Total
9790 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-23563 | 2025-02-12 | 3.9 Low | ||
| HCL Connections Docs is vulnerable to a sensitive information disclosure which could allow a user to obtain sensitive information they are not entitled to, caused by improper handling of request data. | ||||
| CVE-2024-5813 | 1 Beyondtrust | 1 Beyondinsight Password Safe | 2025-02-11 | 5.9 Medium |
| A medium severity vulnerability in BIPS has been identified where an authenticated attacker with high privileges can access the SSH private keys via an information leak in the server response. | ||||
| CVE-2023-28732 | 1 Acymailing | 1 Acymailing | 2025-02-11 | 6.5 Medium |
| Missing access control in AnyMailing Joomla Plugin allows to list and access files containing sensitive information from the plugin itself and access to system files via path traversal, when being granted access to the campaign's creation on front-office. This issue affects AnyMailing Joomla Plugin in versions below 8.3.0. | ||||
| CVE-2024-38761 | 2 Dylanjames, Zephyr-one | 2 Zephyr Project Manager, Zephyr Project Manager | 2025-02-11 | 7.5 High |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Dylan James Zephyr Project Manager.This issue affects Zephyr Project Manager: from n/a through 3.3.99. | ||||
| CVE-2019-25210 | 2 Helm, Redhat | 3 Helm, Advanced Cluster Security, Openshift | 2025-02-11 | 6.5 Medium |
| An issue was discovered in Cloud Native Computing Foundation (CNCF) Helm through 3.13.3. It displays values of secrets when the --dry-run flag is used. This is a security concern in some use cases, such as a --dry-run call by a CI/CD tool. NOTE: the vendor's position is that this behavior was introduced intentionally, and cannot be removed without breaking backwards compatibility (some users may be relying on these values). Also, it is not the Helm Project's responsibility if a user decides to use --dry-run within a CI/CD environment whose output is visible to unauthorized persons. | ||||
| CVE-2023-1710 | 1 Gitlab | 1 Gitlab | 2025-02-10 | 5.3 Medium |
| A sensitive information disclosure vulnerability in GitLab affecting all versions from 15.0 prior to 15.8.5, 15.9 prior to 15.9.4 and 15.10 prior to 15.10.1 allows an attacker to view the count of internal notes for a given issue. | ||||
| CVE-2023-0838 | 1 Gitlab | 1 Gitlab | 2025-02-10 | 5.5 Medium |
| An issue has been discovered in GitLab affecting versions starting from 15.1 before 15.8.5, 15.9 before 15.9.4, and 15.10 before 15.10.1. A maintainer could modify a webhook URL to leak masked webhook secrets by adding a new parameter to the url. This addresses an incomplete fix for CVE-2022-4342. | ||||
| CVE-2022-2939 | 1 Cerber | 1 Wp Cerber Security\, Anti-spam \& Malware Scan | 2025-02-07 | 5.3 Medium |
| The WP Cerber Security plugin for WordPress is vulnerable to security protection bypass in versions up to, and including 9.0, that makes user enumeration possible. This is due to improper validation on the value supplied through the 'author' parameter found in the ~/cerber-load.php file. In vulnerable versions, the plugin only blocks requests if the value supplied is numeric, making it possible for attackers to supply additional non-numeric characters to bypass the protection. The non-numeric characters are stripped and the user requested is displayed. This can be used by unauthenticated attackers to gather information about users that can targeted in further attacks. | ||||
| CVE-2023-30513 | 1 Jenkins | 1 Kubernetes | 2025-02-07 | 7.5 High |
| Jenkins Kubernetes Plugin 3909.v1f2c633e8590 and earlier does not properly mask (i.e., replace with asterisks) credentials in the build log when push mode for durable task logging is enabled. | ||||
| CVE-2013-10024 | 1 Exit Strategy Project | 1 Exit Strategy | 2025-02-07 | 3.5 Low |
| A vulnerability has been found in Exit Strategy Plugin 1.55 on WordPress and classified as problematic. Affected by this vulnerability is an unknown functionality of the file exitpage.php. The manipulation leads to information disclosure. The attack can be launched remotely. Upgrading to version 1.59 is able to address this issue. The identifier of the patch is d964b8e961b2634158719f3328f16eda16ce93ac. It is recommended to upgrade the affected component. The identifier VDB-225265 was assigned to this vulnerability. | ||||
