Total
8383 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-23563 | 2025-02-12 | N/A | 3.9 LOW | ||
| HCL Connections Docs is vulnerable to a sensitive information disclosure which could allow a user to obtain sensitive information they are not entitled to, caused by improper handling of request data. | |||||
| CVE-2024-32037 | 2025-02-11 | N/A | N/A | ||
| GeoNetwork is a catalog application to manage spatially referenced resources. In versions prior to 4.2.10 and 4.4.5, the search end-point response headers contain information about Elasticsearch software in use. This information is valuable from a security point of view because it allows software used by the server to be easily identified. GeoNetwork 4.4.5 and 4.2.10 fix this issue. No known workarounds are available. | |||||
| CVE-2024-5813 | 1 Beyondtrust | 1 Beyondinsight Password Safe | 2025-02-11 | N/A | 5.9 MEDIUM |
| A medium severity vulnerability in BIPS has been identified where an authenticated attacker with high privileges can access the SSH private keys via an information leak in the server response. | |||||
| CVE-2024-38761 | 1 Zephyr-one | 1 Zephyr Project Manager | 2025-02-11 | N/A | 7.5 HIGH |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Dylan James Zephyr Project Manager.This issue affects Zephyr Project Manager: from n/a through 3.3.99. | |||||
| CVE-2019-25210 | 1 Helm | 1 Helm | 2025-02-11 | N/A | 6.5 MEDIUM |
| An issue was discovered in Cloud Native Computing Foundation (CNCF) Helm through 3.13.3. It displays values of secrets when the --dry-run flag is used. This is a security concern in some use cases, such as a --dry-run call by a CI/CD tool. NOTE: the vendor's position is that this behavior was introduced intentionally, and cannot be removed without breaking backwards compatibility (some users may be relying on these values). Also, it is not the Helm Project's responsibility if a user decides to use --dry-run within a CI/CD environment whose output is visible to unauthorized persons. | |||||
| CVE-2023-1710 | 1 Gitlab | 1 Gitlab | 2025-02-10 | N/A | 5.3 MEDIUM |
| A sensitive information disclosure vulnerability in GitLab affecting all versions from 15.0 prior to 15.8.5, 15.9 prior to 15.9.4 and 15.10 prior to 15.10.1 allows an attacker to view the count of internal notes for a given issue. | |||||
| CVE-2023-0838 | 1 Gitlab | 1 Gitlab | 2025-02-10 | N/A | 5.5 MEDIUM |
| An issue has been discovered in GitLab affecting versions starting from 15.1 before 15.8.5, 15.9 before 15.9.4, and 15.10 before 15.10.1. A maintainer could modify a webhook URL to leak masked webhook secrets by adding a new parameter to the url. This addresses an incomplete fix for CVE-2022-4342. | |||||
| CVE-2024-46979 | 1 Xwiki | 1 Xwiki | 2025-02-07 | N/A | 5.3 MEDIUM |
| XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to get access to notification filters of any user by using a URL such as `<hostname>xwiki/bin/get/XWiki/Notifications/Code/NotificationFilterPreferenceLivetableResults?outputSyntax=plain&type=custom&user=<username>`. This vulnerability impacts all versions of XWiki since 13.2-rc-1. The filters do not provide much information (they mainly contain references which are public data in XWiki), though some info could be used in combination with other vulnerabilities. This vulnerability has been patched in XWiki 14.10.21, 15.5.5, 15.10.1, 16.0RC1. The patch consists in checking the rights of the user when sending the data. Users are advised to upgrade. It's possible to workaround the vulnerability by applying manually the patch: it's possible for an administrator to edit directly the document `XWiki.Notifications.Code.NotificationFilterPreferenceLivetableResults` to apply the same changes as in the patch. See commit c8c6545f9bde6f5aade994aa5b5903a67b5c2582. | |||||
| CVE-2024-1591 | 1 Beyondtrust | 1 Privilege Management For Windows | 2025-02-07 | N/A | 3.3 LOW |
| Prior to version 24.1, a local authenticated attacker can view Sysvol when Privilege Management for Windows is configured to use a GPO policy. This allows them to view the policy and potentially find configuration issues. | |||||
