Total
174 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-49408 | 2 Templately, Wordpress | 2 Templately, Wordpress | 2025-08-21 | 4.9 Medium |
| Insertion of Sensitive Information Into Sent Data vulnerability in WPDeveloper Templately allows Retrieve Embedded Sensitive Data. This issue affects Templately: from n/a through 3.2.7. | ||||
| CVE-2025-54008 | 1 Wordpress | 1 Wordpress | 2025-08-21 | 6.5 Medium |
| Insertion of Sensitive Information Into Sent Data vulnerability in Crocoblock JetSmartFilters allows Retrieve Embedded Sensitive Data. This issue affects JetSmartFilters: from n/a through 3.6.7. | ||||
| CVE-2025-53983 | 2 Crocoblock, Wordpress | 2 Jetelements For Elementor, Wordpress | 2025-08-21 | 6.5 Medium |
| Insertion of Sensitive Information Into Sent Data vulnerability in Crocoblock JetElements For Elementor allows Retrieve Embedded Sensitive Data. This issue affects JetElements For Elementor: from n/a through 2.7.7. | ||||
| CVE-2025-53196 | 2 Crocoblock, Wordpress | 2 Jetengine, Wordpress | 2025-08-21 | 6.5 Medium |
| Insertion of Sensitive Information Into Sent Data vulnerability in Crocoblock JetEngine allows Retrieve Embedded Sensitive Data. This issue affects JetEngine: from n/a through 3.7.0. | ||||
| CVE-2025-53985 | 2 Crocoblock, Wordpress | 2 Jettabs, Wordpress | 2025-08-21 | 6.5 Medium |
| Insertion of Sensitive Information Into Sent Data vulnerability in Crocoblock JetTabs allows Retrieve Embedded Sensitive Data. This issue affects JetTabs: from n/a through 2.2.9. | ||||
| CVE-2025-53992 | 1 Wordpress | 1 Wordpress | 2025-08-21 | 6.5 Medium |
| Insertion of Sensitive Information Into Sent Data vulnerability in Crocoblock JetTricks allows Retrieve Embedded Sensitive Data. This issue affects JetTricks: from n/a through 1.5.4.1. | ||||
| CVE-2025-53993 | 1 Wordpress | 1 Wordpress | 2025-08-21 | 6.5 Medium |
| Insertion of Sensitive Information Into Sent Data vulnerability in Crocoblock JetPopup allows Retrieve Embedded Sensitive Data. This issue affects JetPopup: from n/a through 2.0.15. | ||||
| CVE-2025-7204 | 1 Connectwise | 2 Connectwise, Professional Service Automation | 2025-08-20 | 6.5 Medium |
| In ConnectWise PSA versions older than 2025.9, a vulnerability exists where authenticated users could gain access to sensitive user information. Specific API requests were found to return an overly verbose user object, which included encrypted password hashes for other users. Authenticated users could then retrieve these hashes. An attacker or privileged user could then use these exposed hashes to conduct offline brute-force or dictionary attacks. Such attacks could lead to credential compromise, allowing unauthorized access to accounts, and potentially privilege escalation within the system. | ||||
| CVE-2025-55715 | 2025-08-20 | 7.5 High | ||
| Insertion of Sensitive Information Into Sent Data vulnerability in Themeisle Otter - Gutenberg Block allows Retrieve Embedded Sensitive Data. This issue affects Otter - Gutenberg Block: from n/a through 3.1.0. | ||||
| CVE-2025-53998 | 2025-08-20 | 6.5 Medium | ||
| Insertion of Sensitive Information Into Sent Data vulnerability in Crocoblock JetWooBuilder allows Retrieve Embedded Sensitive Data. This issue affects JetWooBuilder: from n/a through 2.1.20. | ||||
| CVE-2025-53988 | 2025-08-20 | 6.5 Medium | ||
| Insertion of Sensitive Information Into Sent Data vulnerability in Crocoblock JetBlocks For Elementor allows Retrieve Embedded Sensitive Data. This issue affects JetBlocks For Elementor: from n/a through 1.3.18. | ||||
| CVE-2025-53987 | 2025-08-20 | 6.5 Medium | ||
| Insertion of Sensitive Information Into Sent Data vulnerability in Crocoblock JetMenu allows Retrieve Embedded Sensitive Data. This issue affects JetMenu: from n/a through 2.4.11.1. | ||||
| CVE-2025-55710 | 2 Taxopress, Wordpress | 2 Taxopress, Wordpress | 2025-08-16 | 4.3 Medium |
| Insertion of Sensitive Information Into Sent Data vulnerability in Steve Burge TaxoPress allows Retrieve Embedded Sensitive Data. This issue affects TaxoPress: from n/a through 3.37.2. | ||||
| CVE-2025-54685 | 1 Wordpress | 1 Wordpress | 2025-08-14 | 6.5 Medium |
| Insertion of Sensitive Information Into Sent Data vulnerability in Brainstorm Force SureDash allows Retrieve Embedded Sensitive Data. This issue affects SureDash: from n/a through 1.1.0. | ||||
| CVE-2023-38013 | 1 Ibm | 1 Cloud Pak System | 2025-08-13 | 5.3 Medium |
| IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, and 2.3.3.7 iFix1 could disclose sensitive information in HTTP responses that could aid in further attacks against the system. | ||||
| CVE-2025-47444 | 2 Liquidweb, Wordpress | 2 Givewp, Wordpress | 2025-08-12 | 7.5 High |
| Insertion of Sensitive Information Into Sent Data vulnerability in Liquid Web GiveWP allows Retrieve Embedded Sensitive Data.This issue affects GiveWP: from n/a before 4.6.1. | ||||
| CVE-2025-8862 | 1 Yugabyte | 1 Yugabytedb | 2025-08-12 | 3.1 Low |
| YugabyteDB has been collecting diagnostics information from YugabyteDB servers, which may include sensitive gflag configurations. To mitigate this, we recommend upgrading the database to a version where this information is properly redacted. | ||||
| CVE-2021-1425 | 1 Cisco | 10 Asyncos, Content Security Management Appliance Sma M190, Content Security Management Appliance Sma M195 and 7 more | 2025-08-11 | 4.3 Medium |
| A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Content Security Management Appliance (SMA) could allow an authenticated, remote attacker to access sensitive information on an affected device. The vulnerability exists because confidential information is being included in HTTP requests that are exchanged between the user and the device. An attacker could exploit this vulnerability by looking at the raw HTTP requests that are sent to the interface. A successful exploit could allow the attacker to obtain some of the passwords that are configured throughout the interface.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. | ||||
| CVE-2025-50059 | 1 Oracle | 6 Graalvm, Graalvm Enterprise Edition, Graalvm For Jdk and 3 more | 2025-08-04 | 8.6 High |
| Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 8u451-perf, 11.0.27, 17.0.15, 21.0.7, 24.0.1; Oracle GraalVM for JDK: 17.0.15, 21.0.7 and 24.0.1; Oracle GraalVM Enterprise Edition: 21.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. While the vulnerability is in Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 8.6 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N). | ||||
| CVE-2014-0160 | 13 Broadcom, Canonical, Debian and 10 more | 37 Symantec Messaging Gateway, Ubuntu Linux, Debian Linux and 34 more | 2025-07-30 | 7.5 High |
| The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug. | ||||