Total
9077 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-10971 | 1 Devolutions | 1 Devolutions Server | 2025-06-27 | N/A | 4.3 MEDIUM |
| Improper access control in the Password History feature in Devolutions DVLS 2024.3.6 and earlier allows a malicious authenticated user to obtain sensitive data via faulty permission. | |||||
| CVE-2025-43579 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2025-06-27 | N/A | 5.5 MEDIUM |
| Acrobat Reader versions 24.001.30235, 20.005.30763, 25.001.20521 and earlier are affected by an Information Exposure vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to gain unauthorized access to sensitive information. Exploitation of this issue does not require user interaction. | |||||
| CVE-2024-23944 | 1 Apache | 1 Zookeeper | 2025-06-27 | N/A | 5.3 MEDIUM |
| Information disclosure in persistent watchers handling in Apache ZooKeeper due to missing ACL check. It allows an attacker to monitor child znodes by attaching a persistent watcher (addWatch command) to a parent which the attacker has already access to. ZooKeeper server doesn't do ACL check when the persistent watcher is triggered and as a consequence, the full path of znodes that a watch event gets triggered upon is exposed to the owner of the watcher. It's important to note that only the path is exposed by this vulnerability, not the data of znode, but since znode path can contain sensitive information like user name or login ID, this issue is potentially critical. Users are recommended to upgrade to version 3.9.2, 3.8.4 which fixes the issue. | |||||
| CVE-2024-36307 | 1 Trendmicro | 1 Apex One | 2025-06-27 | N/A | 4.7 MEDIUM |
| A security agent link following vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to disclose sensitive information about the agent on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | |||||
| CVE-2025-25951 | 1 Serosoft | 1 Academia Student Information System | 2025-06-27 | N/A | 7.5 HIGH |
| An information disclosure vulnerability in the component /rest/cb/executeBasicSearch of Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 allows attackers to access sensitive user information. | |||||
| CVE-2024-22275 | 1 Vmware | 2 Cloud Foundation, Vcenter Server | 2025-06-27 | N/A | 4.9 MEDIUM |
| The vCenter Server contains a partial file read vulnerability. A malicious actor with administrative privileges on the vCenter appliance shell may exploit this issue to partially read arbitrary files containing sensitive data. | |||||
| CVE-2024-22270 | 2 Apple, Vmware | 3 Macos, Fusion, Workstation | 2025-06-27 | N/A | 7.1 HIGH |
| VMware Workstation and Fusion contain an information disclosure vulnerability in the Host Guest File Sharing (HGFS) functionality. A malicious actor with local administrative privileges on a virtual machine may be able to read privileged information contained in hypervisor memory from a virtual machine. | |||||
| CVE-2024-22269 | 2 Apple, Vmware | 3 Macos, Fusion, Workstation | 2025-06-27 | N/A | 7.1 HIGH |
| VMware Workstation and Fusion contain an information disclosure vulnerability in the vbluetooth device. A malicious actor with local administrative privileges on a virtual machine may be able to read privileged information contained in hypervisor memory from a virtual machine. | |||||
| CVE-2025-30702 | 1 Oracle | 1 Fleet Patching And Provisioning | 2025-06-26 | N/A | 5.3 MEDIUM |
| Vulnerability in the Fleet Patching and amp; Provisioning component of Oracle Database Server. Supported versions that are affected are 19.3-19.26. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Fleet Patching and amp; Provisioning. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Fleet Patching and amp; Provisioning accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N). | |||||
| CVE-2025-39204 | 2025-06-26 | N/A | 6.5 MEDIUM | ||
| A vulnerability exists in the Web interface of the MicroSCADA X SYS600 product. The filtering query in the Web interface can be malformed, so returning data can leak unauthorized information to the user. | |||||
