Total
41 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-38103 | 1 Microsoft | 1 Edge | 2024-07-30 | N/A | 5.9 MEDIUM |
| Microsoft Edge (Chromium-based) Information Disclosure Vulnerability | |||||
| CVE-2024-37533 | 2024-07-25 | N/A | 2.4 LOW | ||
| IBM InfoSphere Information Server 11.7 could disclose sensitive user information to another user with physical access to the machine. IBM X-Force ID: 294727. | |||||
| CVE-2024-36677 | 2024-07-03 | N/A | 7.5 HIGH | ||
| In the module "Login as customer PRO" (loginascustomerpro) <1.2.7 from Weblir for PrestaShop, a guest can access direct link to connect to each customer account of the Shop if the module is not installed OR if a secret accessible to administrator is stolen. | |||||
| CVE-2024-33271 | 2024-07-03 | N/A | 7.5 HIGH | ||
| An issue in FME Modules eventsmanager before 4.4.0 allows an attacker to obtain sensitive information from the ps_customer component. | |||||
| CVE-2024-29987 | 2024-07-03 | N/A | 6.5 MEDIUM | ||
| Microsoft Edge (Chromium-based) Information Disclosure Vulnerability | |||||
| CVE-2024-26192 | 2024-06-11 | N/A | 8.2 HIGH | ||
| Microsoft Edge (Chromium-based) Information Disclosure Vulnerability | |||||
| CVE-2023-28303 | 2024-05-29 | N/A | 3.3 LOW | ||
| Windows Snipping Tool Information Disclosure Vulnerability | |||||
| CVE-2023-36052 | 1 Microsoft | 1 Azure Cli | 2024-05-29 | N/A | 8.6 HIGH |
| Azure CLI REST Command Information Disclosure Vulnerability | |||||
| CVE-2023-36018 | 1 Microsoft | 1 Jupyter | 2024-05-29 | N/A | 9.8 CRITICAL |
| Visual Studio Code Jupyter Extension Spoofing Vulnerability | |||||
| CVE-2024-30056 | 2024-05-28 | N/A | 7.1 HIGH | ||
| Microsoft Edge (Chromium-based) Information Disclosure Vulnerability | |||||
| CVE-2024-29986 | 2024-04-19 | N/A | 5.4 MEDIUM | ||
| Microsoft Edge for Android (Chromium-based) Information Disclosure Vulnerability | |||||
| CVE-2024-29888 | 2024-03-28 | N/A | 4.2 MEDIUM | ||
| Saleor is an e-commerce platform that serves high-volume companies. When using `Pickup: Local stock only` click-and-collect as a delivery method in specific conditions the customer could overwrite the warehouse address with its own, which exposes its address as click-and-collect address. This issue has been patched in versions: `3.14.61`, `3.15.37`, `3.16.34`, `3.17.32`, `3.18.28`, `3.19.15`. | |||||
| CVE-2023-2239 | 1 Microweber | 1 Microweber | 2024-02-04 | N/A | 6.5 MEDIUM |
| Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository microweber/microweber prior to 1.3.4. | |||||
| CVE-2023-2703 | 1 Finexmedia | 1 Competition Management System | 2024-02-04 | N/A | 7.5 HIGH |
| Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Finex Media Competition Management System allows Retrieve Embedded Sensitive Data, Collect Data as Provided by Users.This issue affects Competition Management System: before 23.07. | |||||
| CVE-2022-41936 | 1 Xwiki | 1 Xwiki | 2024-02-04 | N/A | 7.5 HIGH |
| XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The `modifications` rest endpoint does not filter out entries according to the user's rights. Therefore, information hidden from unauthorized users are exposed though the `modifications` rest endpoint (comments and page names etc). Users should upgrade to XWiki 14.6+, 14.4.3+, or 13.10.8+. Older versions have not been patched. There are no known workarounds. | |||||
| CVE-2022-2921 | 1 Notrinos | 1 Notrinoserp | 2024-02-04 | N/A | 8.8 HIGH |
| Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository notrinos/notrinoserp prior to v0.7. This results in privilege escalation to a system administrator account. An attacker can gain access to protected functionality such as create/update companies, install/update languages, install/activate extensions, install/activate themes and other permissive actions. | |||||
| CVE-2022-24819 | 1 Xwiki | 1 Xwiki | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. A guest user without the right to view pages of the wiki can still list documents related to users of the wiki. The problem has been patched in XWiki versions 12.10.11, 13.4.4, and 13.9-rc-1. There is no known workaround for this problem. | |||||
| CVE-2022-0482 | 1 Easyappointments | 1 Easyappointments | 2024-02-04 | 6.4 MEDIUM | 9.1 CRITICAL |
| Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository alextselegidis/easyappointments prior to 1.4.3. | |||||
| CVE-2021-3980 | 1 Elgg | 1 Elgg | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| elgg is vulnerable to Exposure of Private Personal Information to an Unauthorized Actor | |||||
| CVE-2022-0155 | 1 Follow-redirects Project | 1 Follow-redirects | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
| follow-redirects is vulnerable to Exposure of Private Personal Information to an Unauthorized Actor | |||||