Total
9209 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-6441 | 1 Rockwellautomation | 17 1756-enbt, 1756-eweb, 1768-enbt and 14 more | 2025-06-30 | 5.0 MEDIUM | N/A |
| An information exposure of confidential information results when the device receives a specially crafted CIP packet to Port 2222/TCP, Port 2222/UDP, Port 44818/TCP, or Port 44818/UDP. Successful exploitation of this vulnerability could cause loss of confidentiality. Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400 | |||||
| CVE-2019-3579 | 1 Mybb | 1 Mybb | 2025-06-30 | 5.0 MEDIUM | 5.3 MEDIUM |
| MyBB 1.8.19 allows remote attackers to obtain sensitive information because it discloses the username upon receiving a password-reset request that lacks the code parameter. | |||||
| CVE-2024-10971 | 1 Devolutions | 1 Devolutions Server | 2025-06-27 | N/A | 4.3 MEDIUM |
| Improper access control in the Password History feature in Devolutions DVLS 2024.3.6 and earlier allows a malicious authenticated user to obtain sensitive data via faulty permission. | |||||
| CVE-2025-43579 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2025-06-27 | N/A | 5.5 MEDIUM |
| Acrobat Reader versions 24.001.30235, 20.005.30763, 25.001.20521 and earlier are affected by an Information Exposure vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to gain unauthorized access to sensitive information. Exploitation of this issue does not require user interaction. | |||||
| CVE-2024-36307 | 1 Trendmicro | 1 Apex One | 2025-06-27 | N/A | 4.7 MEDIUM |
| A security agent link following vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to disclose sensitive information about the agent on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | |||||
| CVE-2025-25951 | 1 Serosoft | 1 Academia Student Information System | 2025-06-27 | N/A | 7.5 HIGH |
| An information disclosure vulnerability in the component /rest/cb/executeBasicSearch of Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 allows attackers to access sensitive user information. | |||||
| CVE-2024-22275 | 1 Vmware | 2 Cloud Foundation, Vcenter Server | 2025-06-27 | N/A | 4.9 MEDIUM |
| The vCenter Server contains a partial file read vulnerability. A malicious actor with administrative privileges on the vCenter appliance shell may exploit this issue to partially read arbitrary files containing sensitive data. | |||||
| CVE-2024-22270 | 2 Apple, Vmware | 3 Macos, Fusion, Workstation | 2025-06-27 | N/A | 7.1 HIGH |
| VMware Workstation and Fusion contain an information disclosure vulnerability in the Host Guest File Sharing (HGFS) functionality. A malicious actor with local administrative privileges on a virtual machine may be able to read privileged information contained in hypervisor memory from a virtual machine. | |||||
| CVE-2024-22269 | 2 Apple, Vmware | 3 Macos, Fusion, Workstation | 2025-06-27 | N/A | 7.1 HIGH |
| VMware Workstation and Fusion contain an information disclosure vulnerability in the vbluetooth device. A malicious actor with local administrative privileges on a virtual machine may be able to read privileged information contained in hypervisor memory from a virtual machine. | |||||
| CVE-2025-30702 | 1 Oracle | 1 Fleet Patching And Provisioning | 2025-06-26 | N/A | 5.3 MEDIUM |
| Vulnerability in the Fleet Patching and amp; Provisioning component of Oracle Database Server. Supported versions that are affected are 19.3-19.26. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Fleet Patching and amp; Provisioning. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Fleet Patching and amp; Provisioning accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N). | |||||
| CVE-2025-39204 | 2025-06-26 | N/A | 6.5 MEDIUM | ||
| A vulnerability exists in the Web interface of the MicroSCADA X SYS600 product. The filtering query in the Web interface can be malformed, so returning data can leak unauthorized information to the user. | |||||
| CVE-2025-27827 | 2025-06-26 | N/A | 7.1 HIGH | ||
| A vulnerability in the legacy chat component of Mitel MiContact Center Business through 10.2.0.3 could allow an unauthenticated attacker to conduct an information disclosure attack due to improper handling of session data. A successful exploit requires user interaction and could allow an attacker to access sensitive information, leading to unauthorized access to active chat rooms, reading chat data, and sending messages during an active chat session. | |||||
| CVE-2025-34045 | 2025-06-26 | N/A | N/A | ||
| A path traversal vulnerability exists in WeiPHP 5.0, an open source WeChat public account platform development framework by Shenzhen Yuanmengyun Technology Co., Ltd. The flaw occurs in the picUrl parameter of the /public/index.php/material/Material/_download_imgage endpoint, where insufficient input validation allows unauthenticated remote attackers to perform directory traversal via crafted POST requests. This enables arbitrary file read on the server, potentially exposing sensitive information such as configuration files and source code. | |||||
| CVE-2023-47298 | 1 Ncr | 1 Terminal Handler | 2025-06-26 | N/A | 4.3 MEDIUM |
| An issue in NCR Terminal Handler 1.5.1 allows a low-level privileged authenticated attacker to query the SOAP API endpoint to obtain information about all of the users of the application including their usernames, roles, security groups and account statuses. | |||||
| CVE-2018-14669 | 1 Clickhouse | 1 Clickhouse | 2025-06-25 | 5.0 MEDIUM | 7.5 HIGH |
| ClickHouse MySQL client before versions 1.1.54390 had "LOAD DATA LOCAL INFILE" functionality enabled that allowed a malicious MySQL database read arbitrary files from the connected ClickHouse server. | |||||
| CVE-2024-57096 | 1 Kingsoft | 1 Wps Office | 2025-06-25 | N/A | 5.5 MEDIUM |
| An issue in wps office before v.19302 allows a local attacker to obtain sensitive information via a crafted file. | |||||
| CVE-2022-30197 | 1 Microsoft | 5 Windows 10, Windows 11, Windows Server 2016 and 2 more | 2025-06-24 | N/A | 5.5 MEDIUM |
| Windows Kernel Information Disclosure Vulnerability | |||||
| CVE-2024-45791 | 1 Apache | 1 Hertzbeat | 2025-06-24 | N/A | 7.5 HIGH |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache HertzBeat. This issue affects Apache HertzBeat: before 1.6.1. Users are recommended to upgrade to version 1.6.1, which fixes the issue. | |||||
| CVE-2025-3628 | 1 Moodle | 1 Moodle | 2025-06-24 | N/A | 4.3 MEDIUM |
| A flaw has was found in Moodle where anonymous assignment submissions can be de-anonymized via search, revealing student identities. | |||||
| CVE-2025-32044 | 1 Moodle | 1 Moodle | 2025-06-24 | N/A | 7.5 HIGH |
| A flaw has been identified in Moodle where, on certain sites, unauthenticated users could retrieve sensitive user data—including names, contact information, and hashed passwords—via stack traces returned by specific API calls. Sites with PHP configured with zend.exception_ignore_args = 1 in the php.ini file are not affected by this vulnerability. | |||||