Total
188 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-27368 | 1 Ibm | 1 Openpages | 2025-11-18 | N/A | 4.3 MEDIUM |
| IBM OpenPages 9.0 and 9.1 is vulnerable to information disclosure of sensitive information due to a weaker than expected security for certain REST end points used by the user interface of OpenPages. An authenticated user is able to obtain certain information about system metadata for areas beyond what the user is intended to view. | |||||
| CVE-2022-4985 | 2025-11-18 | N/A | N/A | ||
| Vodafone H500s devices running firmware v3.5.10 (hardware model Sercomm VFH500) expose the WiFi access point password via an unauthenticated HTTP endpoint. By sending a crafted GET request to /data/activation.json with specific headers and cookies, a remote attacker can retrieve a JSON document that contains the wifi_password field. This allows an unauthenticated attacker to obtain the WiFi credentials and gain unauthorized access to the wireless network, compromising confidentiality of network traffic and attached systems. | |||||
| CVE-2024-3774 | 1 Aenrich | 1 A\+hrd | 2025-11-17 | N/A | 5.3 MEDIUM |
| aEnrich Technology a+HRD's functionality for front-end retrieval of system configuration values lacks proper restrictions on a specific parameter, allowing attackers to modify this parameter to access certain sensitive system configuration values. | |||||
| CVE-2025-64267 | 2025-11-14 | N/A | 4.3 MEDIUM | ||
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPSwings WooCommerce Ultimate Points And Rewards woocommerce-ultimate-points-and-rewards allows Retrieve Embedded Sensitive Data.This issue affects WooCommerce Ultimate Points And Rewards: from n/a through <= 2.10.2. | |||||
| CVE-2025-13160 | 2025-11-14 | N/A | 5.3 MEDIUM | ||
| IQ-Support developed by IQ Service International has a Exposure of Sensitive Information vulnerability, allowing unauthenticated remote attackers to access specific APIs to obtain sensitive information from the internal network. | |||||
| CVE-2025-64228 | 2025-11-13 | N/A | 4.3 MEDIUM | ||
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in FantasticPlugins SUMO Affiliates Pro affs allows Retrieve Embedded Sensitive Data.This issue affects SUMO Affiliates Pro: from n/a through <= 11.0.0. | |||||
| CVE-2025-62902 | 2025-11-13 | N/A | 7.5 HIGH | ||
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in ThemeHunk WP Popup Builder wp-popup-builder allows Retrieve Embedded Sensitive Data.This issue affects WP Popup Builder: from n/a through <= 1.3.6. | |||||
| CVE-2025-59575 | 2025-11-13 | N/A | 5.0 MEDIUM | ||
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Stylemix MasterStudy LMS masterstudy-lms-learning-management-system allows Retrieve Embedded Sensitive Data.This issue affects MasterStudy LMS: from n/a through <= 3.6.20. | |||||
| CVE-2025-52752 | 2025-11-13 | N/A | 6.5 MEDIUM | ||
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in ThemeAtelier IDonatePro idonate-pro allows Retrieve Embedded Sensitive Data.This issue affects IDonatePro: from n/a through <= 2.1.9. | |||||
| CVE-2025-12779 | 2025-11-10 | N/A | 8.8 HIGH | ||
| Improper handling of the authentication token in the Amazon WorkSpaces client for Linux, versions 2023.0 through 2024.8, may expose the authentication token for DCV-based WorkSpaces to other local users on the same client machine. Under certain circumstances, a local user may be able to extract another local user's authentication token from the shared client machine and access their WorkSpace. To mitigate this issue, users should upgrade to the Amazon WorkSpaces client for Linux version 2025.0 or later. | |||||
| CVE-2025-54459 | 1 Vertikalsystems | 1 Hospital Manager Backend Services | 2025-11-06 | N/A | 7.5 HIGH |
| Prior to September 19, 2025, the Hospital Manager Backend Services exposed the ASP.NET tracing endpoint /trace.axd without authentication, allowing a remote attacker to obtain live request traces and sensitive information such as request metadata, session identifiers, authorization headers, server variables, and internal file paths. | |||||
| CVE-2025-34283 | 1 Nagios | 1 Nagios Xi | 2025-11-06 | N/A | 6.5 MEDIUM |
| Nagios XI versions prior to 2024R1.4.2 revealed API keys to users who were not authorized for API access when using Neptune themes. An authenticated user without API privileges could view another user's or their own API key value. | |||||
| CVE-2025-44823 | 1 Nagios | 1 Log Server | 2025-11-06 | N/A | 9.9 CRITICAL |
| Nagios Log Server before 2024R1.3.2 allows authenticated users to retrieve cleartext administrative API keys via a /nagioslogserver/index.php/api/system/get_users call. This is GL:NLS#475. | |||||
| CVE-2024-13998 | 1 Nagios | 1 Nagios Xi | 2025-11-06 | N/A | 6.5 MEDIUM |
| Nagios XI versions prior to 2024R1.1.3, under certain circumstances, disclose sensitive user account information (including API keys and hashed passwords) to authenticated users who should not have access to that data. Exposure of API keys or password hashes could lead to account compromise, abuse of API privileges, or offline cracking attempts. CVE-2024-13995 addresses a similar vulnerability with a potentially incomplete fix for the underlying problem in earlier versions. | |||||
| CVE-2024-13995 | 1 Nagios | 1 Nagios Xi | 2025-11-06 | N/A | 8.8 HIGH |
| Nagios XI versions prior to 2024R1.1.2 may (confirmed in 2024R1.1 and 2024R1.1.1) disclose sensitive user account information (including API keys and hashed passwords) to authenticated users who should not have access to that data. Exposure of API keys or password hashes could lead to account compromise, abuse of API privileges, or offline cracking attempts. | |||||
| CVE-2024-13999 | 1 Nagios | 1 Nagios Xi | 2025-11-06 | N/A | 9.8 CRITICAL |
| Nagios XI versions prior to 2024R1.1.3, under certain circumstances, disclose the server's Active Directory (AD) or LDAP authentication token to an authenticated user. Exposure of the server’s AD/LDAP token could allow domain-wide authentication misuse, escalation of privileges, or further compromise of network-integrated systems. | |||||
| CVE-2025-62524 | 1 Thm | 1 Pilos | 2025-11-04 | N/A | 5.3 MEDIUM |
| PILOS (Platform for Interactive Live-Online Seminars) is a frontend for BigBlueButton. PILOS before 4.8.0 exposes the PHP version via the X-Powered-By header, enabling attackers to fingerprint the server and assess potential exploits. This information disclosure vulnerability originates from PHP’s base image. Additionally, the PHP version can also be inferred through the PILOS version displayed in the footer and by examining the source code available on GitHub. This information disclosure vulnerability has been patched in PILOS in v4.8.0. | |||||
| CVE-2021-31955 | 1 Microsoft | 8 Windows 10 1809, Windows 10 1909, Windows 10 2004 and 5 more | 2025-10-30 | 2.1 LOW | 5.5 MEDIUM |
| Windows Kernel Information Disclosure Vulnerability | |||||
| CVE-2025-43024 | 2025-10-30 | N/A | N/A | ||
| A GUI dialog of an application allows to view what files are in the file system without proper authorization. | |||||
| CVE-2024-32732 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2025-10-28 | N/A | 5.3 MEDIUM |
| Under certain conditions SAP BusinessObjects Business Intelligence platform allows an attacker to access information which would otherwise be restricted.This has low impact on Confidentiality with no impact on Integrity and Availability of the application. | |||||