Total
653 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-2703 | 1 Finexmedia | 1 Competition Management System | 2025-01-17 | 7.5 High |
| Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Finex Media Competition Management System allows Retrieve Embedded Sensitive Data, Collect Data as Provided by Users.This issue affects Competition Management System: before 23.07. | ||||
| CVE-2023-28344 | 2 Faronics, Microsoft | 2 Insight, Windows | 2025-01-14 | 7.1 High |
| An issue was discovered in Faronics Insight 10.0.19045 on Windows. The Insight Teacher Console application allows unauthenticated attackers to view constantly updated screenshots of student desktops and to submit falsified screenshots on behalf of students. Attackers are able to view screenshots of student desktops without their consent. These screenshots may potentially contain sensitive/personal data. Attackers can also rapidly submit falsified images, hiding the actual contents of student desktops from the Teacher Console. | ||||
| CVE-2023-45911 | 1 Wipotec | 1 Comscale | 2025-01-09 | 9.8 Critical |
| An issue in WIPOTEC GmbH ComScale v4.3.29.21344 and v4.4.12.723 allows unauthenticated attackers to login as any user without a password. | ||||
| CVE-2023-25750 | 1 Mozilla | 1 Firefox | 2025-01-09 | 4.3 Medium |
| Under certain circumstances, a ServiceWorker's offline cache may have leaked to the file system when using private browsing mode. This vulnerability affects Firefox < 111. | ||||
| CVE-2023-29538 | 1 Mozilla | 2 Firefox, Focus | 2025-01-09 | 4.3 Medium |
| Under specific circumstances a WebExtension may have received a <code>jar:file:///</code> URI instead of a <code>moz-extension:///</code> URI during a load request. This leaked directory paths on the user's machine. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112. | ||||
| CVE-2023-33518 | 1 Emoncms | 1 Emoncms | 2025-01-08 | 5.3 Medium |
| emoncms v11 and later was discovered to contain an information disclosure vulnerability which allows attackers to obtain the web directory path and other information leaked by the server via a crafted web request. | ||||
| CVE-2023-32550 | 1 Canonical | 1 Landscape | 2025-01-07 | 9.3 Critical |
| Landscape's server-status page exposed sensitive system information. This data leak included GET requests which contain information to attack and leak further information from the Landscape API. | ||||
| CVE-2023-33510 | 1 Jeecg P3 Biz Chat Project | 1 Jeecg P3 Biz Chat | 2025-01-07 | 7.5 High |
| Jeecg P3 Biz Chat 1.0.5 allows remote attackers to read arbitrary files through specific parameters. | ||||
| CVE-2023-34250 | 1 Discourse | 1 Discourse | 2025-01-02 | 4.8 Medium |
| Discourse is an open source discussion platform. Prior to version 3.0.4 of the `stable` branch and version 3.1.0.beta5 of the `beta` and `tests-passed` branches, an attacker could use the new topics dismissal endpoint to reveal the number of topics recently created (but not the actual content thereof) in categories they didn't have access to. This issue is patched in version 3.0.4 of the `stable` branch and version 3.1.0.beta5 of the `beta` and `tests-passed` branches. There are no known workarounds. | ||||
| CVE-2023-34114 | 1 Zoom | 1 Zoom | 2025-01-02 | 7.4 High |
| Exposure of resource to wrong sphere in Zoom for Windows and Zoom for MacOS clients before 5.14.10 may allow an authenticated user to potentially enable information disclosure via network access. | ||||
| CVE-2022-21964 | 1 Microsoft | 1 Windows 10 | 2025-01-02 | 5.5 Medium |
| Remote Desktop Licensing Diagnoser Information Disclosure Vulnerability | ||||
| CVE-2023-38152 | 1 Microsoft | 5 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 2 more | 2025-01-01 | 5.3 Medium |
| DHCP Server Service Information Disclosure Vulnerability | ||||
| CVE-2023-29355 | 1 Microsoft | 4 Windows Server 2012, Windows Server 2016, Windows Server 2019 and 1 more | 2025-01-01 | 5.3 Medium |
| DHCP Server Service Information Disclosure Vulnerability | ||||
| CVE-2023-23409 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2025-01-01 | 5.5 Medium |
| Client Server Run-Time Subsystem (CSRSS) Information Disclosure Vulnerability | ||||
| CVE-2023-23394 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2025-01-01 | 5.5 Medium |
| Client Server Run-Time Subsystem (CSRSS) Information Disclosure Vulnerability | ||||
| CVE-2023-21714 | 1 Microsoft | 2 365 Apps, Office Long Term Servicing Channel | 2025-01-01 | 5.5 Medium |
| Microsoft Office Information Disclosure Vulnerability | ||||
| CVE-2023-21687 | 1 Microsoft | 3 Windows 11 21h2, Windows 11 22h2, Windows Server 2022 | 2025-01-01 | 5.5 Medium |
| HTTP.sys Information Disclosure Vulnerability | ||||
| CVE-2023-21536 | 1 Microsoft | 8 Windows 10 1809, Windows 10 20h2, Windows 10 21h2 and 5 more | 2025-01-01 | 4.7 Medium |
| Event Tracing for Windows Information Disclosure Vulnerability | ||||
| CVE-2023-2820 | 1 Proofpoint | 1 Threat Response Auto Pull | 2024-12-27 | 6.1 Medium |
| An information disclosure vulnerability in the faye endpoint in Proofpoint Threat Response / Threat Response Auto-Pull (PTR/TRAP) could be used by an attacker on an adjacent network to obtain credentials to integrated services via a man-in-the-middle position or cryptanalysis of the session traffic. An attacker could use these credentials to impersonate PTR/TRAP to these services. All versions prior to 5.10.0 are affected. | ||||
| CVE-2024-5660 | 2024-12-16 | 9.8 Critical | ||
| Use of Hardware Page Aggregation (HPA) and Stage-1 and/or Stage-2 translation on Cortex-A77, Cortex-A78, Cortex-A78C, Cortex-A78AE, Cortex-A710, Cortex-X1, Cortex-X1C, Cortex-X2, Cortex-X3, Cortex-X4, Cortex-X925, Neoverse V1, Neoverse V2, Neoverse V3, Neoverse V3AE, Neoverse N2 may permit bypass of Stage-2 translation and/or GPT protection. | ||||