Total
4 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-57756 | 1 Contao | 1 Contao | 2025-09-02 | N/A | 5.3 MEDIUM |
| Contao is an Open Source CMS. In versions starting from 4.9.14 and prior to 4.13.56, 5.3.38, and 5.6.1, protected content elements that are rendered as fragments are indexed and become publicly available in the front end search. This issue has been patched in versions 4.13.56, 5.3.38, and 5.6.1. A workaround involves disabling the front end search. | |||||
| CVE-2024-49071 | 1 Microsoft | 1 Defender For Endpoint | 2025-01-10 | N/A | 6.5 MEDIUM |
| Improper authorization of an index that contains sensitive information from a Global Files search in Windows Defender allows an authorized attacker to disclose information over a network. | |||||
| CVE-2024-25635 | 1 Alf | 1 Alf | 2024-12-18 | N/A | 8.8 HIGH |
| alf.io is an open source ticket reservation system. Prior to version 2.0-Mr-2402, organization owners can view the generated API KEY and USERS of other organization owners using the `http://192.168.26.128:8080/admin/api/users/<user_id>` endpoint, which exposes the details of the provided user ID. This may also expose the API KEY in the username of the user. Version 2.0-M4-2402 fixes this issue. | |||||
| CVE-2023-4560 | 1 Omeka | 1 Omeka S | 2024-11-21 | N/A | 6.5 MEDIUM |
| Improper Authorization of Index Containing Sensitive Information in GitHub repository omeka/omeka-s prior to 4.0.4. | |||||