Total
121 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2025-5334 | 1 Devolutions | 1 Remote Desktop Manager | 2025-07-02 | 7.5 High |
Exposure of private personal information to an unauthorized actor in the user vaults component of Devolutions Remote Desktop Manager allows an authenticated user to gain unauthorized access to private personal information. Under specific circumstances, entries may be unintentionally moved from user vaults to shared vaults when edited by their owners, making them accessible to other users. This issue affects the following versions : * Remote Desktop Manager Windows 2025.1.34.0 and earlier * Remote Desktop Manager macOS 2025.1.16.3 and earlier * Remote Desktop Manager Android 2025.1.3.3 and earlier * Remote Desktop Manager iOS 2025.1.6.0 and earlier | ||||
CVE-2023-36052 | 1 Microsoft | 1 Azure Command-line Interface | 2025-07-02 | 8.6 High |
Azure CLI REST Command Information Disclosure Vulnerability | ||||
CVE-2024-23211 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2025-06-20 | 3.3 Low |
A privacy issue was addressed with improved handling of user preferences. This issue is fixed in watchOS 10.3, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, iOS 16.7.5 and iPadOS 16.7.5, Safari 17.3. A user's private browsing activity may be visible in Settings. | ||||
CVE-2023-42830 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2025-06-16 | 3.3 Low |
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4. An app may be able to read sensitive location information. | ||||
CVE-2021-22876 | 9 Broadcom, Debian, Fedoraproject and 6 more | 15 Fabric Operating System, Debian Linux, Fedora and 12 more | 2025-06-09 | 5.3 Medium |
curl 7.1.1 to and including 7.75.0 is vulnerable to an "Exposure of Private Personal Information to an Unauthorized Actor" by leaking credentials in the HTTP Referer: header. libcurl does not strip off user credentials from the URL when automatically populating the Referer: HTTP request header field in outgoing HTTP requests, and therefore risks leaking sensitive data to the server that is the target of the second HTTP request. | ||||
CVE-2024-11396 | 1 Awplife | 1 Event Monster | 2025-06-05 | 5.3 Medium |
The Event Monster – Event Management, Tickets Booking, Upcoming Event plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.4.3 via the Visitors List Export file. During the export, a CSV file is created in the wp-content folder with a hardcoded filename that is publicly accessible. This makes it possible for unauthenticated attackers to extract data about event visitors, that includes first and last names, email, and phone number. | ||||
CVE-2024-23301 | 4 Fedoraproject, Redhat, Relax-and-recover and 1 more | 4 Fedora, Enterprise Linux, Relax-and-recover and 1 more | 2025-06-04 | 5.5 Medium |
Relax-and-Recover (aka ReaR) through 2.7 creates a world-readable initrd when using GRUB_RESCUE=y. This allows local attackers to gain access to system secrets otherwise only readable by root. | ||||
CVE-2025-0679 | 1 Gitlab | 1 Gitlab | 2025-05-29 | 4.3 Medium |
An issue has been discovered in GitLab CE/EE affecting all versions from 17.1 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. Under certain conditions un-authorised users can view full email addresses that should be partially obscured. | ||||
CVE-2024-13228 | 1 Themeum | 1 Qubely | 2025-05-26 | 4.3 Medium |
The Qubely – Advanced Gutenberg Blocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.8.13 via the 'qubely_get_content'. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, scheduled, password-protected, draft, and trashed post data. | ||||
CVE-2022-2720 | 1 Octopus | 1 Octopus Server | 2025-05-16 | 5.3 Medium |
In affected versions of Octopus Server it was identified that when a sensitive value is a substring of another value, sensitive value masking will only partially work. | ||||
CVE-2024-38103 | 1 Microsoft | 1 Edge | 2025-05-05 | 5.9 Medium |
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability | ||||
CVE-2024-26192 | 1 Microsoft | 1 Edge Chromium | 2025-05-03 | 8.2 High |
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability | ||||
CVE-2024-29986 | 2 Google, Microsoft | 2 Android, Edge Chromium | 2025-05-03 | 5.4 Medium |
Microsoft Edge for Android (Chromium-based) Information Disclosure Vulnerability | ||||
CVE-2024-29987 | 1 Microsoft | 1 Edge Chromium | 2025-05-03 | 6.5 Medium |
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability | ||||
CVE-2024-30056 | 1 Microsoft | 1 Edge Chromium | 2025-05-03 | 7.1 High |
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability | ||||
CVE-2023-45721 | 2025-05-02 | 5.3 Medium | ||
Insufficient default configuration in HCL Leap allows anonymous access to directory information. | ||||
CVE-2024-30321 | 1 Siemens | 3 Simatic Pcs 7, Simatic Wincc, Simatic Wincc Runtime Professional | 2025-05-01 | 5.9 Medium |
A vulnerability has been identified in SIMATIC PCS 7 V9.1 (All versions < V9.1 SP2 UC05), SIMATIC WinCC Runtime Professional V18 (All versions < V18 Update 5), SIMATIC WinCC Runtime Professional V19 (All versions < V19 Update 2), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Update 23), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 17), SIMATIC WinCC V8.0 (All versions < V8.0 Update 5). The affected products do not properly handle certain requests to their web application, which may lead to the leak of privileged information. This could allow an unauthenticated remote attacker to retrieve information such as users and passwords. | ||||
CVE-2023-36018 | 1 Microsoft | 1 Jupyter | 2025-04-29 | 7.8 High |
Visual Studio Code Jupyter Extension Spoofing Vulnerability | ||||
CVE-2023-45720 | 2025-04-29 | 5.3 Medium | ||
Insufficient default configuration in HCL Leap allows anonymous access to directory information. | ||||
CVE-2022-23634 | 5 Debian, Fedoraproject, Puma and 2 more | 5 Debian Linux, Fedora, Puma and 2 more | 2025-04-23 | 8 High |
Puma is a Ruby/Rack web server built for parallelism. Prior to `puma` version `5.6.2`, `puma` may not always call `close` on the response body. Rails, prior to version `7.0.2.2`, depended on the response body being closed in order for its `CurrentAttributes` implementation to work correctly. The combination of these two behaviors (Puma not closing the body + Rails' Executor implementation) causes information leakage. This problem is fixed in Puma versions 5.6.2 and 4.3.11. This problem is fixed in Rails versions 7.02.2, 6.1.4.6, 6.0.4.6, and 5.2.6.2. Upgrading to a patched Rails _or_ Puma version fixes the vulnerability. |