| CVE-2023-20866 | 1 Vmware | 1 Spring Session | 2025-02-07 | 6.5 Medium |
| In Spring Session version 3.0.0, the session id can be logged to the standard output stream. This vulnerability exposes sensitive information to those who have access to the application logs and can be used for session hijacking. Specifically, an application is vulnerable if it is using HeaderHttpSessionIdResolver. | ||||
| CVE-2023-29111 | 1 Sap | 1 Application Interface Framework | 2025-02-07 | 3.1 Low |
| The SAP AIF (ODATA service) - versions 755, 756, discloses more detailed information than is required. An authorized attacker can use the collected information possibly to exploit the component. As a result, an attacker can cause a low impact on the confidentiality of the application. | ||||
| CVE-2023-28765 | 1 Sap | 1 Businessobjects Business Intelligence | 2025-02-07 | 9.8 Critical |
| An attacker with basic privileges in SAP BusinessObjects Business Intelligence Platform (Promotion Management) - versions 420, 430, can get access to lcmbiar file and further decrypt the file. After this attacker can gain access to BI user’s passwords and depending on the privileges of the BI user, the attacker can perform operations that can completely compromise the application. | ||||
| CVE-2024-46979 | 1 Xwiki | 2 Xwiki, Xwiki-platform | 2025-02-07 | 5.3 Medium |
| XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to get access to notification filters of any user by using a URL such as `<hostname>xwiki/bin/get/XWiki/Notifications/Code/NotificationFilterPreferenceLivetableResults?outputSyntax=plain&type=custom&user=<username>`. This vulnerability impacts all versions of XWiki since 13.2-rc-1. The filters do not provide much information (they mainly contain references which are public data in XWiki), though some info could be used in combination with other vulnerabilities. This vulnerability has been patched in XWiki 14.10.21, 15.5.5, 15.10.1, 16.0RC1. The patch consists in checking the rights of the user when sending the data. Users are advised to upgrade. It's possible to workaround the vulnerability by applying manually the patch: it's possible for an administrator to edit directly the document `XWiki.Notifications.Code.NotificationFilterPreferenceLivetableResults` to apply the same changes as in the patch. See commit c8c6545f9bde6f5aade994aa5b5903a67b5c2582. | ||||
| CVE-2024-1591 | 1 Beyondtrust | 1 Privilege Management For Windows | 2025-02-07 | 3.3 Low |
| Prior to version 24.1, a local authenticated attacker can view Sysvol when Privilege Management for Windows is configured to use a GPO policy. This allows them to view the policy and potentially find configuration issues. | ||||
| CVE-2024-32100 | 1 Sandhillsdev | 1 Easy Digital Downloads | 2025-02-07 | 5.3 Medium |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Easy Digital Downloads.This issue affects Easy Digital Downloads: from n/a through 3.2.11. | ||||
| CVE-2022-34125 | 1 Glpi-project | 1 Cmdb | 2025-02-06 | 6.5 Medium |
| front/icon.send.php in the CMDB plugin before 3.0.3 for GLPI allows attackers to gain read access to sensitive information via a _log/ pathname in the file parameter. | ||||
| CVE-2024-27947 | 1 Siemens | 1 Ruggedcom Crossbow | 2025-02-06 | 5.3 Medium |
| A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). The affected systems could allow log messages to be forwarded to a specific client under certain circumstances. An attacker could leverage this vulnerability to forward log messages to a specific compromised client. | ||||
| CVE-2024-4173 | 1 Broadcom | 1 Brocade Sannav | 2025-02-06 | 7.6 High |
| A vulnerability in Brocade SANnav exposes Kafka in the wan interface. The vulnerability could allow an unauthenticated attacker to perform various attacks, including DOS against the Brocade SANnav. | ||||
| CVE-2024-4159 | 1 Broadcom | 1 Brocade Sannav | 2025-02-06 | 4.3 Medium |
| Brocade SANnav before v2.3.0a lacks protection mechanisms on port 2377/TCP and 7946/TCP, which could allow an unauthenticated attacker to sniff the SANnav Docker information. | ||||