Total
301 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-31045 | 2026-04-23 | N/A | 7.5 HIGH | ||
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in elfsight elfsight Contact Form widget elfsight-contact-form allows Retrieve Embedded Sensitive Data.This issue affects elfsight Contact Form widget: from n/a through <= 2.3.1. | |||||
| CVE-2025-31003 | 2026-04-23 | N/A | 2.7 LOW | ||
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Bogdan Bendziukov Squeeze squeeze allows Retrieve Embedded Sensitive Data.This issue affects Squeeze: from n/a through <= 1.6. | |||||
| CVE-2025-30802 | 2026-04-23 | N/A | 4.3 MEDIUM | ||
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPBean Our Team Members our-team-members.This issue affects Our Team Members: from n/a through <= 2.2. | |||||
| CVE-2025-26911 | 2026-04-23 | N/A | 4.3 MEDIUM | ||
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Bowo System Dashboard system-dashboard allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects System Dashboard: from n/a through <= 2.8.18. | |||||
| CVE-2025-26758 | 2026-04-23 | N/A | 5.3 MEDIUM | ||
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in RebelCode Spotlight Social Media Feeds spotlight-social-photo-feeds allows Retrieve Embedded Sensitive Data.This issue affects Spotlight Social Media Feeds: from n/a through <= 1.7.1. | |||||
| CVE-2025-23969 | 2026-04-23 | N/A | 5.3 MEDIUM | ||
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in whassan KI Live Video Conferences ki-live-video-conferences allows Retrieve Embedded Sensitive Data.This issue affects KI Live Video Conferences: from n/a through <= 5.5.15. | |||||
| CVE-2024-53814 | 1 Analytify | 1 Analytify - Google Analytics Dashboard | 2026-04-23 | N/A | 6.5 MEDIUM |
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Adnan Analytify wp-analytify.This issue affects Analytify: from n/a through <= 5.4.3. | |||||
| CVE-2024-53768 | 2026-04-23 | N/A | 5.3 MEDIUM | ||
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in ideinteractive Content Audit Exporter content-audit-exporter allows Retrieve Embedded Sensitive Data.This issue affects Content Audit Exporter: from n/a through <= 1.1. | |||||
| CVE-2024-50528 | 1 Stacksmarket | 1 Stacks Mobile App Builder | 2026-04-23 | N/A | 7.5 HIGH |
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Stacks Stacks Mobile App Builder stacks-mobile-app-builder allows Retrieve Embedded Sensitive Data.This issue affects Stacks Mobile App Builder: from n/a through <= 5.2.3. | |||||
| CVE-2024-50425 | 2026-04-23 | N/A | 6.5 MEDIUM | ||
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Roland Murg WP Booking System wp-booking-system.This issue affects WP Booking System: from n/a through <= 2.0.19.10. | |||||
| CVE-2024-49252 | 2026-04-23 | N/A | 5.3 MEDIUM | ||
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in VaultDweller Leyka leyka.This issue affects Leyka: from n/a through <= 3.31.6. | |||||
| CVE-2024-48024 | 2026-04-23 | N/A | 7.5 HIGH | ||
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Fahad Mahmood Keep Backup Daily keep-backup-daily allows Retrieve Embedded Sensitive Data.This issue affects Keep Backup Daily: from n/a through <= 2.1.3. | |||||
| CVE-2026-32372 | 2026-04-22 | N/A | 5.3 MEDIUM | ||
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in RadiusTheme ShopBuilder – Elementor WooCommerce Builder Addons shopbuilder allows Retrieve Embedded Sensitive Data.This issue affects ShopBuilder – Elementor WooCommerce Builder Addons: from n/a through <= 3.2.4. | |||||
| CVE-2026-32405 | 2026-04-22 | N/A | 5.3 MEDIUM | ||
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in xtemos WoodMart woodmart allows Retrieve Embedded Sensitive Data.This issue affects WoodMart: from n/a through <= 8.3.9. | |||||