| CVE-2025-27827 | 2025-06-26 | N/A | 7.1 HIGH | ||
| A vulnerability in the legacy chat component of Mitel MiContact Center Business through 10.2.0.3 could allow an unauthenticated attacker to conduct an information disclosure attack due to improper handling of session data. A successful exploit requires user interaction and could allow an attacker to access sensitive information, leading to unauthorized access to active chat rooms, reading chat data, and sending messages during an active chat session. | |||||
| CVE-2025-6425 | 2025-06-26 | N/A | 4.3 MEDIUM | ||
| An attacker who enumerated resources from the WebCompat extension could have obtained a persistent UUID that identified the browser, and persisted between containers and normal/private browsing mode, but not profiles. This vulnerability affects Firefox < 140, Firefox ESR < 115.25, and Firefox ESR < 128.12. | |||||
| CVE-2025-34031 | 2025-06-26 | N/A | N/A | ||
| A path traversal vulnerability exists in the Moodle LMS Jmol plugin version 6.1 and prior via the query parameter in jsmol.php. The script directly passes user input to the file_get_contents() function without proper validation, allowing attackers to read arbitrary files from the server's filesystem by crafting a malicious query value. This vulnerability can be exploited without authentication and may expose sensitive configuration data, including database credentials. | |||||
| CVE-2025-6432 | 2025-06-26 | N/A | 8.6 HIGH | ||
| When Multi-Account Containers was enabled, DNS requests could have bypassed a SOCKS proxy when the domain name was invalid or the SOCKS proxy was not responding. This vulnerability affects Firefox < 140. | |||||
| CVE-2025-49845 | 2025-06-26 | N/A | N/A | ||
| Discourse is an open-source discussion platform. The visibility of posts typed `whisper` is controlled via the `whispers_allowed_groups` site setting. Only users that belong to groups specified in the site setting are allowed to view posts typed `whisper`. However, it has been discovered that users of versions prior to 3.4.6 on the `stable` branch and prior to 3.5.0.beta8-dev on the `tests-passed` branch can continue to see their own whispers even after losing visibility of posts typed `whisper`. This issue is patched in versions 3.4.6 and 3.5.0.beta8-dev. No known workarounds are available. | |||||
| CVE-2025-34045 | 2025-06-26 | N/A | N/A | ||
| A path traversal vulnerability exists in WeiPHP 5.0, an open source WeChat public account platform development framework by Shenzhen Yuanmengyun Technology Co., Ltd. The flaw occurs in the picUrl parameter of the /public/index.php/material/Material/_download_imgage endpoint, where insufficient input validation allows unauthenticated remote attackers to perform directory traversal via crafted POST requests. This enables arbitrary file read on the server, potentially exposing sensitive information such as configuration files and source code. | |||||
| CVE-2023-47029 | 2025-06-26 | N/A | 9.8 CRITICAL | ||
| An issue in NCR Terminal Handler v.1.5.1 allows a remote attacker to execute arbitrary code and obtain sensitive information via a crafted POST request to the UserService component | |||||
| CVE-2023-47298 | 1 Ncr | 1 Terminal Handler | 2025-06-26 | N/A | 4.3 MEDIUM |
| An issue in NCR Terminal Handler 1.5.1 allows a low-level privileged authenticated attacker to query the SOAP API endpoint to obtain information about all of the users of the application including their usernames, roles, security groups and account statuses. | |||||
| CVE-2018-14669 | 1 Clickhouse | 1 Clickhouse | 2025-06-25 | 5.0 MEDIUM | 7.5 HIGH |
| ClickHouse MySQL client before versions 1.1.54390 had "LOAD DATA LOCAL INFILE" functionality enabled that allowed a malicious MySQL database read arbitrary files from the connected ClickHouse server. | |||||
| CVE-2024-57096 | 1 Kingsoft | 1 Wps Office | 2025-06-25 | N/A | 5.5 MEDIUM |
| An issue in wps office before v.19302 allows a local attacker to obtain sensitive information via a crafted file. | |||||