Total
196 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-23288 | 1 Nvidia | 1 Gpu Display Driver | 2025-08-04 | 3.3 Low |
| NVIDIA GPU Display Driver for Windows contains a vulnerability where an attacker may cause an exposure of sensitive system information with local unprivileged system access. A successful exploit of this vulnerability may lead to Information disclosure. | ||||
| CVE-2021-1234 | 1 Cisco | 1 Catalyst Sd-wan Manager | 2025-08-04 | 5.3 Medium |
| A vulnerability in the cluster management interface of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to view sensitive information on an affected system. To be affected by this vulnerability, the vManage software must be in cluster mode. This vulnerability is due to the absence of authentication for sensitive information in the cluster management interface. An attacker could exploit this vulnerability by sending a crafted request to the cluster management interface of an affected system. A successful exploit could allow the attacker to view sensitive information on the affected system.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. | ||||
| CVE-2021-31955 | 1 Microsoft | 11 Windows 10 1809, Windows 10 1909, Windows 10 2004 and 8 more | 2025-07-30 | 5.5 Medium |
| Windows Kernel Information Disclosure Vulnerability | ||||
| CVE-2024-8550 | 1 Modelscope | 1 Agentscope | 2025-07-30 | N/A |
| A Local File Inclusion (LFI) vulnerability exists in the /load-workflow endpoint of modelscope/agentscope version v0.0.4. This vulnerability allows an attacker to read arbitrary files from the server, including sensitive files such as API keys, by manipulating the filename parameter. The issue arises due to improper sanitization of user input passed to the os.path.join function, which can be exploited to access files outside the intended directory. | ||||
| CVE-2022-50237 | 2025-07-29 | 5.9 Medium | ||
| The ed25519-dalek crate before 2 for Rust allows a double public key signing function oracle attack. The Keypair implementation leads to a simple computation for extracting a private key. | ||||
| CVE-2025-46421 | 1 Redhat | 5 Enterprise Linux, Rhel Aus, Rhel E4s and 2 more | 2025-07-29 | 6.8 Medium |
| A flaw was found in libsoup. When libsoup clients encounter an HTTP redirect, they mistakenly send the HTTP Authorization header to the new host that the redirection points to. This allows the new host to impersonate the user to the original host that issued the redirect. | ||||
| CVE-2024-51770 | 1 Hpe | 1 Autopass License Server | 2025-07-25 | 7.5 High |
| An information disclosure vulnerability exists in HPE AutoPass License Server (APLS) prior to 9.17. | ||||
| CVE-2025-53031 | 1 Oracle | 1 Financial Services Analytical Applications Infrastructure | 2025-07-24 | 5.3 Medium |
| Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Platform). Supported versions that are affected are 8.0.7.8, 8.0.8.5, 8.0.8.6, 8.1.1.4 and 8.1.2.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Financial Services Analytical Applications Infrastructure accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N). | ||||
| CVE-2024-52367 | 1 Ibm | 1 Concert | 2025-07-18 | 5.3 Medium |
| IBM Concert Software 1.0.0, 1.0.1, 1.0.2, 1.0.2.1, and 1.0.3 could disclose sensitive system information to an unauthorized actor that could be used in further attacks against the system. | ||||
| CVE-2024-37070 | 2 Ibm, Linux | 2 Concert, Linux Kernel | 2025-07-18 | 4.3 Medium |
| IBM Concert Software 1.0.0, 1.0.1, 1.0.2, and 1.0.2.1 could allow an authenticated user to obtain sensitive information that could aid in further attacks against the system. | ||||
| CVE-2024-45640 | 2 Ibm, Linux | 2 Security Qradar Edr, Linux Kernel | 2025-07-15 | 5.3 Medium |
| IBM Security ReaQta 3.12 returns sensitive information in an HTTP response that could be used in further attacks against the system. | ||||
| CVE-2025-53364 | 1 Parse Community | 1 Parse Server | 2025-07-15 | 5.3 Medium |
| Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Starting in 5.3.0 and before 7.5.3 and 8.2.2, the Parse Server GraphQL API previously allowed public access to the GraphQL schema without requiring a session token or the master key. While schema introspection reveals only metadata and not actual data, this metadata can still expand the potential attack surface. This vulnerability is fixed in 7.5.3 and 8.2.2. | ||||
| CVE-2025-7381 | 1 Mautic | 1 Mautic | 2025-07-13 | 5.3 Medium |
| ImpactThis is an information disclosure vulnerability originating from PHP's base image. This vulnerability exposes the PHP version through an X-Powered-By header, which attackers could exploit to fingerprint the server and identify potential weaknesses. WorkaroundsThe mitigation requires changing the expose_php variable from "On" to "Off" in the file located at /usr/local/etc/php/php.ini. | ||||
| CVE-2025-53211 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 5.3 Medium |
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Roland Beaussant Audio Editor & Recorder allows Retrieve Embedded Sensitive Data. This issue affects Audio Editor & Recorder: from n/a through 2.2.3. | ||||
| CVE-2025-23969 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 5.3 Medium |
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in whassan KI Live Video Conferences allows Retrieve Embedded Sensitive Data. This issue affects KI Live Video Conferences: from n/a through 5.5.15. | ||||
| CVE-2025-31062 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 4.3 Medium |
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in redqteam Wishlist allows Retrieve Embedded Sensitive Data. This issue affects Wishlist: from n/a through 2.1.0. | ||||
| CVE-2025-26911 | 2 Bowo, Wordpress | 2 System Dashboard, Wordpress | 2025-07-13 | 4.3 Medium |
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Bowo System Dashboard allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects System Dashboard: from n/a through 2.8.18. | ||||
| CVE-2025-39439 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 5.3 Medium |
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Markus Drubba wpLike2Get allows Retrieve Embedded Sensitive Data. This issue affects wpLike2Get: from n/a through 1.2.9. | ||||
| CVE-2024-10940 | 1 Langchain-ai | 1 Langchain | 2025-07-12 | N/A |
| A vulnerability in langchain-core versions >=0.1.17,<0.1.53, >=0.2.0,<0.2.43, and >=0.3.0,<0.3.15 allows unauthorized users to read arbitrary files from the host file system. The issue arises from the ability to create langchain_core.prompts.ImagePromptTemplate's (and by extension langchain_core.prompts.ChatPromptTemplate's) with input variables that can read any user-specified path from the server file system. If the outputs of these prompt templates are exposed to the user, either directly or through downstream model outputs, it can lead to the exposure of sensitive information. | ||||
| CVE-2024-54279 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 7.5 High |
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPNERD WP-NERD Toolkit.This issue affects WP-NERD Toolkit: from n/a through 1.1. | ||||