Total
264 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-25228 | 1 Kentico | 1 Xperience | 2025-12-24 | N/A | 5.3 MEDIUM |
| An information disclosure vulnerability in Kentico Xperience allows attackers to leak virtual context URLs via the HTTP Referer header when users interact with third-party domains. Sensitive virtual context information can be exposed to external domains through page builder interactions and link/image loading. | |||||
| CVE-2019-25230 | 1 Kentico | 1 Xperience | 2025-12-24 | N/A | 4.3 MEDIUM |
| An information disclosure vulnerability in Kentico Xperience allows authenticated users to view sensitive system objects through the live site widget properties dialog. Attackers can exploit this vulnerability to access unauthorized system information without proper access controls. | |||||
| CVE-2024-58320 | 1 Kentico | 1 Xperience | 2025-12-24 | N/A | 5.3 MEDIUM |
| An information disclosure vulnerability in Kentico Xperience allows public users to access sensitive administration interface hostname details during authentication. Attackers can retrieve confidential hostname configuration information through a public endpoint, potentially exposing internal network details. | |||||
| CVE-2025-11545 | 2025-12-23 | N/A | N/A | ||
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Sharp Display Solutions projectors allows a attacker may improperly access the HTTP server and execute arbitrary actions. | |||||
| CVE-2025-34442 | 1 Wwbn | 1 Avideo | 2025-12-19 | N/A | 7.5 HIGH |
| AVideo versions prior to 20.1 disclose absolute filesystem paths via multiple public API endpoints. Returned metadata includes full server paths to media files, revealing underlying filesystem structure and facilitating more effective attack chains. | |||||
| CVE-2025-36162 | 1 Ibm | 1 Devops Deploy | 2025-12-18 | N/A | 4.3 MEDIUM |
| IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) 8.1 before 8.1.2.2 could allow an authenticated user to obtain sensitive information about configuration on the system. | |||||
| CVE-2025-43471 | 1 Apple | 1 Macos | 2025-12-16 | N/A | 5.5 MEDIUM |
| The issue was addressed with improved checks. This issue is fixed in macOS Tahoe 26.1. An app may be able to access sensitive user data. | |||||
| CVE-2025-43406 | 1 Apple | 1 Macos | 2025-12-16 | N/A | 5.5 MEDIUM |
| A logic issue was addressed with improved restrictions. This issue is fixed in macOS Tahoe 26.1. An app may be able to access sensitive user data. | |||||
| CVE-2025-14712 | 2025-12-15 | N/A | 7.5 HIGH | ||
| Student Learning Assessment and Support System developed by JHENG GAO has a Exposure of Sensitive Information vulnerability, allowing unauthenticated remote attackers to view a specific page and obtain test accounts and password. | |||||
| CVE-2025-58015 | 1 Ays-pro | 1 Quiz Maker | 2025-12-12 | N/A | 5.3 MEDIUM |
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Ays Pro Quiz Maker allows Retrieve Embedded Sensitive Data. This issue affects Quiz Maker: from n/a through 6.7.0.61. | |||||
| CVE-2025-36112 | 1 Ibm | 2 Sterling B2b Integrator, Sterling File Gateway | 2025-12-01 | N/A | 5.3 MEDIUM |
| IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7 and 6.2.0.0 through 6.2.0.5 and 6.2.1.1 could reveal sensitive server IP configuration information to an unauthorized user. | |||||
| CVE-2025-64061 | 1 Primakon | 1 Project Contract Management | 2025-12-01 | N/A | 4.3 MEDIUM |
| Primakon Pi Portal 1.0.18 /api/v2/users endpoint is vulnerable to unauthorized data exposure due to deficient access control mechanisms. Any authenticated user, regardless of their privilege level (including standard or low-privileged users), can make a GET request to this endpoint and retrieve a complete, unfiltered list of all registered application users. Crucially, the API response body for this endpoint includes password hashes. | |||||
| CVE-2025-36160 | 1 Ibm | 1 Concert | 2025-11-21 | N/A | 5.3 MEDIUM |
| IBM Concert 1.0.0 through 2.0.0 could disclose sensitive server information from HTTP response headers that could aid in further attacks against the system. | |||||
| CVE-2025-27368 | 1 Ibm | 1 Openpages | 2025-11-18 | N/A | 4.3 MEDIUM |
| IBM OpenPages 9.0 and 9.1 is vulnerable to information disclosure of sensitive information due to a weaker than expected security for certain REST end points used by the user interface of OpenPages. An authenticated user is able to obtain certain information about system metadata for areas beyond what the user is intended to view. | |||||
| CVE-2022-4985 | 2025-11-18 | N/A | N/A | ||
| Vodafone H500s devices running firmware v3.5.10 (hardware model Sercomm VFH500) expose the WiFi access point password via an unauthenticated HTTP endpoint. By sending a crafted GET request to /data/activation.json with specific headers and cookies, a remote attacker can retrieve a JSON document that contains the wifi_password field. This allows an unauthenticated attacker to obtain the WiFi credentials and gain unauthorized access to the wireless network, compromising confidentiality of network traffic and attached systems. | |||||
| CVE-2024-3774 | 1 Aenrich | 1 A\+hrd | 2025-11-17 | N/A | 5.3 MEDIUM |
| aEnrich Technology a+HRD's functionality for front-end retrieval of system configuration values lacks proper restrictions on a specific parameter, allowing attackers to modify this parameter to access certain sensitive system configuration values. | |||||
| CVE-2025-13160 | 2025-11-14 | N/A | 5.3 MEDIUM | ||
| IQ-Support developed by IQ Service International has a Exposure of Sensitive Information vulnerability, allowing unauthenticated remote attackers to access specific APIs to obtain sensitive information from the internal network. | |||||
| CVE-2025-12779 | 2025-11-10 | N/A | 8.8 HIGH | ||
| Improper handling of the authentication token in the Amazon WorkSpaces client for Linux, versions 2023.0 through 2024.8, may expose the authentication token for DCV-based WorkSpaces to other local users on the same client machine. Under certain circumstances, a local user may be able to extract another local user's authentication token from the shared client machine and access their WorkSpace. To mitigate this issue, users should upgrade to the Amazon WorkSpaces client for Linux version 2025.0 or later. | |||||
| CVE-2025-54459 | 1 Vertikalsystems | 1 Hospital Manager Backend Services | 2025-11-06 | N/A | 7.5 HIGH |
| Prior to September 19, 2025, the Hospital Manager Backend Services exposed the ASP.NET tracing endpoint /trace.axd without authentication, allowing a remote attacker to obtain live request traces and sensitive information such as request metadata, session identifiers, authorization headers, server variables, and internal file paths. | |||||
| CVE-2025-34283 | 1 Nagios | 1 Nagios Xi | 2025-11-06 | N/A | 6.5 MEDIUM |
| Nagios XI versions prior to 2024R1.4.2 revealed API keys to users who were not authorized for API access when using Neptune themes. An authenticated user without API privileges could view another user's or their own API key value. | |||||