Total
9151 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-0789 | 1 Algosolutions | 2 8180 Ip Audio Alerter, 8180 Ip Audio Alerter Firmware | 2026-06-17 | N/A | 7.5 HIGH |
| ALGO 8180 IP Audio Alerter Web UI Inclusion of Authentication Cookie in Response Body Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web-based user interface. The issue results from the lack of proper management of sensitive information. An attacker can leverage this vulnerability to disclose information in the context of the device. Was ZDI-CAN-28297. | |||||
| CVE-2026-0747 | 1 Devolutions | 1 Remote Desktop Manager | 2026-06-17 | N/A | 3.3 LOW |
| Exposure of sensitive information in the TeamViewer entry dashboard component in Devolutions Remote Desktop Manager 2025.3.24.0 through 2025.3.28.0 on Windows allows an external observer to view a password on screen via a defective masking feature, for example during physical observation or screen sharing. | |||||
| CVE-2026-0717 | 2026-06-17 | N/A | 5.3 MEDIUM | ||
| The LottieFiles – Lottie block for Gutenberg plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.0.0 via the `/wp-json/lottiefiles/v1/settings/` REST API endpoint. This makes it possible for unauthenticated attackers to retrieve the site owner's LottieFiles.com account credentials including their API access token and email address when the 'Share LottieFiles account with other WordPress users' option is enabled. | |||||
| CVE-2026-0025 | 1 Google | 1 Android | 2026-06-17 | N/A | 8.4 HIGH |
| In hasImage of Notification.java, there is a possible way to reveal information across users due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2026-0005 | 1 Google | 1 Android | 2026-06-17 | N/A | 6.2 MEDIUM |
| In onServiceDisconnected of KeyguardServiceDelegate.java, there is a possible partial bypass of app pinning allowing limited interaction with other apps without knowing the LSKF due to a missing permission check. This could lead to local information disclosure where the extent of interaction and impact is app-dependent with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-9908 | 1 Redhat | 4 Ansible Automation Platform, Ansible Developer, Ansible Inside and 1 more | 2026-06-17 | N/A | 6.7 MEDIUM |
| A flaw was found in the Red Hat Ansible Automation Platform, Event-Driven Ansible (EDA) Event Streams. This vulnerability allows an authenticated user to gain access to sensitive internal infrastructure headers (such as X-Trusted-Proxy and X-Envoy-*) and event stream URLs via crafted requests and job templates. By exfiltrating these headers, an attacker could spoof trusted requests, escalate privileges, or perform malicious event injection. | |||||
| CVE-2025-9907 | 1 Redhat | 4 Ansible Automation Platform, Ansible Developer, Ansible Inside and 1 more | 2026-06-17 | N/A | 6.7 MEDIUM |
| A flaw was found in the Red Hat Ansible Automation Platform, Event-Driven Ansible (EDA) Event Stream API. This vulnerability allows exposure of sensitive client credentials and internal infrastructure headers via the test_headers field when an event stream is in test mode. The possible outcome includes leakage of internal infrastructure details, accidental disclosure of user or system credentials, privilege escalation if high-value tokens are exposed, and persistent sensitive data exposure to all users with read access on the event stream. | |||||
| CVE-2025-9843 | 1 Das | 1 Parking Management System | 2026-06-17 | 5.0 MEDIUM | 5.3 MEDIUM |
| A flaw has been found in Das Parking Management System 停车场管理系统 6.2.0. Affected is an unknown function of the file /Operator/FindAll. This manipulation causes information disclosure. It is possible to initiate the attack remotely. The exploit has been published and may be used. | |||||
| CVE-2025-9842 | 1 Das | 1 Parking Management System | 2026-06-17 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability was detected in Das Parking Management System 停车场管理系统 6.2.0. This impacts an unknown function of the file /Operator/Search. The manipulation results in information disclosure. The attack may be performed from remote. The exploit is now public and may be used. | |||||
| CVE-2025-9808 | 2026-06-17 | N/A | 5.3 MEDIUM | ||
