Total
264 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-63051 | 2026-01-28 | N/A | 4.3 MEDIUM | ||
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in sizam REHub Framework rehub-framework allows Retrieve Embedded Sensitive Data.This issue affects REHub Framework: from n/a through < 19.9.9.4. | |||||
| CVE-2025-68046 | 2026-01-28 | N/A | 6.5 MEDIUM | ||
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in ThemeHunk Contact Form & Lead Form Elementor Builder lead-form-builder allows Retrieve Embedded Sensitive Data.This issue affects Contact Form & Lead Form Elementor Builder: from n/a through <= 2.0.1. | |||||
| CVE-2025-47319 | 1 Qualcomm | 236 Ar8035, Ar8035 Firmware, Fastconnect 6200 and 233 more | 2026-01-28 | N/A | 6.7 MEDIUM |
| Information disclosure while exposing internal TA-to-TA communication APIs to HLOS | |||||
| CVE-2025-39589 | 1 Wpdeveloper | 1 Essential Addons For Elementor | 2026-01-28 | N/A | 4.3 MEDIUM |
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPDeveloper Essential Addons for Elementor allows Retrieve Embedded Sensitive Data. This issue affects Essential Addons for Elementor: from n/a through 6.1.9. | |||||
| CVE-2025-58585 | 1 Sick | 4 Baggage Analytics, Logistic Diagnostic Analytics, Package Analytics and 1 more | 2026-01-27 | N/A | 5.3 MEDIUM |
| Multiple endpoints with sensitive information do not require authentication, making the application susceptible to information gathering. | |||||
| CVE-2025-58579 | 1 Sick | 5 Baggage Analytics, Enterprise Analytics, Logistic Diagnostic Analytics and 2 more | 2026-01-27 | N/A | 5.3 MEDIUM |
| Due to a lack of authentication, it is possible for an unauthenticated user to request data from this endpoint, making the application vulnerable for user enumeration. | |||||
| CVE-2025-58583 | 1 Sick | 1 Enterprise Analytics | 2026-01-27 | N/A | 5.3 MEDIUM |
| The application provides access to a login protected H2 database for caching purposes. The username is prefilled. | |||||
| CVE-2026-24536 | 2026-01-26 | N/A | 7.5 HIGH | ||
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in webpushr Webpushr webpushr-web-push-notifications allows Retrieve Embedded Sensitive Data.This issue affects Webpushr: from n/a through <= 4.38.0. | |||||
| CVE-2026-24523 | 2026-01-26 | N/A | 7.5 HIGH | ||
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Marcus (aka @msykes) WP FullCalendar wp-fullcalendar allows Retrieve Embedded Sensitive Data.This issue affects WP FullCalendar: from n/a through <= 1.6. | |||||
| CVE-2026-24377 | 2026-01-26 | N/A | 7.5 HIGH | ||
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in POSIMYTH Nexter Blocks the-plus-addons-for-block-editor allows Retrieve Embedded Sensitive Data.This issue affects Nexter Blocks: from n/a through <= 4.6.3. | |||||
| CVE-2026-24553 | 2026-01-26 | N/A | 4.3 MEDIUM | ||
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Dotstore Fraud Prevention For Woocommerce woo-blocker-lite-prevent-fake-orders-and-blacklist-fraud-customers allows Retrieve Embedded Sensitive Data.This issue affects Fraud Prevention For Woocommerce: from n/a through <= 2.3.1. | |||||
| CVE-2026-24593 | 2026-01-26 | N/A | 5.3 MEDIUM | ||
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Strategy11 Team AWP Classifieds another-wordpress-classifieds-plugin allows Retrieve Embedded Sensitive Data.This issue affects AWP Classifieds: from n/a through <= 4.4.3. | |||||
| CVE-2025-59098 | 2026-01-26 | N/A | N/A | ||
| The Access Manager is offering a trace functionality to debug errors and issues with the device. The trace functionality is implemented as a simple TCP socket. A tool called TraceClient.exe, provided by dormakaba via the Access Manager web interface, is used to connect to the socket and receive debug information. The data is permanently broadcasted on the TCP socket. The socket can be accessed without any authentication or encryption. The transmitted data is based on the set verbosity level. The verbosity level can be set using the http(s) endpoint with the service interface password or with the guessable identifier of the device via the SOAP interface. The transmitted data contains sensitive data like the Card ID as well as all button presses on Registration units. This allows an attacker with network level access to retrieve all entered PINs on a registration unit. | |||||
| CVE-2026-22915 | 1 Sick | 2 Tdc-x401gl, Tdc-x401gl Firmware | 2026-01-23 | N/A | 4.3 MEDIUM |
| An attacker with low privileges may be able to read files from specific directories on the device, potentially exposing sensitive information. | |||||
| CVE-2020-36922 | 1 Sony | 1 Bravia Signage | 2026-01-22 | N/A | 7.5 HIGH |
| Sony BRAVIA Digital Signage 1.7.8 contains an information disclosure vulnerability that allows unauthenticated attackers to access sensitive system details through API endpoints. Attackers can retrieve network interface information, server configurations, and system metadata by sending requests to the exposed system API. | |||||
| CVE-2026-0887 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-01-22 | N/A | 4.3 MEDIUM |
| Clickjacking issue, information disclosure in the PDF Viewer component. This vulnerability affects Firefox < 147, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7. | |||||
| CVE-2025-69026 | 2026-01-20 | N/A | 4.3 MEDIUM | ||
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Roxnor PopupKit popup-builder-block allows Retrieve Embedded Sensitive Data.This issue affects PopupKit: from n/a through <= 2.1.5. | |||||
| CVE-2025-69025 | 2026-01-20 | N/A | 4.3 MEDIUM | ||
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Aethonic Poptics: AI-Powered Popup Builder for Lead Generation, Conversions, Exit-Intent, Email Opt-ins & WooCommerce Sales poptics allows Retrieve Embedded Sensitive Data.This issue affects Poptics: AI-Powered Popup Builder for Lead Generation, Conversions, Exit-Intent, Email Opt-ins & WooCommerce Sales: from n/a through <= 1.0.20. | |||||
| CVE-2025-68988 | 2026-01-20 | N/A | 7.5 HIGH | ||
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in o2oe E-Invoice App Malaysia einvoiceapp-malaysia allows Retrieve Embedded Sensitive Data.This issue affects E-Invoice App Malaysia: from n/a through <= 1.1.0. | |||||
| CVE-2025-68606 | 2026-01-20 | N/A | 7.5 HIGH | ||
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPXPO PostX ultimate-post allows Retrieve Embedded Sensitive Data.This issue affects PostX: from n/a through <= 5.0.3. | |||||