Total
9897 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-5920 | 2 Apple, Mattermost | 2 Macos, Mattermost Desktop | 2025-02-27 | 2.9 Low |
| Mattermost Desktop for MacOS fails to utilize the secure keyboard input functionality provided by macOS, allowing for other processes to read the keyboard input. | ||||
| CVE-2023-6076 | 1 Phpgurukul | 1 Restaurant Table Booking System | 2025-02-27 | 5.3 Medium |
| A vulnerability classified as problematic was found in PHPGurukul Restaurant Table Booking System 1.0. Affected by this vulnerability is an unknown functionality of the file booking-details.php of the component Reservation Status Handler. The manipulation of the argument bid leads to information disclosure. The attack can be launched remotely. The identifier VDB-244945 was assigned to this vulnerability. | ||||
| CVE-2025-25333 | 2025-02-27 | 7.5 High | ||
| An issue in IKEA CN iOS 4.13.0 allows attackers to access sensitive user information via supplying a crafted link. | ||||
| CVE-2024-47059 | 2 Acquia, Mautic | 2 Mautic, Mautic | 2025-02-27 | 4.3 Medium |
| When logging in with the correct username and incorrect weak password, the user receives the notification, that their password is too weak. However when an incorrect username is provided alongside with a weak password, the application responds with ’Invalid credentials’ notification. This difference could be used to perform username enumeration. | ||||
| CVE-2020-36835 | 1 Wpvivid | 1 Migration\, Backup\, Staging | 2025-02-27 | 4.9 Medium |
| The Migration, Backup, Staging – WPvivid plugin for WordPress is vulnerable to sensitive information disclosure of a WordPress site's database due to missing capability checks on the wp_ajax_wpvivid_add_remote AJAX action that allows low-level authenticated attackers to send back-ups to a remote location of their choice for review. This affects versions up to, and including 0.9.35. | ||||
| CVE-2023-27894 | 1 Sap | 1 Businessobjects Business Intelligence | 2025-02-27 | 5 Medium |
| SAP BusinessObjects Business Intelligence Platform (Web Services) - versions 420, 430, allows an attacker to inject arbitrary values as CMS parameters to perform lookups on the internal network which is otherwise not accessible externally. On successful exploitation, attacker can scan internal network to determine internal infrastructure for further attacks like remote file inclusion, retrieve server files, bypass firewall and force the vulnerable server to execute malicious requests, resulting in sensitive information disclosure. This causes limited impact on confidentiality of data. | ||||
| CVE-2023-21449 | 1 Samsung | 1 Android | 2025-02-26 | 4 Medium |
| Improper access control vulnerability in Call application prior to SMR Mar-2023 Release 1 allows local attackers to access sensitive information without proper permission. | ||||
| CVE-2020-4927 | 1 Ibm | 1 Spectrum Scale | 2025-02-26 | 5.7 Medium |
| A vulnerability in the Spectrum Scale 5.0.5.0 through 5.1.6.1 core component could allow unauthorized access to user data or injection of arbitrary data in the communication protocol. IBM X-Force ID: 191695. | ||||
| CVE-2023-22876 | 1 Ibm | 1 Sterling B2b Integrator | 2025-02-26 | 4.3 Medium |
| IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.7 and 6.1.0.0 through 6.1.2.1 could allow a privileged user to obtain sensitive information that could aid in further attacks against the system. IBM X-Force ID: 244364. | ||||
| CVE-2023-25680 | 1 Ibm | 3 Robotic Process Automation, Robotic Process Automation As A Service, Robotic Process Automation For Cloud Pak | 2025-02-26 | 4.2 Medium |
| IBM Robotic Process Automation 21.0.1 through 21.0.5 is vulnerable to insufficiently protecting credentials. Queue Provider credentials are not obfuscated while editing queue provider details. IBM X-Force ID: 247032. | ||||
| CVE-2023-22880 | 1 Zoom | 3 Rooms, Virtual Desktop Infrastructure, Zoom | 2025-02-26 | 6.8 Medium |
