Total
169 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-0061 | 2 Sap, Sap Se | 2 Businessobjects Business Intelligence Platform, Sap Business Objects Business Intgelligence Platform | 2025-06-17 | 8.7 High |
| SAP BusinessObjects Business Intelligence Platform allows an unauthenticated attacker to perform session hijacking over the network without any user interaction, due to an information disclosure vulnerability. Attacker can access and modify all the data of the application. | ||||
| CVE-2025-4229 | 1 Palo Alto Networks | 1 Pan-os | 2025-06-16 | N/A |
| An information disclosure vulnerability in the SD-WAN feature of Palo Alto Networks PAN-OS® software enables an unauthorized user to view unencrypted data sent from the firewall through the SD-WAN interface. This requires the user to be able to intercept packets sent from the firewall. Cloud NGFW and Prisma® Access are not affected by this vulnerability. | ||||
| CVE-2025-31045 | 2025-06-12 | 7.5 High | ||
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in elfsight elfsight Contact Form widget allows Retrieve Embedded Sensitive Data. This issue affects elfsight Contact Form widget: from n/a through 2.3.1. | ||||
| CVE-2024-13916 | 2025-06-10 | N/A | ||
| An application "com.pri.applock", which is pre-loaded on Kruger&Matz smartphones, allows a user to encrypt any application using user-provided PIN code or by using biometric data. Exposed ”com.android.providers.settings.fingerprint.PriFpShareProvider“ content provider's public method query() allows any other malicious application, without any granted Android system permissions, to exfiltrate the PIN code. Only version (version name: 13, version code: 33) was tested and confirmed to have this vulnerability. Application update was released in April 2025. | ||||
| CVE-2024-53814 | 1 Analytify | 1 Analytify - Google Analytics Dashboard | 2025-06-09 | 6.5 Medium |
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Analytify.This issue affects Analytify: from n/a through 5.4.3. | ||||
| CVE-2025-47540 | 1 Wedevs | 1 Wemail | 2025-06-09 | 5.3 Medium |
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in weDevs weMail allows Retrieve Embedded Sensitive Data. This issue affects weMail: from n/a through 1.14.13. | ||||
| CVE-2025-5893 | 2025-06-09 | 9.8 Critical | ||
| Smart Parking Management System from Honding Technology has an Exposure of Sensitive Information vulnerability, allowing unauthenticated remote attackers to access a specific page and obtain plaintext administrator credentials. | ||||
| CVE-2025-49419 | 2025-06-06 | 5.5 Medium | ||
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in esigngenie Foxit eSign for WordPress allows Retrieve Embedded Sensitive Data. This issue affects Foxit eSign for WordPress: from n/a through 2.0.3. | ||||
| CVE-2025-24473 | 1 Fortinet | 1 Forticlient | 2025-06-04 | 4.8 Medium |
| A exposure of sensitive system information to an unauthorized control sphere in Fortinet FortiClientWindows versions 7.2.0 through 7.2.1 may allow an unauthorized remote attacker to view application information via navigation to a hosted webpage, if Windows is configured to accept incoming connections to port 8053 (non-default setup) | ||||
| CVE-2023-5081 | 1 Lenovo | 8 Tab M8 Hd Tb8505f, Tab M8 Hd Tb8505f Firmware, Tab M8 Hd Tb8505fs and 5 more | 2025-05-30 | 3.3 Low |
| An information disclosure vulnerability was reported in the Lenovo Tab M8 HD that could allow a local application to gather a non-resettable device identifier. | ||||
| CVE-2025-2236 | 2025-05-28 | N/A | ||
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in OpenText Advanced Authentication allows Information Elicitation. The vulnerability could reveal sensitive information while managing and configuring of the external services. This issue affects Advanced Authentication versions before 6.5. | ||||
