer platform for cloud development environments. In versions before main-gha.33628 for both Gitpod Classic and Gitpod Classic Enterprise, OAuth integration with Bitbucket in certain conditions allowed a crafted link to expose a valid Bitbucket access token via the URL fragment when clicked by an authenticated user. This resulted from how Bitbucket returned tokens and how Gitpod handled the redirect flow. The issue was limited to Bitbucket (GitHub and GitLab integrations were not affected), required user interaction, and has been mitigated through redirect handling and OAuth logic hardening. The issue was resolved in main-gha.33628 and later. There are no workarounds. | |||||
| CVE-2025-48361 | 2025-08-29 | N/A | 5.3 MEDIUM | ||
| Insertion of Sensitive Information Into Sent Data vulnerability in Saeed Sattar Beglou Hesabfa Accounting allows Retrieve Embedded Sensitive Data. This issue affects Hesabfa Accounting: from n/a through 2.2.4. | |||||
| CVE-2024-13269 | 1 Advanced Varnish Project | 1 Advanced Varnish | 2025-08-27 | N/A | 5.3 MEDIUM |
| Insertion of Sensitive Information Into Sent Data vulnerability in Drupal Advanced Varnish allows Forceful Browsing.This issue affects Advanced Varnish: from 0.0.0 before 4.0.11. | |||||
| CVE-2025-26318 | 2025-08-26 | N/A | 5.8 MEDIUM | ||
| hb.exe in TSplus Remote Access before 17.30 2024-10-30 allows remote attackers to retrieve a list of all domain accounts currently connected to the application. | |||||
| CVE-2025-43768 | 2025-08-25 | N/A | N/A | ||
| Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.15 and 7.4 GA through update 92 allows authenticated users without any permissions to access sensitive information of admin users using JSONWS APIs. | |||||
| CVE-2025-41415 | 2025-08-22 | N/A | 6.5 MEDIUM | ||
| The vulnerability, if exploited, could allow an authenticated miscreant (with privileges to access publication targets) to retrieve sensitive information that could then be used to gain additional access to downstream resources. | |||||
| CVE-2024-7698 | 1 Phoenixcontact | 72 Fl Mguard 2102, Fl Mguard 2102 Firmware, Fl Mguard 2105 and 69 more | 2025-08-22 | N/A | 5.7 MEDIUM |
| A low privileged remote attacker can get access to CSRF tokens of higher privileged users which can be abused to mount CSRF attacks. | |||||
| CVE-2025-7204 | 1 Connectwise | 1 Professional Service Automation | 2025-08-20 | N/A | 6.5 MEDIUM |
| In ConnectWise PSA versions older than 2025.9, a vulnerability exists where authenticated users could gain access to sensitive user information. Specific API requests were found to return an overly verbose user object, which included encrypted password hashes for other users. Authenticated users could then retrieve these hashes. An attacker or privileged user could then use these exposed hashes to conduct offline brute-force or dictionary attacks. Such attacks could lead to credential compromise, allowing unauthorized access to accounts, and potentially privilege escalation within the system. | |||||
| CVE-2025-53985 | 2025-08-20 | N/A | 6.5 MEDIUM | ||
| Insertion of Sensitive Information Into Sent Data vulnerability in Crocoblock JetTabs allows Retrieve Embedded Sensitive Data. This issue affects JetTabs: from n/a through 2.2.9. | |||||
| CVE-2025-54008 | 2025-08-20 | N/A | 6.5 MEDIUM | ||
| Insertion of Sensitive Information Into Sent Data vulnerability in Crocoblock JetSmartFilters allows Retrieve Embedded Sensitive Data. This issue affects JetSmartFilters: from n/a through 3.6.7. | |||||
| CVE-2025-53983 | 2025-08-20 | N/A | 6.5 MEDIUM | ||
| Insertion of Sensitive Information Into Sent Data vulnerability in Crocoblock JetElements For Elementor allows Retrieve Embedded Sensitive Data. This issue affects JetElements For Elementor: from n/a through 2.7.7. | |||||
| CVE-2025-53988 | 2025-08-20 | N/A | 6.5 MEDIUM | ||
| Insertion of Sensitive Information Into Sent Data vulnerability in Crocoblock JetBlocks For Elementor allows Retrieve Embedded Sensitive Data. This issue affects JetBlocks For Elementor: from n/a through 1.3.18. | |||||
| CVE-2025-53196 | 2025-08-20 | N/A | 6.5 MEDIUM | ||
| Insertion of Sensitive Information Into Sent Data vulnerability in Crocoblock JetEngine allows Retrieve Embedded Sensitive Data. This issue affects JetEngine: from n/a through 3.7.0. | |||||
| CVE-2025-53987 | 2025-08-20 | N/A | 6.5 MEDIUM | ||
| Insertion of Sensitive Information Into Sent Data vulnerability in Crocoblock JetMenu allows Retrieve Embedded Sensitive Data. This issue affects JetMenu: from n/a through 2.4.11.1. | |||||
| CVE-2025-49408 | 2025-08-20 | N/A | 4.9 MEDIUM | ||
| Insertion of Sensitive Information Into Sent Data vulnerability in WPDeveloper Templately allows Retrieve Embedded Sensitive Data. This issue affects Templately: from n/a through 3.2.7. | |||||
| CVE-2025-53992 | 2025-08-20 | N/A | 6.5 MEDIUM | ||
| Insertion of Sensitive Information Into Sent Data vulnerability in Crocoblock JetTricks allows Retrieve Embedded Sensitive Data. This issue affects JetTricks: from n/a through 1.5.4.1. | |||||
| CVE-2025-55715 | 2025-08-20 | N/A | 7.5 HIGH | ||
| Insertion of Sensitive Information Into Sent Data vulnerability in Themeisle Otter - Gutenberg Block allows Retrieve Embedded Sensitive Data. This issue affects Otter - Gutenberg Block: from n/a through 3.1.0. | |||||
| CVE-2025-53998 | 2025-08-20 | N/A | 6.5 MEDIUM | ||
| Insertion of Sensitive Information Into Sent Data vulnerability in Crocoblock JetWooBuilder allows Retrieve Embedded Sensitive Data. This issue affects JetWooBuilder: from n/a through 2.1.20. | |||||