Total
8383 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-0659 | 2025-01-28 | N/A | N/A | ||
| A path traversal vulnerability exists in the Rockwell Automation DataEdge Platform DataMosaix Private Cloud. By specifying the character sequence in the body of the vulnerable endpoint, it is possible to overwrite files outside of the intended directory. A threat actor with admin privileges could leverage this vulnerability to overwrite reports including user projects. | |||||
| CVE-2025-21214 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-01-27 | N/A | 4.2 MEDIUM |
| Windows BitLocker Information Disclosure Vulnerability | |||||
| CVE-2023-28357 | 1 Rocket.chat | 1 Rocket.chat | 2025-01-27 | N/A | 4.3 MEDIUM |
| A vulnerability has been identified in Rocket.Chat, where the ACL checks in the Slash Command /mute occur after checking whether a user is a member of a given channel, leaking private channel members to unauthorized users. This allows authenticated users to enumerate whether a username is a member of a channel that they do not have access to. | |||||
| CVE-2024-35171 | 1 Kodezen | 1 Academy Lms | 2025-01-27 | N/A | 5.3 MEDIUM |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Academy LMS academy.This issue affects Academy LMS: from n/a through 1.9.25. | |||||
| CVE-2024-10360 | 1 Moveaddons | 1 Move Addons For Elementor | 2025-01-27 | N/A | 4.3 MEDIUM |
| The Move Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.5 via the render function in includes/widgets/accordion/widget.php, includes/widgets/remote-template/widget.php, and other widget.php files. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft template data. | |||||
| CVE-2025-24360 | 2025-01-25 | N/A | 5.3 MEDIUM | ||
| Nuxt is an open-source web development framework for Vue.js. Starting in version 3.8.1 and prior to version 3.15.3, Nuxt allows any websites to send any requests to the development server and read the response due to default CORS settings. Users with the default server.cors option using Vite builder may get the source code stolen by malicious websites. Version 3.15.3 fixes the vulnerability. | |||||
| CVE-2025-21242 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-01-24 | N/A | 5.9 MEDIUM |
| Windows Kerberos Information Disclosure Vulnerability | |||||
| CVE-2025-21308 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2025-01-24 | N/A | 6.5 MEDIUM |
| Windows Themes Spoofing Vulnerability | |||||
| CVE-2025-24363 | 2025-01-24 | N/A | 4.2 MEDIUM | ||
| The HL7 FHIR IG publisher is a tool to take a set of inputs and create a standard FHIR IG. Prior to version 1.8.9, in CI contexts, the IG Publisher CLI uses git commands to determine the URL of the originating repo. If the repo was cloned, or otherwise set to use a repo that uses a username and credential based URL, the entire URL will be included in the built Implementation Guide, exposing username and credential. This does not impact users that clone public repos without credentials, such as those using the auto-ig-build continuous integration infrastructure. This problem has been patched in release 1.8.9. Some workarounds are available. Users should ensure the IG repo they are publishing does not have username or credentials included in the `origin` URL. Running the command `git remote origin url` should return a URL that contains no username, password, or token; or users should run the IG Publisher CLI with the `-repo` parameter and specify a URL that contains no username, password, or token. | |||||
| CVE-2023-27870 | 1 Ibm | 1 Spectrum Virtualize | 2025-01-24 | N/A | 5.9 MEDIUM |
| IBM Spectrum Virtualize 8.5, under certain circumstances, could disclose sensitive credential information while a download from Fix Central is in progress. IBM X-Force ID: 249518. | |||||
| CVE-2024-10312 | 1 Exclusiveaddons | 1 Exclusive Addons For Elementor | 2025-01-24 | N/A | 4.3 MEDIUM |
| The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.7.4 via the render function in elements/tabs/tabs.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft template data. | |||||
| CVE-2024-28193 | 1 Yooooomi | 1 Your Spotify | 2025-01-24 | N/A | 6.5 MEDIUM |
| your_spotify is an open source, self hosted Spotify tracking dashboard. YourSpotify version <1.8.0 allows users to create a public token in the settings, which can be used to provide guest-level access to the information of that specific user in YourSpotify. The /me API endpoint discloses Spotify API access and refresh tokens to guest users. Attackers with access to a public token for guest access to YourSpotify can therefore obtain access to Spotify API tokens of YourSpotify users. As a consequence, attackers may extract profile information, information about listening habits, playlists and other information from the corresponding Spotify profile. In addition, the attacker can pause and resume playback in the Spotify app at will. This issue has been resolved in version 1.8.0. Users are advised to upgrade. There are no known workarounds for this issue. | |||||
| CVE-2024-52975 | 2025-01-23 | N/A | 9.0 CRITICAL | ||
| An issue was identified in Fleet Server where Fleet policies that could contain sensitive information were logged on INFO and ERROR log levels. The nature of the sensitive information largely depends on the integrations enabled. | |||||
| CVE-2024-32782 | 1 Hasthemes | 1 Ht Mega | 2025-01-22 | N/A | 4.3 MEDIUM |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in HasThemes HT Mega.This issue affects HT Mega: from n/a through 2.4.7. | |||||
| CVE-2024-39600 | 1 Sap | 1 Gui For Windows | 2025-01-22 | N/A | 5.0 MEDIUM |
| Under certain conditions, the memory of SAP GUI for Windows contains the password used to log on to an SAP system, which might allow an attacker to get hold of the password and impersonate the affected user. As a result, it has a high impact on the confidentiality but there is no impact on the integrity and availability. | |||||
| CVE-2024-33506 | 1 Fortinet | 1 Fortimanager | 2025-01-21 | N/A | 3.3 LOW |
| An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiManager 7.4.2 and below, 7.2.5 and below, 7.0.12 and below allows a remote authenticated attacker assigned to an Administrative Domain (ADOM) to access device summary of unauthorized ADOMs via crafted HTTP requests. | |||||
| CVE-2024-34717 | 1 Prestashop | 1 Prestashop | 2025-01-21 | N/A | 5.3 MEDIUM |
| PrestaShop is an open source e-commerce web application. In PrestaShop 8.1.5, any invoice can be downloaded from front-office in anonymous mode, by supplying a random secure_key parameter in the url. This issue is patched in version 8.1.6. No known workarounds are available. | |||||
| CVE-2024-29987 | 1 Microsoft | 1 Edge Chromium | 2025-01-17 | N/A | 6.5 MEDIUM |
| Microsoft Edge (Chromium-based) Information Disclosure Vulnerability | |||||
| CVE-2024-28235 | 1 Contao | 1 Contao | 2025-01-17 | N/A | 8.3 HIGH |
| Contao is an open source content management system. Starting in version 4.9.0 and prior to versions 4.13.40 and 5.3.4, when checking for broken links on protected pages, Contao sends the cookie header to external urls as well, the passed options for the http client are used for all requests. Contao versions 4.13.40 and 5.3.4 have a patch for this issue. As a workaround, disable crawling protected pages. | |||||
| CVE-2024-12142 | 2025-01-17 | N/A | 8.6 HIGH | ||
| CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists that could cause information disclosure of restricted web page, modification of web page and denial of service when specific web pages are modified and restricted functions are invoked. | |||||