Total
8448 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-40941 | 1 Siemens | 2 Simatic Cn 4100, Simatic Cn 4100 Firmware | 2025-12-10 | N/A | 4.3 MEDIUM |
| A vulnerability has been identified in SIMATIC CN 4100 (All versions < V4.0.1). The affected devices exposes server information in its responses. This could allow an attacker with network access to gain useful information, increasing the likelihood of targeted attacks. | |||||
| CVE-2025-64670 | 1 Microsoft | 8 Windows 10 21h2, Windows 10 22h2, Windows 11 23h2 and 5 more | 2025-12-10 | N/A | 6.5 MEDIUM |
| Exposure of sensitive information to an unauthorized actor in Microsoft Graphics Component allows an authorized attacker to disclose information over a network. | |||||
| CVE-2024-29843 | 1 Cs-technologies | 1 Evolution | 2025-12-10 | N/A | 7.5 HIGH |
| The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below contains poorly configured access control on MOBILE_GET_USERS_LIST, allowing for an unauthenticated attacker to enumerate all users and their access levels | |||||
| CVE-2024-29842 | 1 Cs-technologies | 1 Evolution | 2025-12-10 | N/A | 7.5 HIGH |
| The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below contains poorly configured access control on DESKTOP_EDIT_USER_GET_ABACARD_FIELDS, allowing for an unauthenticated attacker to return the abacard field of any user | |||||
| CVE-2024-29840 | 1 Cs-technologies | 1 Evolution | 2025-12-10 | N/A | 7.5 HIGH |
| The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below contains poorly configured access control on DESKTOP_EDIT_USER_GET_PIN_FIELDS, allowing for an unauthenticated attacker to return the pin value of any user | |||||
| CVE-2024-29841 | 1 Cs-technologies | 1 Evolution | 2025-12-10 | N/A | 7.5 HIGH |
| The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below contains poorly configured access control on DESKTOP_EDIT_USER_GET_KEYS_FIELDS, allowing for an unauthenticated attacker to return the keys value of any user | |||||
| CVE-2024-29839 | 1 Cs-technologies | 1 Evolution | 2025-12-10 | N/A | 7.5 HIGH |
| The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below contains poorly configured access control on DESKTOP_EDIT_USER_GET_CARD, allowing for an unauthenticated attacker to return the card value data of any user | |||||
| CVE-2024-38798 | 2025-12-09 | N/A | N/A | ||
| EDK2 contains a vulnerability in BIOS where an attacker may cause “Exposure of Sensitive Information to an Unauthorized Actor” by local access. Successful exploitation of this vulnerability will lead to possible information disclosure or escalation of privilege and impact Confidentiality. | |||||
| CVE-2025-58279 | 1 Huawei | 1 Harmonyos | 2025-12-09 | N/A | 4.4 MEDIUM |
| Permission control vulnerability in the media library module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2024-58255 | 1 Huawei | 2 Enzoh-w5611t, Enzoh-w5611t Firmware | 2025-12-08 | N/A | 5.0 MEDIUM |
| EnzoH has an OS command injection vulnerability. Successful exploitation of this vulnerability may lead to arbitrary command execution. | |||||
| CVE-2024-58256 | 1 Huawei | 2 Enzoh-w5611t, Enzoh-w5611t Firmware | 2025-12-08 | N/A | 4.5 MEDIUM |
| EnzoH has an OS command injection vulnerability. Successful exploitation of this vulnerability may lead to arbitrary command execution. | |||||
| CVE-2024-58257 | 1 Huawei | 2 Enzoh-w5611t, Enzoh-w5611t Firmware | 2025-12-08 | N/A | 5.7 MEDIUM |
| EnzoH has an OS command injection vulnerability. Successful exploitation of this vulnerability may lead to arbitrary command execution. | |||||
| CVE-2025-66330 | 1 Huawei | 1 Harmonyos | 2025-12-08 | N/A | 4.9 MEDIUM |
| App lock verification bypass vulnerability in the file management app. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2024-38647 | 1 Qnap | 1 Ai Core | 2025-12-08 | N/A | 7.5 HIGH |
| An exposure of sensitive information vulnerability has been reported to affect QNAP AI Core. If exploited, the vulnerability could allow remote attackers to compromise the security of the system. We have already fixed the vulnerability in the following version: QNAP AI Core 3.4.1 and later | |||||
| CVE-2024-12426 | 2 Debian, Libreoffice | 2 Debian Linux, Libreoffice | 2025-12-08 | N/A | 6.5 MEDIUM |
| Exposure of Environmental Variables and arbitrary INI file values to an Unauthorized Actor vulnerability in The Document Foundation LibreOffice. URLs could be constructed which expanded environmental variables or INI file values, so potentially sensitive information could be exfiltrated to a remote server on opening a document containing such links. This issue affects LibreOffice: from 24.8 before < 24.8.4. | |||||
| CVE-2025-10285 | 2025-12-08 | N/A | N/A | ||
| The web interface of the Silicon Labs Simplicity Device Manager is exposed publicly and can be used to extract the NTLMv2 hash which an attacker could use to crack the user's domain password. | |||||
| CVE-2025-13006 | 2025-12-08 | N/A | 5.3 MEDIUM | ||
| The SurveyFunnel – Survey Plugin for WordPress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.1.5 via several unprotected /wp-json/surveyfunnel/v2/ REST API endpoints. This makes it possible for unauthenticated attackers to extract sensitive data from survey responses. | |||||
| CVE-2025-13494 | 2025-12-08 | N/A | 5.3 MEDIUM | ||
| The SSP Debug plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.0. This is due to the plugin storing PHP error logs in a predictable, web-accessible location (wp-content/uploads/ssp-debug/ssp-debug.log) without any access controls. This makes it possible for unauthenticated attackers to view sensitive debugging information including full URLs, client IP addresses, User-Agent strings, WordPress user IDs, and internal filesystem paths. | |||||
| CVE-2025-14197 | 2025-12-08 | 5.0 MEDIUM | 5.3 MEDIUM | ||
| A security vulnerability has been detected in Verysync 微力同步 up to 2.21.3. The impacted element is an unknown function of the file /rest/f/api/resources/f96956469e7be39d of the component Web Administration Module. Such manipulation leads to information disclosure. The attack can be executed remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-66623 | 2025-12-08 | N/A | 7.4 HIGH | ||
| Strimzi provides a way to run an Apache Kafka cluster on Kubernetes or OpenShift in various deployment configurations. From 0.47.0 and prior to 0.49.1, in some situations, Strimzi creates an incorrect Kubernetes Role which grants the Apache Kafka Connect and Apache Kafka MirrorMaker 2 operands the GET access to all Kubernetes Secrets that exist in the given Kubernetes namespace. The issue is fixed in Strimzi 0.49.1. | |||||