Total
157 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-41729 | 2026-04-15 | N/A | 4.3 MEDIUM | ||
| Due to missing authorization checks, SAP BEx Analyzer allows an authenticated attacker to access information over the network which is otherwise restricted. On successful exploitation the attacker can enumerate information causing a limited impact on confidentiality of the application. | |||||
| CVE-2025-27080 | 2026-04-15 | N/A | 6.0 MEDIUM | ||
| Vulnerabilities in the command line interface of AOS-CX could allow an authenticated remote attacker to expose sensitive information. Successful exploitation could allow an attacker to gain unauthorized access to services outside of the impacted switch, potentially leading to lateral movement involving those services. | |||||
| CVE-2024-30321 | 2026-04-15 | N/A | 5.9 MEDIUM | ||
| A vulnerability has been identified in SIMATIC PCS 7 V9.1 (All versions < V9.1 SP2 UC05), SIMATIC WinCC Runtime Professional V18 (All versions < V18 Update 5), SIMATIC WinCC Runtime Professional V19 (All versions < V19 Update 2), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Update 23), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 17), SIMATIC WinCC V8.0 (All versions < V8.0 Update 5). The affected products do not properly handle certain requests to their web application, which may lead to the leak of privileged information. This could allow an unauthenticated remote attacker to retrieve information such as users and passwords. | |||||
| CVE-2025-20060 | 2026-04-15 | N/A | 7.5 HIGH | ||
| An attacker could expose cross-user personal identifiable information (PII) and personal health information transmitted to the Android device via the Dario Health application database. | |||||
| CVE-2025-62362 | 2026-04-15 | N/A | N/A | ||
| gpp-burgerportaal is a Dutch government citizen portal application. In versions before 2.0.3, 3.0.2, and 4.0.1, the name and email address of employees who publish content are exposed in network responses and can be discovered by viewing the browser's developer tools network tab. This information disclosure may violate employee privacy expectations and could be used for targeted attacks or unwanted contact. This issue has been patched in versions 2.0.3, 3.0.2, and 4.0.1. No known workarounds exist. | |||||
| CVE-2025-53625 | 2026-04-15 | N/A | N/A | ||
| The DynamicPageList3 extension is a reporting tool for MediaWiki, listing category members and intersections with various formats and details. Several #dpl parameters can leak usernames that have been hidden using revision deletion, suppression, or the hideuser block flag. The vulnerability is fixed in 3.6.4. | |||||
| CVE-2024-11206 | 2026-04-15 | N/A | 7.5 HIGH | ||
| Unauthorized access vulnerability in the mobile application (com.transsion.phoenix) can lead to the leakage of user information. | |||||
| CVE-2023-50053 | 2026-04-15 | N/A | 7.6 HIGH | ||
| An issue in Foundation.app Foundation platform 1.0 allows a remote attacker to obtain sensitive information via the Web3 authentication process of Foundation, the signed message lacks a nonce (random number) | |||||
| CVE-2025-13008 | 2026-04-15 | N/A | N/A | ||
| An information disclosure vulnerability in M-Files Server before versions 25.12.15491.7, 25.8 LTS SR3, 25.2 LTS SR3 and 24.8 LTS SR5 allows an authenticated attacker using M-Files Web to capture session tokens of other active users. | |||||
| CVE-2025-5009 | 2026-04-15 | N/A | N/A | ||
| In Gemini iOS, when a user shared a snippet of a conversation, it would share the entire conversation via a sharable public link that contained the entire conversation history and not just the snippet. | |||||
| CVE-2025-41685 | 2026-04-15 | N/A | 6.5 MEDIUM | ||
| A low-privileged remote attacker can obtain the username of another registered Sunny Portal user by entering that user's email address. | |||||
| CVE-2025-26816 | 2026-04-15 | N/A | 6.5 MEDIUM | ||
| A vulnerability in Intrexx Portal Server 12.0.2 and earlier which was classified as problematic potentially allows users with particular permissions under certain conditions to see potentially sensitive data from a different user context. | |||||
| CVE-2024-36677 | 2026-04-15 | N/A | 7.5 HIGH | ||
| In the module "Login as customer PRO" (loginascustomerpro) <1.2.7 from Weblir for PrestaShop, a guest can access direct link to connect to each customer account of the Shop if the module is not installed OR if a secret accessible to administrator is stolen. | |||||
| CVE-2025-25042 | 2026-04-15 | N/A | 4.3 MEDIUM | ||
| A vulnerability in the AOS-CX REST interface could allow an authenticated remote attacker with low privileges to view sensitive information. Successful exploitation could allow an attacker to read encrypted credentials of other users on the switch, potentially leading to further unauthorized access or data breaches. | |||||
| CVE-2025-14317 | 2026-04-15 | N/A | N/A | ||
| In Crazy Bubble Tea mobile application authenticated attacker can obtain personal information about other users by enumerating a `loyaltyGuestId` parameter. Server does not verify the permissions required to obtain the data. This issue was fixed in version 915 (Android) and 7.4.1 (iOS). | |||||
| CVE-2025-0683 | 2026-04-15 | N/A | 5.9 MEDIUM | ||
| In its default configuration, Contec Health CMS8000 Patient Monitor transmits plain-text patient data to a hard-coded public IP address when a patient is hooked up to the monitor. This could lead to a leakage of confidential patient data to any device with that IP address or an attacker in a machine-in-the-middle scenario. | |||||
| CVE-2024-36682 | 2026-04-15 | N/A | 7.5 HIGH | ||
| In the module "Theme settings" (pk_themesettings) <= 1.8.8 from Promokit.eu for PrestaShop, a guest can download all email collected while SHOP is in maintenance mode. Due to a lack of permissions control, a guest can access the txt file which collect email when maintenance is enable which can lead to leak of personal information. | |||||
| CVE-2025-52602 | 2026-04-15 | N/A | 4.2 MEDIUM | ||
| HCL BigFix Query is affected by a sensitive information disclosure in the WebUI Query application. An HTTP GET endpoint request returns discoverable responses that may disclose: group names, active user names (or IDs). An attacker can use that information to target individuals with phishing or other social-engineering attacks. | |||||
| CVE-2025-0969 | 2026-04-15 | N/A | 6.5 MEDIUM | ||
| The Brizy – Page Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.7.16 via the get_users() function. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data including email addresses and hashed passwords of administrators. | |||||
| CVE-2024-44113 | 2026-04-15 | N/A | 4.3 MEDIUM | ||
| Due to missing authorization checks, SAP Business Warehouse (BEx Analyzer) allows an authenticated attacker to access information over the network which is otherwise restricted. On successful exploitation the attacker can enumerate information causing a limited impact on confidentiality of the application. | |||||