| Zoom for Windows clients before version 5.13.3, Zoom Rooms for Windows clients before version 5.13.5 and Zoom VDI for Windows clients before 5.13.1 contain an information disclosure vulnerability. A recent update to the Microsoft Edge WebView2 runtime used by the affected Zoom clients, transmitted text to Microsoft’s online Spellcheck service instead of the local Windows Spellcheck. Updating Zoom remediates this vulnerability by disabling the feature. Updating Microsoft Edge WebView2 Runtime to at least version 109.0.1481.0 and restarting Zoom remediates this vulnerability by updating Microsoft’s telemetry behavior. | ||||
| CVE-2023-0027 | 1 Rockwellautomation | 1 Modbus Tcp Server Add On Instructions | 2025-02-26 | 5.3 Medium |
| Rockwell Automation Modbus TCP Server AOI prior to 2.04.00 is vulnerable to an unauthorized user sending a malformed message that could cause the controller to respond with a copy of the most recent response to the last valid request. If exploited, an unauthorized user could read the connected device’s Modbus TCP Server AOI information. | ||||
| CVE-2022-45634 | 1 Megaeis | 1 Dbd\+ | 2025-02-26 | 4.3 Medium |
| An issue discovered in MEGAFEIS, BOFEI DBD+ Application for IOS & Android v1.4.4 allows authenticated attacker to gain access to sensitive account information | ||||
| CVE-2024-12434 | 2025-02-26 | 5.3 Medium | ||
| The SureMembers plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.10.6 via the REST API. This makes it possible for unauthenticated attackers to extract sensitive data including restricted content. | ||||
| CVE-2024-1302 | 1 Badgermeter | 1 Monitool | 2025-02-26 | 7.3 High |
| Information exposure vulnerability in Badger Meter Monitool affecting versions up to 4.6.3 and earlier. A local attacker could change the application's file parameter to a log file obtaining all sensitive information such as database credentials. | ||||
| CVE-2024-24765 | 1 Icewhale | 1 Casaos | 2025-02-26 | 7.5 High |
| CasaOS-UserService provides user management functionalities to CasaOS. Prior to version 0.4.7, path filtering of the URL for user avatar image files was not strict, making it possible to get any file on the system. This could allow an unauthorized actor to access, for example, the CasaOS user database, and possibly obtain system root privileges. Version 0.4.7 fixes this issue. | ||||
| CVE-2025-0318 | 1 Ultimatemember | 1 Ultimate Member | 2025-02-25 | 5.3 Medium |
| The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.9.1 through different error messages in the responses. This makes it possible for unauthenticated attackers to exfiltrate data from wp_usermeta table. | ||||
| CVE-2024-13641 | 1 Wpswings | 1 Return Refund And Exchange For Woocommerce | 2025-02-25 | 5.9 Medium |
| The Return Refund and Exchange For WooCommerce – Return Management System, RMA Exchange, Wallet And Cancel Order Features plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.4.5 via the 'attachment' directory. This makes it possible for unauthenticated attackers to extract sensitive data stored insecurely in the /wp-content/attachment directory which can contain file attachments for order refunds. | ||||
| CVE-2023-25819 | 1 Discourse | 1 Discourse | 2025-02-25 | 5.3 Medium |
| Discourse is an open source platform for community discussion. Tags that are normally private are showing in metadata. This affects any site running the `tests-passed` or `beta` branches >= 3.1.0.beta2. The issue is patched in the latest `beta` and `tests-passed` version of Discourse. | ||||
| CVE-2023-25169 | 1 Discourse | 1 Discourse Yearly Review | 2025-02-25 | 3.1 Low |
| discourse-yearly-review is a discourse plugin which publishes an automated Year in Review topic. In affected versions a user present in a yearly review topic that is then anonymised will still have some data linked to its original account. This issue has been patched in commit `b3ab33bbf7` which is included in the latest version of the Discourse Yearly Review plugin. Users are advised to upgrade. Users unable to upgrade may disable the `yearly_review_enabled` setting to fully mitigate the issue. Also, it's possible to edit the anonymised user's old data in the yearly review topics manually. | ||||