Total
8069 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-13911 | 2025-03-01 | N/A | 7.2 HIGH | ||
| The Database Backup and check Tables Automated With Scheduler 2024 plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.35 via the /dashboard/backup.php file. This makes it possible for authenticated attackers, with Administrator-level access and above, to extract sensitive data including full database credentials. | |||||
| CVE-2024-7412 | 1 Coffee2code | 1 No Update Nag | 2025-03-01 | N/A | 5.3 MEDIUM |
| The No Update Nag plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.4.12. This is due to the plugin allowing direct access to the bootstrap.php file which has display_errors on. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website. | |||||
| CVE-2024-6567 | 1 Shopfiles | 1 Ebook Store | 2025-03-01 | N/A | 5.3 MEDIUM |
| The Ebook Store plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 5.8001. This is due to the plugin utilizing fpdi-protection and not preventing direct access to test files that have display_errors set to true. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website. | |||||
| CVE-2024-5354 | 1 Anji-plus | 1 Aj-report | 2025-03-01 | 4.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability classified as problematic was found in anji-plus AJ-Report up to 1.4.1. This vulnerability affects unknown code of the file /reportShare/detailByCode. The manipulation of the argument shareToken leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-266266 is the identifier assigned to this vulnerability. | |||||
| CVE-2023-24923 | 1 Microsoft | 1 Onedrive | 2025-02-28 | N/A | 5.5 MEDIUM |
| Microsoft OneDrive for Android Information Disclosure Vulnerability | |||||
| CVE-2023-24882 | 1 Microsoft | 1 Onedrive | 2025-02-28 | N/A | 5.5 MEDIUM |
| Microsoft OneDrive for Android Information Disclosure Vulnerability | |||||
| CVE-2023-38158 | 1 Microsoft | 1 Edge Chromium | 2025-02-28 | N/A | 3.1 LOW |
| Microsoft Edge (Chromium-based) Information Disclosure Vulnerability | |||||
| CVE-2023-36894 | 1 Microsoft | 1 Sharepoint Server | 2025-02-28 | N/A | 6.5 MEDIUM |
| Microsoft SharePoint Server Information Disclosure Vulnerability | |||||
| CVE-2022-30184 | 3 Apple, Fedoraproject, Microsoft | 7 Macos, Fedora, .net and 4 more | 2025-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
| .NET and Visual Studio Information Disclosure Vulnerability | |||||
| CVE-2021-31173 | 1 Microsoft | 2 Sharepoint Foundation, Sharepoint Server | 2025-02-28 | 4.0 MEDIUM | 5.3 MEDIUM |
| Microsoft SharePoint Server Information Disclosure Vulnerability | |||||
| CVE-2025-1606 | 1 Mayurik | 1 Best Employee Management System | 2025-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability classified as problematic was found in SourceCodester Best Employee Management System 1.0. This vulnerability affects unknown code of the file /admin/backup/backups.php. The manipulation leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-38290 | 2025-02-28 | N/A | 5.3 MEDIUM | ||
| In XIQ-SE before 24.2.11, a server misconfiguration may allow user enumeration when specific conditions are met. | |||||
| CVE-2021-34125 | 2 Dronecode, Yuneec | 3 Px4 Drone Autopilot, Mantis Q, Mantis Q Firmware | 2025-02-28 | N/A | 7.5 HIGH |
| An issue discovered in Yuneec Mantis Q and PX4-Autopilot v 1.11.3 and below allow attacker to gain access to sensitive information via various nuttx commands. | |||||
| CVE-2025-25729 | 2025-02-28 | N/A | 7.5 HIGH | ||
| An information disclosure vulnerability in Bosscomm IF740 Firmware versions:11001.7078 & v11001.0000 and System versions: 6.25 & 6.00 allows attackers to obtain hardcoded cleartext credentials via the update or boot process. | |||||
| CVE-2024-13638 | 2025-02-28 | N/A | 5.9 MEDIUM | ||
| The Order Attachments for WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.5.1 via the 'uploads' directory. This makes it possible for unauthenticated attackers to extract sensitive data stored insecurely in the /wp-content/uploads directory which can contain file attachments added to orders. | |||||
| CVE-2025-24408 | 2025-02-27 | N/A | 6.5 MEDIUM | ||
| Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Information Exposure vulnerability that could result in privilege escalation. A low-privileged attacker could gain unauthorized access to sensitive information. Exploitation of this issue does not require user interaction. | |||||
| CVE-2025-25333 | 2025-02-27 | N/A | 7.5 HIGH | ||
| An issue in IKEA CN iOS 4.13.0 allows attackers to access sensitive user information via supplying a crafted link. | |||||
| CVE-2024-47059 | 1 Acquia | 1 Mautic | 2025-02-27 | N/A | 4.3 MEDIUM |
| When logging in with the correct username and incorrect weak password, the user receives the notification, that their password is too weak. However when an incorrect username is provided alongside with a weak password, the application responds with ’Invalid credentials’ notification. This difference could be used to perform username enumeration. | |||||
| CVE-2020-36835 | 1 Wpvivid | 1 Migration\, Backup\, Staging | 2025-02-27 | N/A | 4.9 MEDIUM |
| The Migration, Backup, Staging – WPvivid plugin for WordPress is vulnerable to sensitive information disclosure of a WordPress site's database due to missing capability checks on the wp_ajax_wpvivid_add_remote AJAX action that allows low-level authenticated attackers to send back-ups to a remote location of their choice for review. This affects versions up to, and including 0.9.35. | |||||
| CVE-2022-45634 | 1 Megaeis | 1 Dbd\+ | 2025-02-26 | N/A | 4.3 MEDIUM |
| An issue discovered in MEGAFEIS, BOFEI DBD+ Application for IOS & Android v1.4.4 allows authenticated attacker to gain access to sensitive account information | |||||