| CVE-2024-32100 | 1 Sandhillsdev | 1 Easy Digital Downloads | 2025-02-07 | N/A | 5.3 MEDIUM |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Easy Digital Downloads.This issue affects Easy Digital Downloads: from n/a through 3.2.11. | |||||
| CVE-2022-34125 | 1 Glpi-project | 1 Cmdb | 2025-02-06 | N/A | 6.5 MEDIUM |
| front/icon.send.php in the CMDB plugin before 3.0.3 for GLPI allows attackers to gain read access to sensitive information via a _log/ pathname in the file parameter. | |||||
| CVE-2024-27947 | 1 Siemens | 1 Ruggedcom Crossbow | 2025-02-06 | N/A | 5.3 MEDIUM |
| A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). The affected systems could allow log messages to be forwarded to a specific client under certain circumstances. An attacker could leverage this vulnerability to forward log messages to a specific compromised client. | |||||
| CVE-2024-4173 | 1 Broadcom | 1 Brocade Sannav | 2025-02-06 | N/A | 7.6 HIGH |
| A vulnerability in Brocade SANnav exposes Kafka in the wan interface. The vulnerability could allow an unauthenticated attacker to perform various attacks, including DOS against the Brocade SANnav. | |||||
| CVE-2024-4159 | 1 Broadcom | 1 Brocade Sannav | 2025-02-06 | N/A | 4.3 MEDIUM |
| Brocade SANnav before v2.3.0a lacks protection mechanisms on port 2377/TCP and 7946/TCP, which could allow an unauthenticated attacker to sniff the SANnav Docker information. | |||||
| CVE-2024-43289 | 1 Gvectors | 1 Wpforo Forum | 2025-02-06 | N/A | 7.5 HIGH |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in gVectors Team wpForo Forum.This issue affects wpForo Forum: from n/a through 2.3.4. | |||||
| CVE-2024-26136 | 1 Openjsf | 1 Electroncord | 2025-02-05 | N/A | 7.5 HIGH |
| kedi ElectronCord is a bot management tool for Discord. Commit aaaeaf4e6c99893827b2eea4dd02f755e1e24041 exposes an account access token in the `config.json` file. Malicious actors could potentially exploit this vulnerability to gain unauthorized access to sensitive information or perform malicious actions on behalf of the repository owner. As of time of publication, it is unknown whether the owner of the repository has rotated the token or taken other mitigation steps aside from informing users of the situation. | |||||
| CVE-2024-24817 | 1 Discourse | 1 Calendar | 2025-02-05 | N/A | 4.3 MEDIUM |
| Discourse Calendar adds the ability to create a dynamic calendar in the first post of a topic on the open-source discussion platform Discourse. Prior to version 0.4, event invitees created in topics in private categories or PMs (private messages) can be retrieved by anyone, even if they're not logged in. This problem is resolved in version 0.4 of the discourse-calendar plugin. While no known workaround is available, putting the site behind `login_required` will disallow this endpoint to be used by anonymous users, but logged in users can still get the list of invitees in the private topics. | |||||
| CVE-2024-25130 | 1 Enalean | 1 Tuleap | 2025-02-05 | N/A | 5.4 MEDIUM |
| Tuleap is an open source suite to improve management of software developments and collaboration. Prior to version 15.5.99.76 of Tuleap Community Edition and prior to versions 15.5-4 and 15.4-7 of Tuleap Enterprise Edition, users with a read access to a tracker where the mass update feature is used might get access to restricted information. Tuleap Community Edition 15.5.99.76, Tuleap Enterprise Edition 15.5-4, and Tuleap Enterprise Edition 15.4-7 contain a patch for this issue. | |||||
| CVE-2017-1515 | 1 Ibm | 1 Engineering Requirements Management Doors | 2025-02-05 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Doors Web Access 9.5 and 9.6 could allow an authenticated user to obtain sensitive information from HTTP internal server error responses. IBM X-Force ID: 129825. | |||||
| CVE-2024-8913 | 1 Posimyth | 1 The Plus Addons For Elementor | 2025-02-05 | N/A | 4.3 MEDIUM |
| The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.6.11 via the render function in modules/widgets/tp_accordion.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft template data. | |||||