Total
112 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-29203 | 1 Xwiki | 1 Xwiki | 2025-02-06 | 3.7 Low |
| XWiki Commons are technical libraries common to several other top level XWiki projects. It's possible to list some users who are normally not viewable from subwiki by requesting users on a subwiki which allows only global users with `uorgsuggest.vm`. This issue only concerns hidden users from main wiki. Note that the disclosed information are the username and the first and last name of users, no other information is leaked. The problem has been patched on XWiki 13.10.8, 14.4.3 and 14.7RC1. | ||||
| CVE-2023-48680 | 3 Acronis, Apple, Microsoft | 3 Cyber Protect, Macos, Windows | 2025-02-06 | 5.5 Medium |
| Sensitive information disclosure due to excessive collection of system information. The following products are affected: Acronis Cyber Protect 16 (macOS, Windows) before build 37391. | ||||
| CVE-2024-11712 | 1 Wpjobportal | 1 Wp Job Portal | 2025-02-05 | 5.3 Medium |
| The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the getResumeFileDownloadById() function in all versions up to, and including, 2.2.2. This makes it possible for unauthenticated attackers to download other users resumes. | ||||
| CVE-2023-2239 | 1 Microweber | 1 Microweber | 2025-02-04 | 6.5 Medium |
| Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository microweber/microweber prior to 1.3.4. | ||||
| CVE-2024-13215 | 1 Webtechstreet | 1 Elementor Addon Elements | 2025-01-23 | 4.3 Medium |
| The Elementor Addon Elements plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.13.10 via the 'render' function in modules/modal-popup/widgets/modal-popup.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, scheduled, and draft template data. | ||||
| CVE-2023-44255 | 1 Fortinet | 3 Fortianalyzer, Fortianalyzer Big Data, Fortimanager | 2025-01-21 | 3.9 Low |
| An exposure of sensitive information to an unauthorized actor [CWE-200] in Fortinet FortiManager before 7.4.2, FortiAnalyzer before 7.4.2 and FortiAnalyzer-BigData before 7.2.5 may allow a privileged attacker with administrative read permissions to read event logs of another adom via crafted HTTP or HTTPs requests. | ||||
| CVE-2023-2703 | 1 Finexmedia | 1 Competition Management System | 2025-01-17 | 7.5 High |
| Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Finex Media Competition Management System allows Retrieve Embedded Sensitive Data, Collect Data as Provided by Users.This issue affects Competition Management System: before 23.07. | ||||
| CVE-2023-28303 | 1 Microsoft | 2 Snip \& Sketch, Snipping Tool | 2025-01-01 | 3.3 Low |
| Windows Snipping Tool Information Disclosure Vulnerability | ||||
| CVE-2024-49765 | 2024-12-20 | 5.3 Medium | ||
| Discourse is an open source platform for community discussion. Sites that are using discourse connect but still have local logins enabled could allow attackers to bypass discourse connect to create accounts and login. This problem is patched in the latest version of Discourse. Users unable to upgrade who are using discourse connect may disable all other login methods as a workaround. | ||||
| CVE-2024-42494 | 1 Ruijienetworks | 1 Reyee Os | 2024-12-10 | 6.5 Medium |
| Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x contains a a feature that could enable sub accounts or attackers to view and exfiltrate sensitive information from all cloud accounts registered to Ruijie's services | ||||
| CVE-2023-35151 | 1 Xwiki | 1 Xwiki | 2024-11-27 | 7.5 High |
| XWiki Platform is a generic wiki platform. Starting in version 7.3-milestone-1 and prior to versions 14.4.8, 14.10.6, and 15.1, ny user can call a REST endpoint and obtain the obfuscated passwords, even when the mail obfuscation is activated. The issue has been patched in XWiki 14.4.8, 14.10.6, and 15.1. There is no known workaround. | ||||
| CVE-2024-37533 | 1 Ibm | 1 Infosphere Information Server | 2024-11-21 | 2.4 Low |
| IBM InfoSphere Information Server 11.7 could disclose sensitive user information to another user with physical access to the machine. IBM X-Force ID: 294727. | ||||
| CVE-2024-36682 | 2024-11-21 | 7.5 High | ||
| In the module "Theme settings" (pk_themesettings) <= 1.8.8 from Promokit.eu for PrestaShop, a guest can download all email collected while SHOP is in maintenance mode. Due to a lack of permissions control, a guest can access the txt file which collect email when maintenance is enable which can lead to leak of personal information. | ||||
| CVE-2024-36677 | 2024-11-21 | 7.5 High | ||
| In the module "Login as customer PRO" (loginascustomerpro) <1.2.7 from Weblir for PrestaShop, a guest can access direct link to connect to each customer account of the Shop if the module is not installed OR if a secret accessible to administrator is stolen. | ||||
| CVE-2024-33271 | 1 Prestashop | 1 Fme | 2024-11-21 | 7.5 High |
| An issue in FME Modules eventsmanager before 4.4.0 allows an attacker to obtain sensitive information from the ps_customer component. | ||||
| CVE-2024-29888 | 2024-11-21 | 4.2 Medium | ||
| Saleor is an e-commerce platform that serves high-volume companies. When using `Pickup: Local stock only` click-and-collect as a delivery method in specific conditions the customer could overwrite the warehouse address with its own, which exposes its address as click-and-collect address. This issue has been patched in versions: `3.14.61`, `3.15.37`, `3.16.34`, `3.17.32`, `3.18.28`, `3.19.15`. | ||||
| CVE-2024-28387 | 2024-11-21 | 7.5 High | ||
| An issue in axonaut v.3.1.23 and before allows a remote attacker to obtain sensitive information via the log.txt component. | ||||
| CVE-2023-5983 | 1 Botanikyazilim | 1 Pharmacy Automation | 2024-11-21 | 7.5 High |
| Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Botanik Software Pharmacy Automation allows Retrieve Embedded Sensitive Data.This issue affects Pharmacy Automation: before 2.1.133.0. | ||||
| CVE-2023-50719 | 1 Xwiki | 1 Xwiki | 2024-11-21 | 7.5 High |
| XWiki Platform is a generic wiki platform. Starting in 7.2-milestone-2 and prior to versions 14.10.15, 15.5.2, and 15.7-rc-1, the Solr-based search in XWiki discloses the password hashes of all users to anyone with view right on the respective user profiles. By default, all user profiles are public. This vulnerability also affects any configurations used by extensions that contain passwords like API keys that are viewable for the attacker. Normally, such passwords aren't accessible but this vulnerability would disclose them as plain text. This has been patched in XWiki 14.10.15, 15.5.2 and 15.7RC1. There are no known workarounds for this vulnerability. | ||||
| CVE-2023-50053 | 2024-11-21 | 7.6 High | ||
| An issue in Foundation.app Foundation platform 1.0 allows a remote attacker to obtain sensitive information via the Web3 authentication process of Foundation, the signed message lacks a nonce (random number) | ||||