Total
9405 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-10222 | 1 Axxonsoft | 1 Axxon One | 2025-10-08 | N/A | 3.3 LOW |
| Exposure of Sensitive Information to an Unauthorized Actor (CWE-200) in the diagnostic dump component in AxxonSoft Axxon One VMS (C-Werk) 2.0.0 through 2.0.1 on Windows allows a local attacker to obtain licensing-related information such as timestamps, license states, and registry values via reading diagnostic export files created by the built-in troubleshooting tool. | |||||
| CVE-2025-11028 | 1 Vvveb | 1 Vvveb | 2025-10-07 | 5.0 MEDIUM | 5.3 MEDIUM |
| A security flaw has been discovered in givanz Vvveb up to 1.0.7.2. This affects an unknown part of the component Image Handler. Performing manipulation results in information disclosure. Remote exploitation of the attack is possible. The exploit has been released to the public and may be exploited. Once again the project maintainer reacted very professional: "I accept the existence of these vulnerabilities. (...) I fixed the code to remove these vulnerabilities and will push the code to github and make a new release." | |||||
| CVE-2025-56463 | 1 Mercusys | 2 Mw305r, Mw305r Firmware | 2025-10-07 | N/A | 6.8 MEDIUM |
| Mercusys MW305R 3.30 and below is has a Transport Layer Security (TLS) certificate private key disclosure. | |||||
| CVE-2025-61665 | 1 Wegia | 1 Wegia | 2025-10-07 | N/A | 7.5 HIGH |
| WeGIA is an open source web manager with a focus on charitable institutions. Versions 3.4.12 and below contain a Broken Access Control vulnerability, identified in the get_relatorios_socios.php endpoint. This vulnerability allows unauthenticated attackers to directly access sensitive personal and financial information of members without requiring authentication or authorization. This issue is fixed in version 3.5.0. | |||||
| CVE-2024-43046 | 1 Qualcomm | 620 315 5g Iot Modem, 315 5g Iot Modem Firmware, 9205 Lte Modem and 617 more | 2025-10-06 | N/A | 5.5 MEDIUM |
| There may be information disclosure during memory re-allocation in TZ Secure OS. | |||||
| CVE-2014-2368 | 1 Advantech | 1 Advantech Webaccess | 2025-10-06 | 7.5 HIGH | N/A |
| The BrowseFolder method in the bwocxrun ActiveX control in Advantech WebAccess before 7.2 allows remote attackers to read arbitrary files via a crafted call. | |||||
| CVE-2014-2367 | 1 Advantech | 1 Advantech Webaccess | 2025-10-06 | 7.5 HIGH | N/A |
| The ChkCookie subroutine in an ActiveX control in broadweb/include/gChkCook.asp in Advantech WebAccess before 7.2 allows remote attackers to read arbitrary files via a crafted call. | |||||
| CVE-2014-2366 | 1 Advantech | 1 Advantech Webaccess | 2025-10-06 | 9.0 HIGH | N/A |
| upAdminPg.asp in Advantech WebAccess before 7.2 allows remote authenticated users to discover credentials by reading HTML source code. | |||||
| CVE-2025-61679 | 2025-10-06 | N/A | 7.7 HIGH | ||
| Anyquery is an SQL query engine built on top of SQLite. Versions 0.4.3 and below allow attackers who have already gained access to localhost, even with low privileges, to use the http server through the port unauthenticated, and access private integration data like emails, without any warning of a foreign login from the provider. This issue is fixed in version 0.4.4. | |||||
| CVE-2025-9209 | 2025-10-06 | N/A | 9.8 CRITICAL | ||
| The RestroPress – Online Food Ordering System plugin for WordPress is vulnerable to Authentication Bypass in versions 3.0.0 to 3.1.9.2. This is due to the plugin exposing user private tokens and API data via the /wp-json/wp/v2/users REST API endpoint. This makes it possible for unauthenticated attackers to forge JWT tokens for other users, including administrators, and authenticate as them. | |||||
| CVE-2025-58589 | 2025-10-06 | N/A | 2.7 LOW | ||
| When an error occurs in the application a full stacktrace is provided to the user. The stacktrace lists class and method names as well as other internal information. An attacker thus receives information about the technology used and the structure of the application. | |||||
| CVE-2025-58581 | 2025-10-06 | N/A | 4.3 MEDIUM | ||
| When an error occurs in the application a full stacktrace is provided to the user. The stacktrace lists class and method names as well as other internal information. An attacker can thus obtain information about the technology used and the structure of the application. | |||||
| CVE-2025-40803 | 1 Siemens | 2 Ruggedcom Rst2428p, Ruggedcom Rst2428p Firmware | 2025-10-03 | N/A | 3.1 LOW |
| A vulnerability has been identified in RUGGEDCOM RST2428P (6GK6242-6PA00) (All versions). The affected device exposes certain non-critical information from the device. This could allow an unauthenticated attacker to access sensitive data, potentially leading to a breach of confidentiality. | |||||
| CVE-2025-45994 | 1 Arandasoft | 1 Passrecovery | 2025-10-03 | N/A | 7.5 HIGH |
| An issue in Aranda PassRecovery v1.0 allows attackers to enumerate valid user accounts in Active Directory via sending a crafted POST request to /user/existdirectory/1. | |||||
| CVE-2014-2356 | 1 Innominate | 1 Mguard Firmware | 2025-10-03 | 4.3 MEDIUM | N/A |
| Innominate mGuard before 7.6.4 and 8.x before 8.0.3 does not require authentication for snapshot downloads, which allows remote attackers to obtain sensitive information via a crafted HTTPS request. | |||||
| CVE-2025-11079 | 1 Campcodes | 1 Farm Management System | 2025-10-03 | 5.0 MEDIUM | 5.3 MEDIUM |
| A security flaw has been discovered in Campcodes Farm Management System 1.0. Affected by this issue is some unknown functionality. The manipulation results in file and directory information exposure. The attack may be performed from remote. The exploit has been released to the public and may be exploited. | |||||
| CVE-2014-2347 | 1 Amtelco | 1 Misecuremessages | 2025-10-02 | 7.0 HIGH | N/A |
| Amtelco miSecureMessages (aka MSM) 6.2 does not properly manage sessions, which allows remote authenticated users to obtain sensitive information via a modified message request. | |||||
| CVE-2025-10321 | 1 Wavlink | 2 Wl-wn578w2, Wl-wn578w2 Firmware | 2025-10-02 | 5.0 MEDIUM | 5.3 MEDIUM |
| A flaw has been found in Wavlink WL-WN578W2 221110. Impacted is an unknown function of the file /live_online.shtml. Executing manipulation can lead to information disclosure. The attack can be executed remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-10744 | 2025-10-02 | N/A | 5.3 MEDIUM | ||
| The File Manager, Code Editor, and Backup by Managefy plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.6.1 through publicly exposed log files. This makes it possible for unauthenticated attackers to view information like full paths and full paths to backup files information contained in the exposed log files. | |||||
| CVE-2025-40645 | 2025-10-02 | N/A | N/A | ||
| Exposure of sensitive information in Viday. This vulnerability could allow an unauthenticated attacker to obtain sensitive information about customers by sending an HTTP GET request to “/api/reserva/web/clients” using the “phone” parameter. | |||||