| CVE-2025-39394 | 2025-05-21 | 5.3 Medium | ||
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Solid Plugins AnalyticsWP allows Retrieve Embedded Sensitive Data.This issue affects AnalyticsWP: from n/a through 2.1.2. | ||||
| CVE-2025-4364 | 2025-05-21 | N/A | ||
| The affected products could allow an unauthenticated attacker to access system information that could enable further access to sensitive files and obtain administrative credentials. | ||||
| CVE-2025-23382 | 1 Dell | 1 Secure Connect Gateway | 2025-05-20 | 5.5 Medium |
| Dell Secure Connect Gateway (SCG) 5.0 Appliance - SRS, version(s) 5.26, contain(s) an Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Information exposure.c | ||||
| CVE-2025-48024 | 2025-05-16 | 5 Medium | ||
| In BlueWave Checkmate before 2.1, an authenticated regular user can access sensitive application secrets via the /api/v1/settings endpoint. | ||||
| CVE-2025-22222 | 1 Vmware | 2 Aria Operations, Cloud Foundation | 2025-05-14 | 7.7 High |
| VMware Aria Operations contains an information disclosure vulnerability. A malicious user with non-administrative privileges may exploit this vulnerability to retrieve credentials for an outbound plugin if a valid service credential ID is known. | ||||
| CVE-2025-30011 | 2025-05-13 | 5.3 Medium | ||
| The Live Auction Cockpit in SAP Supplier Relationship Management (SRM) uses a deprecated java applet component within the affected SRM packages which allows an unauthenticated attacker to send an malicious request to the application, which could disclose the internal version details of the affected system. This vulnerability has low impact on confidentiality, with no effect on integrity and availability of the application. | ||||
| CVE-2025-46747 | 2025-05-12 | 5.7 Medium | ||
| An authenticated user without user-management permissions could identify other user accounts. | ||||
| CVE-2025-3506 | 2025-05-08 | N/A | ||
| Files to be deployed with agents are accessible without authentication in Checkmk 2.1.0, Checkmk 2.2.0, Checkmk 2.3.0 and <Checkmk 2.4.0b6 allows attacker to access files that could contain secrets. | ||||
| CVE-2024-39675 | 1 Siemens | 24 Ruggedcom Ros Rmc30, Ruggedcom Ros Rmc30nc, Ruggedcom Ros Rp110 and 21 more | 2025-05-01 | 8.8 High |
| A vulnerability has been identified in RUGGEDCOM RMC30 (All versions < V4.3.10), RUGGEDCOM RMC30NC (All versions < V4.3.10), RUGGEDCOM RP110 (All versions < V4.3.10), RUGGEDCOM RP110NC (All versions < V4.3.10), RUGGEDCOM RS400 (All versions < V4.3.10), RUGGEDCOM RS400NC (All versions < V4.3.10), RUGGEDCOM RS401 (All versions < V4.3.10), RUGGEDCOM RS401NC (All versions < V4.3.10), RUGGEDCOM RS416 (All versions < V4.3.10), RUGGEDCOM RS416NC (All versions < V4.3.10), RUGGEDCOM RS416NCv2 V4.X (All versions < V4.3.10), RUGGEDCOM RS416NCv2 V5.X (All versions < V5.9.0), RUGGEDCOM RS416P (All versions < V4.3.10), RUGGEDCOM RS416PNC (All versions < V4.3.10), RUGGEDCOM RS416PNCv2 V4.X (All versions < V4.3.10), RUGGEDCOM RS416PNCv2 V5.X (All versions < V5.9.0), RUGGEDCOM RS416Pv2 V4.X (All versions < V4.3.10), RUGGEDCOM RS416Pv2 V5.X (All versions < V5.9.0), RUGGEDCOM RS416v2 V4.X (All versions < V4.3.10), RUGGEDCOM RS416v2 V5.X (All versions < V5.9.0), RUGGEDCOM RS910 (All versions < V4.3.10), RUGGEDCOM RS910L (All versions), RUGGEDCOM RS910LNC (All versions), RUGGEDCOM RS910NC (All versions < V4.3.10), RUGGEDCOM RS910W (All versions < V4.3.10), RUGGEDCOM RS920L (All versions), RUGGEDCOM RS920LNC (All versions), RUGGEDCOM RS920W (All versions). In some configurations the affected products wrongly enable the Modbus service in non-managed VLANS. Only serial devices are affected by this vulnerability. | ||||