Total
283 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-64267 | 2026-01-20 | N/A | 4.3 MEDIUM | ||
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPSwings WooCommerce Ultimate Points And Rewards woocommerce-ultimate-points-and-rewards allows Retrieve Embedded Sensitive Data.This issue affects WooCommerce Ultimate Points And Rewards: from n/a through <= 2.10.2. | |||||
| CVE-2025-64228 | 2026-01-20 | N/A | 4.3 MEDIUM | ||
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in FantasticPlugins SUMO Affiliates Pro affs allows Retrieve Embedded Sensitive Data.This issue affects SUMO Affiliates Pro: from n/a through <= 11.0.0. | |||||
| CVE-2025-63070 | 2026-01-20 | N/A | 4.3 MEDIUM | ||
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Shahjada Download Manager download-manager allows Retrieve Embedded Sensitive Data.This issue affects Download Manager: from n/a through <= 3.3.32. | |||||
| CVE-2025-63013 | 2026-01-20 | N/A | 4.3 MEDIUM | ||
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in ThimPress WP Hotel Booking wp-hotel-booking allows Retrieve Embedded Sensitive Data.This issue affects WP Hotel Booking: from n/a through <= 2.2.7. | |||||
| CVE-2025-63009 | 2026-01-20 | N/A | 5.3 MEDIUM | ||
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in yuvalo WP Google Analytics Events wp-google-analytics-events allows Retrieve Embedded Sensitive Data.This issue affects WP Google Analytics Events: from n/a through <= 2.8.2. | |||||
| CVE-2025-62737 | 2026-01-20 | N/A | 5.3 MEDIUM | ||
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in opicron Image Cleanup image-cleanup allows Retrieve Embedded Sensitive Data.This issue affects Image Cleanup: from n/a through <= 1.9.2. | |||||
| CVE-2025-62735 | 2026-01-20 | N/A | 5.3 MEDIUM | ||
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Joel User Spam Remover user-spam-remover allows Retrieve Embedded Sensitive Data.This issue affects User Spam Remover: from n/a through <= 1.1. | |||||
| CVE-2025-59575 | 2026-01-20 | N/A | 5.0 MEDIUM | ||
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Stylemix MasterStudy LMS masterstudy-lms-learning-management-system allows Retrieve Embedded Sensitive Data.This issue affects MasterStudy LMS: from n/a through <= 3.6.20. | |||||
| CVE-2025-52752 | 2026-01-20 | N/A | 6.5 MEDIUM | ||
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in ThemeAtelier IDonatePro idonate-pro allows Retrieve Embedded Sensitive Data.This issue affects IDonatePro: from n/a through <= 2.1.9. | |||||
| CVE-2025-49914 | 2026-01-20 | N/A | 6.5 MEDIUM | ||
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in jetmonsters Restaurant Menu by MotoPress mp-restaurant-menu allows Retrieve Embedded Sensitive Data.This issue affects Restaurant Menu by MotoPress: from n/a through <= 2.4.7. | |||||
| CVE-2026-0853 | 2026-01-13 | N/A | 5.3 MEDIUM | ||
| Certain NVR models developed by A-Plus Video Technologies has a Sensitive Data Exposure vulnerability, allowing unauthenticated remote attackers to access the debug page and obtain device status information. | |||||
| CVE-2026-0494 | 2026-01-13 | N/A | 4.3 MEDIUM | ||
| Under certain conditions SAP Fiori App Intercompany Balance Reconciliation application allows an attacker to access information which would otherwise be restricted. This has low impact on confidentiality of the application, integrity and availability are not impacted. | |||||
| CVE-2025-24473 | 1 Fortinet | 1 Forticlient | 2026-01-08 | N/A | 3.7 LOW |
| A exposure of sensitive system information to an unauthorized control sphere vulnerability in Fortinet FortiClientWindows 7.2.0 through 7.2.1, FortiClientWindows 7.0.13 through 7.0.14 may allow an unauthorized remote attacker to view application information via navigation to a hosted webpage, if Windows is configured to accept incoming connections to port 8053 (non-default setup) | |||||
| CVE-2025-31051 | 2026-01-08 | N/A | 5.3 MEDIUM | ||
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in EngoTheme Plant - Gardening & Houseplants WordPress Theme allows Retrieve Embedded Sensitive Data.This issue affects Plant - Gardening & Houseplants WordPress Theme: from n/a through 1.0.0. | |||||
| CVE-2026-22537 | 2026-01-08 | N/A | N/A | ||
| The lack of hardening of the system allows the user used to manage and maintain the charger to consult different files containing clear-text credentials or valuable information for an attacker. | |||||
| CVE-2025-9110 | 1 Qnap | 2 Qts, Quts Hero | 2026-01-06 | N/A | 7.5 HIGH |
| An exposure of sensitive system information to an unauthorized control sphere vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to read application data. We have already fixed the vulnerability in the following versions: QTS 5.2.8.3332 build 20251128 and later QuTS hero h5.2.8.3321 build 20251117 and later QuTS hero h5.3.1.3250 build 20250912 and later | |||||
| CVE-2025-68943 | 1 Gitea | 1 Gitea | 2025-12-31 | N/A | 5.3 MEDIUM |
| Gitea before 1.21.8 inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order. | |||||
| CVE-2025-36229 | 1 Ibm | 1 Aspera Faspex | 2025-12-29 | N/A | 3.1 LOW |
| IBM Aspera Faspex 5 5.0.0 through 5.0.14.1 could allow authenticated users to enumerate sensitive information of data due by enumerating package identifiers. | |||||
| CVE-2019-25228 | 1 Kentico | 1 Xperience | 2025-12-24 | N/A | 5.3 MEDIUM |
| An information disclosure vulnerability in Kentico Xperience allows attackers to leak virtual context URLs via the HTTP Referer header when users interact with third-party domains. Sensitive virtual context information can be exposed to external domains through page builder interactions and link/image loading. | |||||
| CVE-2019-25230 | 1 Kentico | 1 Xperience | 2025-12-24 | N/A | 4.3 MEDIUM |
| An information disclosure vulnerability in Kentico Xperience allows authenticated users to view sensitive system objects through the live site widget properties dialog. Attackers can exploit this vulnerability to access unauthorized system information without proper access controls. | |||||