Total
295 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-31842 | 2026-06-17 | N/A | 5.3 MEDIUM | ||
| Insertion of Sensitive Information Into Sent Data vulnerability in viralloops Viral Loops WP Integration viral-loops-wp-integration allows Retrieve Embedded Sensitive Data.This issue affects Viral Loops WP Integration: from n/a through <= 3.4.0. | |||||
| CVE-2025-31134 | 1 Freshrss | 1 Freshrss | 2026-06-17 | N/A | 7.5 HIGH |
| FreshRSS is a self-hosted RSS feed aggregator. Prior to version 1.26.2, an attacker can gain additional information about the server by checking if certain directories exist. An attacker can, for example, check if older PHP versions are installed or if certain software is installed on the server and potentially use that information to further attack the server. Version 1.26.2 contains a patch for the issue. | |||||
| CVE-2025-30609 | 2026-06-17 | N/A | 5.3 MEDIUM | ||
| Insertion of Sensitive Information Into Sent Data vulnerability in Saad Iqbal AppExperts appexperts allows Retrieve Embedded Sensitive Data.This issue affects AppExperts: from n/a through <= 1.4.3. | |||||
| CVE-2025-2615 | 1 Gitlab | 1 Gitlab | 2026-06-17 | N/A | 4.3 MEDIUM |
| GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.7 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2, that could have allowed a blocked user to access sensitive information by establishing GraphQL subscriptions through WebSocket connections. | |||||
| CVE-2025-2565 | 1 Liferay | 2 Digital Experience Platform, Liferay Portal | 2026-06-17 | N/A | 4.3 MEDIUM |
| The data exposure vulnerability in Liferay Portal 7.4.0 through 7.4.3.126, and Liferay DXP 2024.Q3.0, 2024.Q2.0 through 2024.Q2.12, 2024.Q1.1 through 2024.Q1.12, 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92 allows an unauthorized user to obtain entry data from forms. | |||||
| CVE-2025-27244 | 2026-06-17 | N/A | 5.9 MEDIUM | ||
| AssetView and AssetView CLOUD contain an issue with acquiring sensitive information from sent data to the developer. If exploited, sensitive information may be obtained by a remote unauthenticated attacker. | |||||
| CVE-2025-27001 | 2026-06-17 | N/A | 6.5 MEDIUM | ||
| Insertion of Sensitive Information Into Sent Data vulnerability in Shipmondo Shipmondo – A complete shipping solution for WooCommerce pakkelabels-for-woocommerce allows Retrieve Embedded Sensitive Data.This issue affects Shipmondo – A complete shipping solution for WooCommerce: from n/a through <= 5.0.3. | |||||
| CVE-2025-26335 | 1 Dell | 1 Powerprotect Cyber Recovery | 2026-06-17 | N/A | 5.8 MEDIUM |
| Dell PowerProtect Cyber Recovery, versions prior to 19.18.0.2, contains an Insertion of Sensitive Information Into Sent Data vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Information exposure. | |||||
| CVE-2025-26318 | 2026-06-17 | N/A | 5.8 MEDIUM | ||
| hb.exe in TSplus Remote Access before 17.30 2024-10-30 allows remote attackers to retrieve a list of all domain accounts currently connected to the application. | |||||
| CVE-2025-24858 | 2026-06-17 | N/A | N/A | ||
| Develocity (formerly Gradle Enterprise) before 2024.3.1 allows an attacker who has network access to a Develocity server to obtain the hashed password of the system user. The hash algorithm used by Develocity was chosen according to best practices for password storage and provides some protection against brute-force attempts. The applicable severity of this vulnerability depends on whether a Develocity server is accessible by external or unauthorized users, and the complexity of the System User password. | |||||
| CVE-2025-24639 | 2026-06-17 | N/A | 6.5 MEDIUM | ||
| Insertion of Sensitive Information Into Sent Data vulnerability in Greys Korea for WooCommerce korea-for-woocommerce allows Retrieve Embedded Sensitive Data.This issue affects Korea for WooCommerce: from n/a through <= 1.1.11. | |||||
| CVE-2025-24597 | 2026-06-17 | N/A | 6.5 MEDIUM | ||
| Insertion of Sensitive Information Into Sent Data vulnerability in Dmitry V. (CEO of "UKR Solution") Barcode Generator for WooCommerce embedding-barcodes-into-product-pages-and-orders allows Retrieve Embedded Sensitive Data.This issue affects Barcode Generator for WooCommerce: from n/a through <= 2.0.2. | |||||
| CVE-2025-24582 | 2026-06-17 | N/A | 5.3 MEDIUM | ||
| Insertion of Sensitive Information Into Sent Data vulnerability in AA Web Servant 12 Step Meeting List 12-step-meeting-list allows Retrieve Embedded Sensitive Data.This issue affects 12 Step Meeting List: from n/a through <= 3.16.5. | |||||
| CVE-2025-24567 | 2026-06-17 | N/A | 6.5 MEDIUM | ||
| Insertion of Sensitive Information Into Sent Data vulnerability in brandtoss WP Mailster wp-mailster allows Retrieve Embedded Sensitive Data.This issue affects WP Mailster: from n/a through <= 1.8.16.0. | |||||
| CVE-2025-23781 | 2026-06-17 | N/A | 7.5 HIGH | ||
| Insertion of Sensitive Information Into Sent Data vulnerability in Web Mumbai WM Options Import Export wm-options-import-export allows Retrieve Embedded Sensitive Data.This issue affects WM Options Import Export: from n/a through <= 1.0.1. | |||||
| CVE-2025-23774 | 2026-06-17 | N/A | 7.5 HIGH | ||
| Insertion of Sensitive Information Into Sent Data vulnerability in Niket Joshi WPDB to Sql wpdb-to-sql allows Retrieve Embedded Sensitive Data.This issue affects WPDB to Sql: from n/a through <= 1.2. | |||||
| CVE-2025-22303 | 1 Wpmailster | 1 Wp Mailster | 2026-06-17 | N/A | 5.3 MEDIUM |
| Insertion of Sensitive Information Into Sent Data vulnerability in brandtoss WP Mailster wp-mailster allows Retrieve Embedded Sensitive Data.This issue affects WP Mailster: from n/a through <= 1.8.17.0. | |||||
| CVE-2025-20789 | 2 Google, Mediatek | 7 Android, Mt6781, Mt6833 and 4 more | 2026-06-17 | N/A | 4.4 MEDIUM |
| In GPU pdma, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS10117741; Issue ID: MSV-4538. | |||||
| CVE-2025-20348 | 1 Cisco | 1 Nexus Dashboard | 2026-06-17 | N/A | 5.0 MEDIUM |
| A vulnerability in the REST API endpoints of Cisco Nexus Dashboard and Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an authenticated, low-privileged, remote attacker to view sensitive information or upload and modify files on an affected device. This vulnerability exists because of missing authorization controls on some REST API endpoints. An attacker could exploit th vulnerability by sending crafted API requests to an affected endpoint. A successful exploit could allow the attacker to perform limited Administrator functions, such as accessing sensitive information regarding HTTP Proxy and NTP configurations, uploading images, and damaging image files on an affected device. | |||||
| CVE-2025-15329 | 1 Tanium | 1 Threat Response | 2026-06-17 | N/A | 4.9 MEDIUM |
| Tanium addressed an information disclosure vulnerability in Threat Response. | |||||