Total
9580 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-43986 | 1 Kuwfi | 1 Gc111 | 2025-08-16 | 9.8 Critical |
| An issue was discovered on KuWFi GC111 GC111-GL-LM321_V3.0_20191211 devices. The TELNET service is enabled by default and exposed over the WAN interface without authentication. | ||||
| CVE-2025-27845 | 1 Espec | 1 North America Web Controller | 2025-08-16 | 9.8 Critical |
| In ESPEC North America Web Controller 3 before 3.3.4, /api/v4/auth/ with any invalid authentication request results in exposing a JWT secret. This allows for elevated permissions to the UI. | ||||
| CVE-2025-9036 | 1 Rockwellautomation | 1 Factorytalk Action Manager | 2025-08-16 | N/A |
| A security issue in the runtime event system allows unauthenticated connections to receive a reusable API token. This token is broadcasted over a WebSocket and can be intercepted by any local client listening on the connection. | ||||
| CVE-2025-9005 | 1 Mblog Project | 1 Mblog | 2025-08-16 | 3.7 Low |
| A vulnerability was determined in mtons mblog up to 3.5.0. Affected is an unknown function of the file /register. The manipulation leads to information exposure through error message. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-8091 | 1 Wordpress | 1 Wordpress | 2025-08-16 | 4.3 Medium |
| The EventON Lite plugin for WordPress is vulnerable to Information Exposure in all versions less than, or equal to, 2.4.6 via the add_single_eventon and add_eventon shortcodes due to insufficient restrictions on which posts can be included. This makes it possible for unauthenticated attackers to extract data from password protected, private, or draft posts that they should not have access to. | ||||
| CVE-2025-26709 | 1 Zte | 1 F50 | 2025-08-16 | 5.7 Medium |
| There is an unauthorized access vulnerability in ZTE F50. Due to improper permission control of the Web module interface, an unauthorized attacker can obtain sensitive information through the interface | ||||
| CVE-2024-12575 | 2025-08-16 | 5.3 Medium | ||
| The Poll Maker – Versus Polls, Anonymous Polls, Image Polls plugin for WordPress is vulnerable to Basic Information Exposure in all versions up to, and including, 5.8.9 via the 'ays_finish_poll' AJAX action. This makes it possible for unauthenticated attackers to retrieve admin email information which is exposed in the poll response. | ||||
| CVE-2025-53728 | 1 Microsoft | 1 Dynamics 365 | 2025-08-15 | 6.5 Medium |
| Exposure of sensitive information to an unauthorized actor in Microsoft Dynamics 365 (on-premises) allows an unauthorized attacker to disclose information over a network. | ||||
| CVE-2025-53156 | 1 Microsoft | 7 Server, Windows, Windows 11 24h2 and 4 more | 2025-08-15 | 5.5 Medium |
| Exposure of sensitive information to an unauthorized actor in Storage Port Driver allows an authorized attacker to disclose information locally. | ||||
| CVE-2025-53136 | 1 Microsoft | 11 Windows, Windows 10 1507, Windows 10 1607 and 8 more | 2025-08-15 | 5.5 Medium |
| Exposure of sensitive information to an unauthorized actor in Windows NT OS Kernel allows an authorized attacker to disclose information locally. | ||||
| CVE-2025-53134 | 1 Microsoft | 14 Windows, Windows 10, Windows 10 1507 and 11 more | 2025-08-15 | 7 High |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-50154 | 1 Microsoft | 19 Windows, Windows 10 1507, Windows 10 1607 and 16 more | 2025-08-15 | 7.5 High |
| Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network. | ||||
| CVE-2025-53781 | 1 Microsoft | 3 Azure, Azure Virtual Machine, Virtual Machine | 2025-08-15 | 7.7 High |
| Exposure of sensitive information to an unauthorized actor in Azure Virtual Machines allows an authorized attacker to disclose information over a network. | ||||
| CVE-2025-33051 | 1 Microsoft | 1 Exchange Server | 2025-08-15 | 7.5 High |
| Exposure of sensitive information to an unauthorized actor in Microsoft Exchange Server allows an unauthorized attacker to disclose information over a network. | ||||
| CVE-2025-40768 | 1 Siemens | 1 Sinec Traffic Analyzer | 2025-08-15 | 7.3 High |
| A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V3.0). The affected application exposes an internal service port to be accessible from outside the system. This could allow an unauthorized attacker to access the application. | ||||
| CVE-2024-42351 | 1 Galaxyproject | 1 Galaxy | 2025-08-15 | 6.5 Medium |
| Galaxy is a free, open-source system for analyzing data, authoring workflows, training and education, publishing tools, managing infrastructure, and more. An attacker can potentially replace the contents of public datasets resulting in data loss or tampering. All supported branches of Galaxy (and more back to release_21.05) were amended with the below patch. Users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2024-45792 | 1 Mantisbt | 1 Mantisbt | 2025-08-15 | 6.5 Medium |
| Mantis Bug Tracker (MantisBT) is an open source issue tracker. Using a crafted POST request, an unprivileged, registered user is able to retrieve information about other users' personal system profiles. This vulnerability is fixed in 2.26.4. | ||||
| CVE-2025-55673 | 1 Apache | 1 Superset | 2025-08-15 | N/A |
| When a guest user accesses a chart in Apache Superset, the API response from the /chart/data endpoint includes a query field in its payload. This field contains the underlying query, which improperly discloses database schema information, such as table names, to the low-privileged guest user. This issue affects Apache Superset: before 4.1.3. Users are recommended to upgrade to version 4.1.3, which fixes the issue. | ||||
| CVE-2025-8676 | 2 Bplugins, Wordpress | 2 B Slider, Wordpress | 2025-08-15 | 4.3 Medium |
| The B Slider- Gutenberg Slider Block for WP plugin for WordPress is vulnerable to Sensitive Information Exposure in versions less than, or equal to, 2.0.0 via the get_active_plugins function. This makes it possible for authenticated attackers, with subscriber-level access and above to extract sensitive data including installed plugin information. | ||||
| CVE-2025-54786 | 2 Salesagility, Suitecrm | 2 Suitecrm, Suitecrm | 2025-08-14 | 5.3 Medium |
| SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. In versions 7.14.6 and 8.8.0, the broken authentication in the legacy iCal service allows unauthenticated access to meeting data. An unauthenticated actor can view any user's meeting (calendar event) data given their username, related functionality allows user enumeration. This is fixed in versions 7.14.7 and 8.8.1. | ||||