Total
9489 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2022-34312 | 1 Ibm | 1 Cics Tx | 2025-04-30 | 4 Medium |
IBM CICS TX 11.1 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 229447. | ||||
CVE-2024-26470 | 1 Fullstackhero | 1 .net 9 Starter Kit | 2025-04-30 | 8.1 High |
A host header injection vulnerability in the forgot password function of FullStackHero's WebAPI Boilerplate v1.0.0 and v1.0.1 allows attackers to leak the password reset token via a crafted request. | ||||
CVE-2025-24270 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2025-04-30 | 5.7 Medium |
This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.4, tvOS 18.4, macOS Ventura 13.7.5, iPadOS 17.7.6, macOS Sonoma 14.7.5, iOS 18.4 and iPadOS 18.4, visionOS 2.4. An attacker on the local network may be able to leak sensitive user information. | ||||
CVE-2022-42132 | 1 Liferay | 2 Digital Experience Platform, Liferay Portal | 2025-04-30 | 5.9 Medium |
The Test LDAP Users functionality in Liferay Portal 7.0.0 through 7.4.3.4, and Liferay DXP 7.0 fix pack 102 and earlier, 7.1 before fix pack 27, 7.2 before fix pack 17, 7.3 before update 4, and DXP 7.4 GA includes the LDAP credential in the page URL when paginating through the list of users, which allows man-in-the-middle attackers or attackers with access to the request logs to see the LDAP credential. | ||||
CVE-2022-34314 | 1 Ibm | 1 Cics Tx | 2025-04-30 | 4 Medium |
IBM CICS TX 11.1 could disclose sensitive information to a local user due to insecure permission settings. IBM X-Force ID: 229450. | ||||
CVE-2024-11299 | 1 Caseproof | 1 Memberpress | 2025-04-30 | 5.3 Medium |
The Memberpress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.11.37 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as administrator. | ||||
CVE-2022-44746 | 1 Acronis | 1 Cyber Protect Home Office | 2025-04-30 | 5.5 Medium |
Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40107. | ||||
CVE-2022-34313 | 1 Ibm | 1 Cics Tx | 2025-04-30 | 4.3 Medium |
IBM CICS TX 11.1 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. X-Force ID: 229449. | ||||
CVE-2023-36043 | 1 Microsoft | 1 System Center Operations Manager | 2025-04-29 | 6.5 Medium |
Open Management Infrastructure Information Disclosure Vulnerability | ||||
CVE-2022-28764 | 1 Zoom | 3 Meetings, Rooms, Vdi Windows Meeting Clients | 2025-04-29 | 3.3 Low |
The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.12.6 is susceptible to a local information exposure vulnerability. A failure to clear data from a local SQL database after a meeting ends and the usage of an insufficiently secure per-device key encrypting that database results in a local malicious user being able to obtain meeting information such as in-meeting chat for the previous meeting attended from that local user account. | ||||
CVE-2025-3059 | 2025-04-29 | 5.3 Medium | ||
Vulnerability in Drupal Profile Private.This issue affects Profile Private: *.*. | ||||
CVE-2025-3923 | 2025-04-29 | 5.3 Medium | ||
The Prevent Direct Access – Protect WordPress Files plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.8.8 via the 'generate_unique_string' due to insufficient randomness of the generated file name. This makes it possible for unauthenticated attackers to extract sensitive data including files protected by the plugin if the attacker can determine the file name. | ||||
CVE-2024-33865 | 2 Linqi, Microsoft | 2 Linqi, Windows | 2025-04-28 | 7.5 High |
An issue was discovered in linqi before 1.4.0.1 on Windows. There is an NTLM hash leak via the /api/Cdn/GetFile and /api/DocumentTemplate/{GUID] endpoints. | ||||
CVE-2022-38113 | 1 Solarwinds | 1 Security Event Manager | 2025-04-25 | 5.3 Medium |
This vulnerability discloses build and services versions in the server response header. | ||||
CVE-2022-34329 | 1 Ibm | 1 Cics Tx | 2025-04-25 | 5.3 Medium |
IBM CICS TX 11.7 could allow an attacker to obtain sensitive information from HTTP response headers. IBM X-Force ID: 229467. | ||||
CVE-2024-21501 | 3 Apostrophecms, Fedoraproject, Redhat | 5 Sanitize-html, Fedora, Acm and 2 more | 2025-04-25 | 5.3 Medium |
Versions of the package sanitize-html before 2.12.1 are vulnerable to Information Exposure when used on the backend and with the style attribute allowed, allowing enumeration of files in the system (including project dependencies). An attacker could exploit this vulnerability to gather details about the file system structure and dependencies of the targeted server. | ||||
CVE-2022-26885 | 1 Apache | 1 Dolphinscheduler | 2025-04-25 | 7.5 High |
When using tasks to read config files, there is a risk of database password disclosure. We recommend you upgrade to version 2.0.6 or higher. | ||||
CVE-2024-25120 | 1 Typo3 | 1 Typo3 | 2025-04-24 | 4.3 Medium |
TYPO3 is an open source PHP based web content management system released under the GNU GPL. The TYPO3-specific `t3://` URI scheme could be used to access resources outside of the users' permission scope. This encompassed files, folders, pages, and records (although only if a valid link-handling configuration was provided). Exploiting this vulnerability requires a valid backend user account. Users are advised to update to TYPO3 versions 8.7.57 ELTS, 9.5.46 ELTS, 10.4.43 ELTS, 11.5.35 LTS, 12.4.11 LTS, 13.0.1 that fix the problem described. There are no known workarounds for this issue. | ||||
CVE-2022-28607 | 1 Isic.lk Project | 1 Isic.lk | 2025-04-24 | 7.5 High |
An issue was discovered in asith-eranga ISIC tour booking through version published on Feb 13th 2018, allows attackers to gain sensitive information via the action parameter to /system/user/modules/mod_users/controller.php. | ||||
CVE-2022-42766 | 2 Google, Unisoc | 14 Android, S8011, Sc7731e and 11 more | 2025-04-23 | 6.6 Medium |
In wlan driver, there is a possible missing permission check, This could lead to local information disclosure. |