Total
9181 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2025-54786 | 1 Salesagility | 1 Suitecrm | 2025-08-14 | N/A | 5.3 MEDIUM |
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. In versions 7.14.6 and 8.8.0, the broken authentication in the legacy iCal service allows unauthenticated access to meeting data. An unauthenticated actor can view any user's meeting (calendar event) data given their username, related functionality allows user enumeration. This is fixed in versions 7.14.7 and 8.8.1. | |||||
CVE-2025-50154 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-08-14 | N/A | 7.5 HIGH |
Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network. | |||||
CVE-2025-43988 | 2025-08-14 | N/A | 7.5 HIGH | ||
KuWFi 5G01-X55 FL2020_V0.0.12 devices expose an unauthenticated API endpoint (ajax_get.cgi), allowing remote attackers to retrieve sensitive configuration data, including admin credentials. | |||||
CVE-2025-9036 | 2025-08-14 | N/A | N/A | ||
A security issue in the runtime event system allows unauthenticated connections to receive a reusable API token. This token is broadcasted over a WebSocket and can be intercepted by any local client listening on the connection. | |||||
CVE-2025-55673 | 2025-08-14 | N/A | N/A | ||
When a guest user accesses a chart in Apache Superset, the API response from the /chart/data endpoint includes a query field in its payload. This field contains the underlying query, which improperly discloses database schema information, such as table names, to the low-privileged guest user. This issue affects Apache Superset: before 4.1.3. Users are recommended to upgrade to version 4.1.3, which fixes the issue. | |||||
CVE-2025-43986 | 2025-08-14 | N/A | 9.8 CRITICAL | ||
An issue was discovered on KuWFi GC111 GC111-GL-LM321_V3.0_20191211 devices. The TELNET service is enabled by default and exposed over the WAN interface without authentication. | |||||
CVE-2025-55165 | 2025-08-13 | N/A | 8.2 HIGH | ||
Autocaliweb is a web app that offers an interface for browsing, reading, and downloading eBooks using a valid Calibre database. Prior to version 0.8.3, the debug pack generated by Autocaliweb can expose sensitive configuration data, including API keys. This occurs because the to_dict() method, used to serialize configuration for the debug pack, doesn't adequately filter out sensitive fields such as API tokens. Users, unaware of the full contents, might share these debug packs, inadvertently leaking their private API keys. This issue has been patched in version 0.8.3. | |||||
CVE-2025-3831 | 2025-08-13 | N/A | 8.1 HIGH | ||
Log files uploaded during troubleshooting by the Harmony SASE agent may have been accessible to unauthorized parties. | |||||
CVE-2025-53134 | 2025-08-13 | N/A | 7.0 HIGH | ||
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | |||||
CVE-2025-27707 | 2025-08-13 | N/A | 2.6 LOW | ||
Exposure of sensitive information to an unauthorized actor for some Edge Orchestrator software before version 24.11.1 for Intel(R) Tiber(TM) Edge Platform may allow an authenticated user to potentially enable denial of service via adjacent access. | |||||
CVE-2025-33051 | 2025-08-13 | N/A | 7.5 HIGH | ||
Exposure of sensitive information to an unauthorized actor in Microsoft Exchange Server allows an unauthorized attacker to disclose information over a network. | |||||
CVE-2025-53136 | 2025-08-13 | N/A | 5.5 MEDIUM | ||
Exposure of sensitive information to an unauthorized actor in Windows NT OS Kernel allows an authorized attacker to disclose information locally. | |||||
CVE-2025-53156 | 2025-08-13 | N/A | 5.5 MEDIUM | ||
Exposure of sensitive information to an unauthorized actor in Storage Port Driver allows an authorized attacker to disclose information locally. | |||||
CVE-2025-53781 | 2025-08-13 | N/A | 7.7 HIGH | ||
Exposure of sensitive information to an unauthorized actor in Azure Virtual Machines allows an authorized attacker to disclose information over a network. | |||||
CVE-2025-53728 | 2025-08-13 | N/A | 6.5 MEDIUM | ||
Exposure of sensitive information to an unauthorized actor in Microsoft Dynamics 365 (on-premises) allows an unauthorized attacker to disclose information over a network. | |||||
CVE-2024-7128 | 2025-08-13 | N/A | 5.3 MEDIUM | ||
A flaw was found in the OpenShift console. Several endpoints in the application use the authHandler() and authHandlerWithUser() middleware functions. When the default authentication provider ("openShiftAuth") is set, these functions do not perform any authentication checks, relying instead on the targeted service to handle authentication and authorization. This issue leads to various degrees of data exposure due to a lack of proper credential verification. | |||||
CVE-2024-23962 | 1 Alpsalpine | 2 Ilx-f509, Ilx-f509 Firmware | 2025-08-12 | N/A | 5.3 MEDIUM |
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Alpine Halo9 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DLT interface, which listens on TCP port 3490 by default. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the device. | |||||
CVE-2025-8620 | 1 Givewp | 1 Givewp | 2025-08-12 | N/A | 5.3 MEDIUM |
The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 4.6.0. This makes it possible for unauthenticated attackers to extract donor names, emails, and donor id. | |||||
CVE-2025-54615 | 1 Huawei | 1 Harmonyos | 2025-08-12 | N/A | 6.2 MEDIUM |
Vulnerability of insufficient information protection in the media library module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | |||||
CVE-2025-4390 | 2025-08-12 | N/A | 5.3 MEDIUM | ||
The WP Private Content Plus plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.6.2 via the 'validate_restrictions' function. This makes it possible for unauthenticated attackers to extract sensitive data including the content of resticted posts on archive and feed pages. |