Total
301 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-0036 | 2026-04-15 | N/A | 3.2 LOW | ||
| In AMD Versal Adaptive SoC devices, the incorrect configuration of the SSS during runtime (post-boot) cryptographic operations could cause data to be incorrectly written to and read from invalid locations as well as returning incorrect cryptographic data. | |||||
| CVE-2025-27721 | 2026-04-15 | N/A | 7.5 HIGH | ||
| Unauthorized users can access INFINITT PACS System Manager without proper authorization, which could lead to unauthorized access to system resources. | |||||
| CVE-2024-12993 | 2026-04-15 | N/A | N/A | ||
| Infinix devices contain a pre-loaded "com.rlk.weathers" application, that exposes an unsecured content provider. An attacker can communicate with the provider and reveal the user’s location without any privileges. After multiple attempts to contact the vendor we did not receive any answer. We suppose this issue affects all Infinix Mobile devices. | |||||
| CVE-2025-67470 | 2026-04-15 | N/A | 4.3 MEDIUM | ||
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Essential Plugin Portfolio and Projects portfolio-and-projects allows Retrieve Embedded Sensitive Data.This issue affects Portfolio and Projects: from n/a through <= 1.5.5. | |||||
| CVE-2025-53364 | 2026-04-15 | N/A | 5.3 MEDIUM | ||
| Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Starting in 5.3.0 and before 7.5.3 and 8.2.2, the Parse Server GraphQL API previously allowed public access to the GraphQL schema without requiring a session token or the master key. While schema introspection reveals only metadata and not actual data, this metadata can still expand the potential attack surface. This vulnerability is fixed in 7.5.3 and 8.2.2. | |||||
| CVE-2025-11545 | 2026-04-15 | N/A | N/A | ||
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Sharp Display Solutions projectors allows a attacker may improperly access the HTTP server and execute arbitrary actions. | |||||
| CVE-2025-66056 | 2026-04-15 | N/A | 4.3 MEDIUM | ||
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Uncanny Owl Uncanny Automator uncanny-automator allows Retrieve Embedded Sensitive Data.This issue affects Uncanny Automator: from n/a through < 6.10.0. | |||||
| CVE-2025-3606 | 2026-04-15 | N/A | 7.5 HIGH | ||
| Vestel AC Charger version 3.75.0 contains a vulnerability that could enable an attacker to access files containing sensitive information, such as credentials which could be used to further compromise the device. | |||||
| CVE-2025-7381 | 2026-04-15 | N/A | 5.3 MEDIUM | ||
| ImpactThis is an information disclosure vulnerability originating from PHP's base image. This vulnerability exposes the PHP version through an X-Powered-By header, which attackers could exploit to fingerprint the server and identify potential weaknesses. WorkaroundsThe mitigation requires changing the expose_php variable from "On" to "Off" in the file located at /usr/local/etc/php/php.ini. | |||||
| CVE-2024-53683 | 2026-04-15 | N/A | 4.4 MEDIUM | ||
| A valid set of credentials in a .js file and a static token for communication were obtained from the decompiled IPA. An attacker could use the information to disrupt normal use of the application by changing the translation files and thus weaken the integrity of normal use. | |||||
| CVE-2025-46747 | 2026-04-15 | N/A | 5.7 MEDIUM | ||
| An authenticated user without user-management permissions could identify other user accounts. | |||||
| CVE-2025-63070 | 2026-04-15 | N/A | 4.3 MEDIUM | ||
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Shahjada Download Manager download-manager allows Retrieve Embedded Sensitive Data.This issue affects Download Manager: from n/a through <= 3.3.32. | |||||
| CVE-2025-32026 | 2026-04-15 | N/A | 3.8 LOW | ||
| Element Web is a Matrix web client built using the Matrix React SDK. Element Web, starting from version 1.11.16 up to version 1.11.96, can be configured to load Element Call from an external URL. Under certain conditions, the external page is able to get access to the media encryption keys used for an Element Call call. Version 1.11.97 fixes the problem. | |||||
| CVE-2026-3075 | 2026-04-15 | N/A | 5.3 MEDIUM | ||
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Jeff Starr Simple Ajax Chat simple-ajax-chat allows Retrieve Embedded Sensitive Data.This issue affects Simple Ajax Chat: from n/a through <= 20251121. | |||||
| CVE-2024-10940 | 2026-04-15 | N/A | 5.3 MEDIUM | ||
| A vulnerability in langchain-core versions >=0.1.17,<0.1.53, >=0.2.0,<0.2.43, and >=0.3.0,<0.3.15 allows unauthorized users to read arbitrary files from the host file system. The issue arises from the ability to create langchain_core.prompts.ImagePromptTemplate's (and by extension langchain_core.prompts.ChatPromptTemplate's) with input variables that can read any user-specified path from the server file system. If the outputs of these prompt templates are exposed to the user, either directly or through downstream model outputs, it can lead to the exposure of sensitive information. | |||||
| CVE-2025-68046 | 2026-04-15 | N/A | 6.5 MEDIUM | ||
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in ThemeHunk Contact Form & Lead Form Elementor Builder lead-form-builder allows Retrieve Embedded Sensitive Data.This issue affects Contact Form & Lead Form Elementor Builder: from n/a through <= 2.0.1. | |||||
| CVE-2025-66599 | 2026-04-15 | N/A | N/A | ||
| A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. Physical paths could be displayed on web pages. This information could be exploited by an attacker for other attacks. The affected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to R10.04 | |||||
| CVE-2025-47699 | 2026-04-15 | N/A | 9.9 CRITICAL | ||
| Exposure of Sensitive System Information to an Unauthorized Control Sphere (CWE-497) in the Gallagher Morpho integration could allow an authenticated operator with limited site permissions to make critical changes to local Morpho devices. This issue affects Command Centre Server: 9.30 prior to vEL9.30.2482 (MR2), 9.20 prior to vEL9.20.2819 (MR4), 9.10 prior to vEL9.10.3672 (MR7), 9.00 prior to vEL9.00.3831 (MR8), all versions of 8.90 and prior. | |||||
| CVE-2025-48024 | 2026-04-15 | N/A | 5.0 MEDIUM | ||
| In BlueWave Checkmate before 2.1, an authenticated regular user can access sensitive application secrets via the /api/v1/settings endpoint. | |||||
| CVE-2026-24998 | 2026-04-15 | N/A | 5.3 MEDIUM | ||
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPMU DEV - Your All-in-One WordPress Platform Hustle wordpress-popup allows Retrieve Embedded Sensitive Data.This issue affects Hustle: from n/a through <= 7.8.9.2. | |||||