| The The Events Calendar plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 6.15.2 via the REST endpoint. This makes it possible for unauthenticated attackers to extract information about password-protected vendors or venues. | |||||
| CVE-2025-9774 | 1 Remoteclinic | 1 Remote Clinic | 2026-06-17 | 5.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability has been found in RemoteClinic up to 2.0. This issue affects some unknown processing of the file /patients/edit-patient.php. The manipulation of the argument Email leads to information disclosure. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-9461 | 1 Diyhi | 1 Bbs | 2026-06-17 | 4.0 MEDIUM | 4.3 MEDIUM |
| A weakness has been identified in diyhi bbs up to 6.8. The impacted element is an unknown function of the file src/main/java/cms/web/action/filePackage/FilePackageManageAction.java of the component File Compression Handler. This manipulation of the argument idGroup causes information disclosure. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be exploited. | |||||
| CVE-2025-9398 | 1 Wanglongcn | 1 Yifang | 2026-06-17 | 5.0 MEDIUM | 5.3 MEDIUM |
| A security vulnerability has been detected in YiFang CMS up to 2.0.5. Affected by this vulnerability is the function exportInstallTable of the file app/utils/base/database/Migrate.php. The manipulation leads to information disclosure. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-9381 | 2026-06-17 | 0.8 LOW | 1.6 LOW | ||
| A security flaw has been discovered in FNKvision Y215 CCTV Camera 10.194.120.40. This affects an unknown part of the file /tmp/wpa_supplicant.conf. Performing manipulation results in information disclosure. The attack may be carried out on the physical device. The attack's complexity is rated as high. It is indicated that the exploitability is difficult. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-9240 | 1 Eladmin | 1 Eladmin | 2026-06-17 | 4.0 MEDIUM | 4.3 MEDIUM |
| A security flaw has been discovered in elunez eladmin up to 2.7. Affected by this issue is some unknown functionality of the file /auth/info. The manipulation results in information disclosure. The attack can be launched remotely. The exploit has been released to the public and may be exploited. | |||||
| CVE-2025-9209 | 2026-06-17 | N/A | 9.8 CRITICAL | ||
| The RestroPress – Online Food Ordering System plugin for WordPress is vulnerable to Authentication Bypass in versions 3.0.0 to 3.1.9.2. This is due to the plugin exposing user private tokens and API data via the /wp-json/wp/v2/users REST API endpoint. This makes it possible for unauthenticated attackers to forge JWT tokens for other users, including administrators, and authenticate as them. | |||||
| CVE-2025-9196 | 2026-06-17 | N/A | 5.3 MEDIUM | ||
| The Trinity Audio – Text to Speech AI audio player to convert content into audio plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.21.0 via the ~/admin/inc/phpinfo.php file that gets created on install. This makes it possible for unauthenticated attackers to extract sensitive data including configuration data. | |||||
| CVE-2025-9139 | 1 Scada-lts | 1 Scada-lts | 2026-06-17 | 4.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability was determined in Scada-LTS 2.7.8.1. Affected by this vulnerability is an unknown functionality of the file /Scada-LTS/dwr/call/plaincall/WatchListDwr.init.dwr. Executing manipulation can lead to information disclosure. The attack may be performed from a remote location. The exploit has been publicly disclosed and may be utilized. The vendor explains: "[T]he risks of indicated vulnerabilities seem to be minimal as all scenarios likely require admin permissions. Moreover, regardless our team fixes those vulnerabilities - the overall risk change to the user due to malicious admin actions will not be lower." | |||||
| CVE-2025-9036 | 2026-06-17 | N/A | N/A | ||
| A security issue in the runtime event system allows unauthenticated connections to receive a reusable API token. This token is broadcasted over a WebSocket and can be intercepted by any local client listening on the connection. | |||||
| CVE-2025-9005 | 1 Mtons | 1 Mblog | 2026-06-17 | 2.6 LOW | 3.7 LOW |
| A vulnerability was determined in mtons mblog up to 3.5.0. Affected is an unknown function of the file /register. The manipulation leads to information exposure through error message. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. | |||||