Total
9299 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-21320 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2025-04-30 | 6.5 Medium |
| Windows Themes Spoofing Vulnerability | ||||
| CVE-2023-36043 | 1 Microsoft | 1 System Center Operations Manager | 2025-04-29 | 6.5 Medium |
| Open Management Infrastructure Information Disclosure Vulnerability | ||||
| CVE-2025-46552 | 2025-04-29 | N/A | ||
| KHC-INVITATION-AUTOMATION is a GitHub automation script that automatically invites followers of a bot account to join your organization. In some commits on version 1.2, a vulnerability was identified where user data, including email addresses and Discord usernames, were exposed in API responses without proper access controls. This allowed unauthorized users to access sensitive user information by directly calling specific endpoints. This issue has been patched in a later commit on version 1.2. | ||||
| CVE-2025-29805 | 2025-04-29 | 7.5 High | ||
| Exposure of sensitive information to an unauthorized actor in Outlook for Android allows an unauthorized attacker to disclose information over a network. | ||||
| CVE-2025-27736 | 2025-04-29 | 5.5 Medium | ||
| Exposure of sensitive information to an unauthorized actor in Windows Power Dependency Coordinator allows an authorized attacker to disclose information locally. | ||||
| CVE-2025-26667 | 2025-04-29 | 6.5 Medium | ||
| Exposure of sensitive information to an unauthorized actor in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. | ||||
| CVE-2025-24270 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2025-04-29 | 5.5 Medium |
| This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.4, tvOS 18.4, macOS Ventura 13.7.5, iPadOS 17.7.6, macOS Sonoma 14.7.5, iOS 18.4 and iPadOS 18.4, visionOS 2.4. An attacker on the local network may be able to leak sensitive user information. | ||||
| CVE-2022-28764 | 1 Zoom | 3 Meetings, Rooms, Vdi Windows Meeting Clients | 2025-04-29 | 3.3 Low |
| The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.12.6 is susceptible to a local information exposure vulnerability. A failure to clear data from a local SQL database after a meeting ends and the usage of an insufficiently secure per-device key encrypting that database results in a local malicious user being able to obtain meeting information such as in-meeting chat for the previous meeting attended from that local user account. | ||||
| CVE-2025-3059 | 2025-04-29 | 5.3 Medium | ||
| Vulnerability in Drupal Profile Private.This issue affects Profile Private: *.*. | ||||
| CVE-2025-32986 | 2025-04-29 | 7.5 High | ||
| NETSCOUT nGeniusONE before 6.4.0 b2350 has a Sensitive File Accessible Without Proper Authentication to an endpoint. | ||||
| CVE-2025-3628 | 2025-04-29 | 4.3 Medium | ||
| A flaw has was found in Moodle where anonymous assignment submissions can be de-anonymized via search, revealing student identities. | ||||
| CVE-2025-32983 | 2025-04-29 | 7.5 High | ||
| NETSCOUT nGeniusONE before 6.4.0 b2350 allows Technical Information Disclosure via a Stack Trace. | ||||
| CVE-2025-3923 | 2025-04-29 | 5.3 Medium | ||
| The Prevent Direct Access – Protect WordPress Files plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.8.8 via the 'generate_unique_string' due to insufficient randomness of the generated file name. This makes it possible for unauthenticated attackers to extract sensitive data including files protected by the plugin if the attacker can determine the file name. | ||||
| CVE-2025-32044 | 2025-04-29 | 7.5 High | ||
| A flaw has been identified in Moodle where, on certain sites, unauthenticated users could retrieve sensitive user data—including names, contact information, and hashed passwords—via stack traces returned by specific API calls. Sites with PHP configured with zend.exception_ignore_args = 1 in the php.ini file are not affected by this vulnerability. | ||||
| CVE-2025-3978 | 2025-04-29 | 4.3 Medium | ||
| A vulnerability was found in dazhouda lecms 3.0.3. It has been rated as problematic. Affected by this issue is some unknown functionality of the file admin/view/default/user_set.htm. The manipulation leads to information disclosure. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-3975 | 2025-04-29 | 5.3 Medium | ||
| A vulnerability was found in ScriptAndTools eCommerce-website-in-PHP 3.0 and classified as problematic. This issue affects some unknown processing of the file /admin/subscriber-csv.php. The manipulation leads to information disclosure. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-3966 | 2025-04-29 | 4.3 Medium | ||
| A vulnerability was found in itwanger paicoding 1.0.3 and classified as problematic. Affected by this issue is some unknown functionality of the file /user/home?userId=1&homeSelectType=read of the component Browsing History Handler. The manipulation leads to information disclosure. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-33865 | 2 Linqi, Microsoft | 2 Linqi, Windows | 2025-04-28 | 7.5 High |
| An issue was discovered in linqi before 1.4.0.1 on Windows. There is an NTLM hash leak via the /api/Cdn/GetFile and /api/DocumentTemplate/{GUID] endpoints. | ||||
| CVE-2022-38113 | 1 Solarwinds | 1 Security Event Manager | 2025-04-25 | 5.3 Medium |
| This vulnerability discloses build and services versions in the server response header. | ||||
| CVE-2022-34329 | 1 Ibm | 1 Cics Tx | 2025-04-25 | 5.3 Medium |
| IBM CICS TX 11.7 could allow an attacker to obtain sensitive information from HTTP response headers. IBM X-Force ID: 229467. | ||||