Total
12 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-29981 | 2025-04-02 | N/A | 7.5 HIGH | ||
| Dell Wyse Management Suite, versions prior to WMS 5.1, contains an Exposure of Sensitive Information Through Data Queries vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure. | |||||
| CVE-2023-0785 | 1 Mayurik | 1 Best Online News Portal | 2025-03-07 | 2.6 LOW | 3.7 LOW |
| A vulnerability classified as problematic was found in SourceCodester Best Online News Portal 1.0. Affected by this vulnerability is an unknown functionality of the file check_availability.php. The manipulation of the argument username leads to exposure of sensitive information through data queries. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-220645 was assigned to this vulnerability. | |||||
| CVE-2025-25205 | 2025-02-12 | N/A | 8.2 HIGH | ||
| Audiobookshelf is a self-hosted audiobook and podcast server. Starting in version 2.17.0 and prior to version 2.19.1, a flaw in the authentication bypass logic allows unauthenticated requests to match certain unanchored regex patterns in the URL. Attackers can craft URLs containing substrings like "/api/items/1/cover" in a query parameter (?r=/api/items/1/cover) to partially bypass authentication or trigger server crashes under certain routes. This could lead to information disclosure of otherwise protected data and, in some cases, a complete denial of service (server crash) if downstream code expects an authenticated user object. Version 2.19.1 contains a patch for the issue. | |||||
| CVE-2024-13255 | 2025-01-10 | N/A | 7.5 HIGH | ||
| Exposure of Sensitive Information Through Data Queries vulnerability in Drupal RESTful Web Services allows Forceful Browsing.This issue affects RESTful Web Services: from 7.X-2.0 before 7.X-2.10. | |||||
| CVE-2024-20388 | 1 Cisco | 3 Firepower Management Center, Firepower Threat Defense, Secure Firewall Management Center | 2024-11-26 | N/A | 5.3 MEDIUM |
| A vulnerability in the password change feature of Cisco Firepower Management Center (FMC) software could allow an unauthenticated, remote attacker to determine valid user names on an affected device. This vulnerability is due to improper authentication of password update responses. An attacker could exploit this vulnerability by forcing a password reset on an affected device. A successful exploit could allow the attacker to determine valid user names in the unauthenticated response to a forced password reset. | |||||
| CVE-2024-38897 | 2024-11-21 | N/A | 5.3 MEDIUM | ||
| WAVLINK WN551K1'live_check.shtml enables attackers to obtain sensitive router information. | |||||
| CVE-2024-38895 | 2024-11-21 | N/A | 5.3 MEDIUM | ||
| WAVLINK WN551K1'live_mfg.shtml enables attackers to obtain sensitive router information. | |||||
| CVE-2024-38892 | 2024-11-21 | N/A | 6.5 MEDIUM | ||
| An issue in Wavlink WN551K1 allows a remote attacker to obtain sensitive information via the ExportAllSettings.sh component. | |||||
| CVE-2024-1287 | 2024-11-21 | N/A | 6.5 MEDIUM | ||
| The pmpro-member-directory WordPress plugin before 1.2.6 does not prevent users with at least the contributor role from leaking other users' sensitive information, including password hashes. | |||||
| CVE-2021-32743 | 2 Debian, Icinga | 2 Debian Linux, Icinga | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. In versions prior to 2.11.10 and from version 2.12.0 through version 2.12.4, some of the Icinga 2 features that require credentials for external services expose those credentials through the API to authenticated API users with read permissions for the corresponding object types. IdoMysqlConnection and IdoPgsqlConnection (every released version) exposes the password of the user used to connect to the database. IcingaDB (added in 2.12.0) exposes the password used to connect to the Redis server. ElasticsearchWriter (added in 2.8.0)exposes the password used to connect to the Elasticsearch server. An attacker who obtains these credentials can impersonate Icinga to these services and add, modify and delete information there. If credentials with more permissions are in use, this increases the impact accordingly. Starting with the 2.11.10 and 2.12.5 releases, these passwords are no longer exposed via the API. As a workaround, API user permissions can be restricted to not allow querying of any affected objects, either by explicitly listing only the required object types for object query permissions, or by applying a filter rule. | |||||
| CVE-2021-1372 | 1 Cisco | 2 Webex Meetings, Webex Meetings Server | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| A vulnerability in Cisco Webex Meetings Desktop App and Webex Productivity Tools for Windows could allow an authenticated, local attacker to gain access to sensitive information on an affected system. This vulnerability is due to the unsafe usage of shared memory by the affected software. An attacker with permissions to view system memory could exploit this vulnerability by running an application on the local system that is designed to read shared memory. A successful exploit could allow the attacker to retrieve sensitive information from the shared memory, including usernames, meeting information, or authentication tokens. Note: To exploit this vulnerability, an attacker must have valid credentials on a Microsoft Windows end-user system and must log in after another user has already authenticated with Webex on the same end-user system. | |||||
| CVE-2024-6400 | 1 Finrota | 1 Finrota | 2024-11-12 | N/A | 7.5 HIGH |
| Cleartext Storage of Sensitive Information vulnerability in Finrota Netahsilat allows Retrieve Embedded Sensitive Data.This issue solved in versions 1.21.10, 1.23.01, 1.23.08, 1.23.11 and 1.24.03. | |||||