Total
157 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-13216 | 2026-04-15 | N/A | 4.3 MEDIUM | ||
| The HT Event – WordPress Event Manager Plugin for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.7 via the 'render' function in /includes/widgets/htevent_sponsor.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, scheduled, and draft template data. | |||||
| CVE-2025-35981 | 2026-04-15 | N/A | 5.5 MEDIUM | ||
| Exposure of Private Personal Information to an Unauthorized Actor (CWE-359) in the Command Centre Server allows a privileged Operator to view limited personal data about a Cardholder they would not normally have permissions to view. This issue affects Command Centre Server: 9.30.1874 (MR1), 9.20.2337 (MR3), 9.10.3194 (MR6). | |||||
| CVE-2025-24355 | 2026-04-15 | N/A | 7.1 HIGH | ||
| Updatecli is a tool used to apply file update strategies. Prior to version 0.93.0, private maven repository credentials may be leaked in application logs in case of unsuccessful retrieval operation. During the execution of an updatecli pipeline which contains a `maven` source configured with basic auth credentials, the credentials are being leaked in the application execution logs in case of failure. Credentials are properly sanitized when the operation is successful but not when for whatever reason there is a failure in the maven repository, e.g. wrong coordinates provided, not existing artifact or version. Version 0.93.0 contains a patch for the issue. | |||||
| CVE-2024-33271 | 2026-04-15 | N/A | 7.5 HIGH | ||
| An issue in FME Modules eventsmanager before 4.4.0 allows an attacker to obtain sensitive information from the ps_customer component. | |||||
| CVE-2025-11598 | 2026-04-15 | N/A | N/A | ||
| In mObywatel iOS application an unauthorized user can use the App Switcher to view the account owner's personal information in the minimized app window, even after the login session has ended (reopening the app would require the user to log in). The data exposed depends on the last application view displayed before the application was minimized This issue was fixed in version 4.71.0 | |||||
| CVE-2024-13953 | 2026-04-15 | N/A | 4.9 MEDIUM | ||
| Sensitive device logger information in ASPECT may be exposed if administrator credentials become compromisedThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*. | |||||
| CVE-2025-12536 | 2026-04-15 | N/A | 5.3 MEDIUM | ||
| The SureForms plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.13.1 via the '_srfm_email_notification' post meta registration. This is due to setting the 'auth_callback' parameter to '__return_true', which allows unauthenticated access to the metadata. This makes it possible for unauthenticated attackers to extract sensitive data including email notification configurations, which frequently contain vendor-provided CRM/help desk dropbox addresses, CC/BCC recipients, and notification templates that can be abused to inject malicious data into downstream systems. | |||||
| CVE-2025-3035 | 1 Mozilla | 1 Firefox | 2026-04-13 | N/A | 5.3 MEDIUM |
| By first using the AI chatbot in one tab and later activating it in another tab, the document title of the previous tab would leak into the chat prompt. This vulnerability was fixed in Firefox 137. | |||||
| CVE-2025-1939 | 1 Mozilla | 1 Firefox | 2026-04-13 | N/A | 3.9 LOW |
| Android apps can load web pages using the Custom Tabs feature. This feature supports a transition animation that could have been used to trick a user into granting sensitive permissions by hiding what the user was actually clicking. This vulnerability was fixed in Firefox 136. | |||||
| CVE-2025-10859 | 1 Mozilla | 1 Firefox | 2026-04-13 | N/A | 4.0 MEDIUM |
| Cookie storage for non-HTML temporary documents was being shared incorrectly with normal browsing content, allowing information from private tabs to escape Incognito mode even after the user closed all tabs. This vulnerability was fixed in Firefox for iOS 143.1. | |||||
| CVE-2023-6630 | 1 Rocklobster | 1 Contact Form 7 | 2026-04-08 | N/A | 4.3 MEDIUM |
| The Contact Form 7 – Dynamic Text Extension plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.1.0 via the CF7_get_custom_field and CF7_get_current_user shortcodes due to missing validation on a user controlled key. This makes it possible for authenticated attackers with contributor access or higher to access arbitrary metadata of any post type, referencing the post by id and the meta by key. | |||||
| CVE-2023-7014 | 1 Amitzy | 1 Molongui Authorship | 2026-04-08 | N/A | 5.3 MEDIUM |
| The Author Box, Guest Author and Co-Authors for Your Posts – Molongui plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.7.4 via the 'ma_debu' parameter. This makes it possible for unauthenticated attackers to extract sensitive data including post author emails and names if applicable. | |||||
| CVE-2023-6695 | 1 Fastlinemedia | 1 Beaver Themer | 2026-04-08 | N/A | 6.5 MEDIUM |
| The Beaver Themer plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.9 via the 'wpbb' shortcode. This makes it possible for authenticated attackers, with contributor access and above, to extract sensitive data including arbitrary user_meta values. | |||||
| CVE-2025-43500 | 1 Apple | 4 Ipados, Iphone Os, Visionos and 1 more | 2026-04-02 | N/A | 7.5 HIGH |
| A privacy issue was addressed with improved handling of user preferences. This issue is fixed in iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, visionOS 26.1, watchOS 26.1. An app may be able to access sensitive user data. | |||||
| CVE-2025-43496 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2026-04-02 | N/A | 7.5 HIGH |
| The issue was addressed by adding additional logic. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Sequoia 15.7.2, macOS Tahoe 26.1, visionOS 26.1, watchOS 26.1. Remote content may be loaded even when the 'Load Remote Images' setting is turned off. | |||||
| CVE-2025-43469 | 1 Apple | 1 Macos | 2026-04-02 | N/A | 5.5 MEDIUM |
| A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1. An app may be able to access sensitive user data. | |||||
| CVE-2025-43405 | 1 Apple | 1 Macos | 2026-04-02 | N/A | 7.5 HIGH |
| A permissions issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1. An app may be able to access user-sensitive data. | |||||
| CVE-2025-43389 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2026-04-02 | N/A | 5.5 MEDIUM |
| A privacy issue was addressed by removing the vulnerable code. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1, visionOS 26.1. An app may be able to access sensitive user data. | |||||
| CVE-2025-43310 | 1 Apple | 1 Macos | 2026-04-02 | N/A | 4.4 MEDIUM |
| A configuration issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to trick a user into copying sensitive data to the pasteboard. | |||||
| CVE-2025-43301 | 1 Apple | 1 Macos | 2026-04-02 | N/A | 3.3 LOW |
| A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to access contact info related to notifications in Notification Center. | |||||