| CVE-2026-33617 | 1 Mbconnectline | 2 Mbconnect24, Mymbconnect24 | 2026-04-16 | N/A | 5.3 MEDIUM |
| An unauthenticated remote attacker can access a configuration file containing database credentials. This can result in a some loss of confidentiality, but there is no endpoint exposed to use these credentials. | |||||
| CVE-2025-30170 | 2026-04-15 | N/A | 5.5 MEDIUM | ||
| Exposure of file path, file size or file existence vulnerabilities in ASPECT provide attackers access to file system information if session administrator credentials become compromised. This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03. | |||||
| CVE-2025-63009 | 2026-04-15 | N/A | 5.3 MEDIUM | ||
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in yuvalo WP Google Analytics Events wp-google-analytics-events allows Retrieve Embedded Sensitive Data.This issue affects WP Google Analytics Events: from n/a through <= 2.8.2. | |||||
| CVE-2025-52752 | 2026-04-15 | N/A | 6.5 MEDIUM | ||
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in ThemeAtelier IDonatePro idonate-pro allows Retrieve Embedded Sensitive Data.This issue affects IDonatePro: from n/a through <= 2.1.9. | |||||
| CVE-2025-8597 | 2026-04-15 | N/A | N/A | ||
| MacVim's configuration on macOS, specifically the presence of entitlement "com.apple.security.get-task-allow", allows local attackers with unprivileged access (e.g. via a malicious application) to attach a debugger, read or modify the process memory, inject code in the application's context despite being signed with Hardened Runtime and bypass Transparency, Consent, and Control (TCC). Acquired resource access is limited to previously granted permissions by the user. Access to other resources beyond granted permissions requires user interaction with a system prompt asking for permission. According to Apple documentation, when a non-root user runs an app with the debugging tool entitlement, the system presents an authorization dialog asking for a system administrator's credentials. Since there is no prompt when the target process has "get-task-allow" entitlement, the presence of this entitlement was decided to be treated as a vulnerability because it removes one step needed to perform an attack. This issue was fixed in build r181.2 | |||||
| CVE-2024-39675 | 2026-04-15 | N/A | 8.8 HIGH | ||
| A vulnerability has been identified in RUGGEDCOM RMC30 (All versions < V4.3.10), RUGGEDCOM RMC30NC (All versions < V4.3.10), RUGGEDCOM RP110 (All versions < V4.3.10), RUGGEDCOM RP110NC (All versions < V4.3.10), RUGGEDCOM RS400 (All versions < V4.3.10), RUGGEDCOM RS400NC (All versions < V4.3.10), RUGGEDCOM RS401 (All versions < V4.3.10), RUGGEDCOM RS401NC (All versions < V4.3.10), RUGGEDCOM RS416 (All versions < V4.3.10), RUGGEDCOM RS416NC (All versions < V4.3.10), RUGGEDCOM RS416NCv2 V4.X (All versions < V4.3.10), RUGGEDCOM RS416NCv2 V5.X (All versions < V5.9.0), RUGGEDCOM RS416P (All versions < V4.3.10), RUGGEDCOM RS416PNC (All versions < V4.3.10), RUGGEDCOM RS416PNCv2 V4.X (All versions < V4.3.10), RUGGEDCOM RS416PNCv2 V5.X (All versions < V5.9.0), RUGGEDCOM RS416Pv2 V4.X (All versions < V4.3.10), RUGGEDCOM RS416Pv2 V5.X (All versions < V5.9.0), RUGGEDCOM RS416v2 V4.X (All versions < V4.3.10), RUGGEDCOM RS416v2 V5.X (All versions < V5.9.0), RUGGEDCOM RS910 (All versions < V4.3.10), RUGGEDCOM RS910L (All versions), RUGGEDCOM RS910LNC (All versions), RUGGEDCOM RS910NC (All versions < V4.3.10), RUGGEDCOM RS910W (All versions < V4.3.10), RUGGEDCOM RS920L (All versions), RUGGEDCOM RS920LNC (All versions), RUGGEDCOM RS920W (All versions). In some configurations the affected products wrongly enable the Modbus service in non-managed VLANS. Only serial devices are affected by this vulnerability. | |||||