Total
7894 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-46552 | 2025-04-29 | N/A | N/A | ||
| KHC-INVITATION-AUTOMATION is a GitHub automation script that automatically invites followers of a bot account to join your organization. In some commits on version 1.2, a vulnerability was identified where user data, including email addresses and Discord usernames, were exposed in API responses without proper access controls. This allowed unauthorized users to access sensitive user information by directly calling specific endpoints. This issue has been patched in a later commit on version 1.2. | |||||
| CVE-2025-24270 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2025-04-29 | N/A | 5.5 MEDIUM |
| This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.4, tvOS 18.4, macOS Ventura 13.7.5, iPadOS 17.7.6, macOS Sonoma 14.7.5, iOS 18.4 and iPadOS 18.4, visionOS 2.4. An attacker on the local network may be able to leak sensitive user information. | |||||
| CVE-2025-3059 | 2025-04-29 | N/A | 5.3 MEDIUM | ||
| Vulnerability in Drupal Profile Private.This issue affects Profile Private: *.*. | |||||
| CVE-2025-32986 | 2025-04-29 | N/A | 7.5 HIGH | ||
| NETSCOUT nGeniusONE before 6.4.0 b2350 has a Sensitive File Accessible Without Proper Authentication to an endpoint. | |||||
| CVE-2025-3628 | 2025-04-29 | N/A | 4.3 MEDIUM | ||
| A flaw has was found in Moodle where anonymous assignment submissions can be de-anonymized via search, revealing student identities. | |||||
| CVE-2025-3923 | 2025-04-29 | N/A | 5.3 MEDIUM | ||
| The Prevent Direct Access – Protect WordPress Files plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.8.8 via the 'generate_unique_string' due to insufficient randomness of the generated file name. This makes it possible for unauthenticated attackers to extract sensitive data including files protected by the plugin if the attacker can determine the file name. | |||||
| CVE-2025-32983 | 2025-04-29 | N/A | 7.5 HIGH | ||
| NETSCOUT nGeniusONE before 6.4.0 b2350 allows Technical Information Disclosure via a Stack Trace. | |||||
| CVE-2025-32044 | 2025-04-29 | N/A | 7.5 HIGH | ||
| A flaw has been identified in Moodle where, on certain sites, unauthenticated users could retrieve sensitive user data—including names, contact information, and hashed passwords—via stack traces returned by specific API calls. Sites with PHP configured with zend.exception_ignore_args = 1 in the php.ini file are not affected by this vulnerability. | |||||
| CVE-2025-3975 | 2025-04-29 | 5.0 MEDIUM | 5.3 MEDIUM | ||
| A vulnerability was found in ScriptAndTools eCommerce-website-in-PHP 3.0 and classified as problematic. This issue affects some unknown processing of the file /admin/subscriber-csv.php. The manipulation leads to information disclosure. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-3966 | 2025-04-29 | 4.0 MEDIUM | 4.3 MEDIUM | ||
| A vulnerability was found in itwanger paicoding 1.0.3 and classified as problematic. Affected by this issue is some unknown functionality of the file /user/home?userId=1&homeSelectType=read of the component Browsing History Handler. The manipulation leads to information disclosure. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-3978 | 2025-04-29 | 4.0 MEDIUM | 4.3 MEDIUM | ||
| A vulnerability was found in dazhouda lecms 3.0.3. It has been rated as problematic. Affected by this issue is some unknown functionality of the file admin/view/default/user_set.htm. The manipulation leads to information disclosure. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-33865 | 2 Linqi, Microsoft | 2 Linqi, Windows | 2025-04-28 | N/A | 7.5 HIGH |
| An issue was discovered in linqi before 1.4.0.1 on Windows. There is an NTLM hash leak via the /api/Cdn/GetFile and /api/DocumentTemplate/{GUID] endpoints. | |||||
| CVE-2024-21501 | 2 Apostrophecms, Fedoraproject | 2 Sanitize-html, Fedora | 2025-04-25 | N/A | 5.3 MEDIUM |
| Versions of the package sanitize-html before 2.12.1 are vulnerable to Information Exposure when used on the backend and with the style attribute allowed, allowing enumeration of files in the system (including project dependencies). An attacker could exploit this vulnerability to gather details about the file system structure and dependencies of the targeted server. | |||||
| CVE-2022-26885 | 1 Apache | 1 Dolphinscheduler | 2025-04-25 | N/A | 7.5 HIGH |
| When using tasks to read config files, there is a risk of database password disclosure. We recommend you upgrade to version 2.0.6 or higher. | |||||
| CVE-2022-28607 | 1 Isic.lk Project | 1 Isic.lk | 2025-04-24 | N/A | 7.5 HIGH |
| An issue was discovered in asith-eranga ISIC tour booking through version published on Feb 13th 2018, allows attackers to gain sensitive information via the action parameter to /system/user/modules/mod_users/controller.php. | |||||
| CVE-2021-37192 | 1 Siemens | 1 Sinema Remote Connect Server | 2025-04-23 | 3.3 LOW | 4.3 MEDIUM |
| A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). The affected software has an information disclosure vulnerability that could allow an attacker to retrieve a list of network devices a known user can manage. | |||||
| CVE-2021-37190 | 1 Siemens | 1 Sinema Remote Connect Server | 2025-04-23 | 3.3 LOW | 4.3 MEDIUM |
| A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). The affected software has an information disclosure vulnerability that could allow an attacker to retrieve VPN connection for a known user. | |||||
| CVE-2023-50324 | 1 Ibm | 1 Cognos Command Center | 2025-04-23 | N/A | 5.3 MEDIUM |
| IBM Cognos Command Center 10.2.4.1 and 10.2.5 exposes details the X-AspNet-Version Response Header that could allow an attacker to obtain information of the application environment to conduct further attacks. IBM X-Force ID: 275038. | |||||
| CVE-2025-25192 | 1 Glpi-project | 1 Glpi | 2025-04-23 | N/A | 6.5 MEDIUM |
| GLPI is a free asset and IT management software package. Prior to version 10.0.18, a low privileged user can enable debug mode and access sensitive information. Version 10.0.18 contains a patch. As a workaround, one may delete the `install/update.php` file. | |||||
| CVE-2024-45799 | 1 Rathena | 1 Fluxcp | 2025-04-23 | N/A | 7.3 HIGH |
| FluxCP is a web-based Control Panel for rAthena servers written in PHP. A javascript injection is possible via venders/buyers list pages and shop names, that are currently not sanitized. This allows executing arbitrary javascript code on the user's browser just by visiting the shop pages. As a result all logged in to fluxcp users can have their session info stolen. This issue has been addressed in release version 1.3. All users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||