Total
329 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-46660 | 2025-08-07 | N/A | 5.3 MEDIUM | ||
| An issue was discovered in 4C Strategies Exonaut 21.6. Passwords, stored in the database, are hashed without a salt. | |||||
| CVE-2025-28171 | 1 Grandstream | 2 Ucm6510, Ucm6510 Firmware | 2025-08-06 | N/A | 6.5 MEDIUM |
| An issue in Grandstream UCM6510 v.1.0.20.52 and before allows a remote attacker to obtain sensitive information via the Login function at /cgi and /webrtccgi. | |||||
| CVE-2024-28132 | 1 F5 | 1 Big-ip Next Cloud-native Network Functions | 2025-08-06 | N/A | 4.4 MEDIUM |
| Exposure of Sensitive Information vulnerability exists in the GSLB container, which may allow an authenticated attacker with local access to view sensitive information. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||
| CVE-2024-31400 | 1 Cybozu | 1 Garoon | 2025-08-05 | N/A | 6.5 MEDIUM |
| Insertion of sensitive information into sent data issue exists in Cybozu Garoon 5.0.0 to 5.15.0. If this vulnerability is exploited, unintended data may be left in forwarded mail. | |||||
| CVE-2025-37110 | 2025-08-04 | N/A | 6.0 MEDIUM | ||
| A vulnerability was discovered in the storage policy for certain sets of sensitive credential information in the HPE Telco Network Function Virtual Orchestrator. Successful Exploitation could lead to unauthorized parties gaining access to sensitive system information. | |||||
| CVE-2022-20939 | 1 Cisco | 2 Smart Software Manager On-prem, Smart Software Manager Satellite | 2025-07-31 | N/A | 4.3 MEDIUM |
| A vulnerability in the web-based management interface of Cisco Smart Software Manager On-Prem could allow an authenticated, remote attacker to elevate privileges on an affected system. This vulnerability is due to inadequate protection of sensitive user information. An attacker could exploit this vulnerability by accessing certain logs on an affected system. A successful exploit could allow the attacker to use the obtained information to elevate privileges to System Admin.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. | |||||
| CVE-2025-28244 | 1 Alteryx | 1 Alteryx Server | 2025-07-17 | N/A | 8.8 HIGH |
| Insecure Permissions vulnerability in the Local Storage in Alteryx Server 2023.1.1.460 allows remote attackers to obtain valid user session tokens from localStorage, leading to account takeover | |||||
| CVE-2025-21003 | 1 Samsung | 1 Android | 2025-07-16 | N/A | 4.0 MEDIUM |
| Insecure storage of sensitive information in Emergency SOS prior to SMR Jul-2025 Release 1 allows local attackers to access sensitive information. | |||||
| CVE-2025-29809 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2025-07-10 | N/A | 7.1 HIGH |
| Insecure storage of sensitive information in Windows Kerberos allows an authorized attacker to bypass a security feature locally. | |||||
| CVE-2025-42979 | 2025-07-08 | N/A | 5.6 MEDIUM | ||
| The GuiXT application, which is integrated with SAP GUI for Windows, uses obfuscation algorithms instead of secure symmetric ciphers for storing the credentials of an RFC user on the client PC. This leads to a high impact on confidentiality because any attacker who gains access to the user hive of this user�s windows registry could recreate the original password. There is no impact on integrity or availability of the application | |||||
| CVE-2025-48929 | 2025-07-01 | N/A | 4.0 MEDIUM | ||
| The TeleMessage service through 2025-05-05 implements authentication through a long-lived credential (e.g., not a token with a short expiration time) that can be reused at a later date if discovered by an adversary. | |||||
| CVE-2024-1936 | 2 Debian, Mozilla | 2 Debian Linux, Thunderbird | 2025-06-30 | N/A | 7.5 HIGH |
| The encrypted subject of an email message could be incorrectly and permanently assigned to an arbitrary other email message in Thunderbird's local cache. Consequently, when replying to the contaminated email message, the user might accidentally leak the confidential subject to a third-party. While this update fixes the bug and avoids future message contamination, it does not automatically repair existing contaminations. Users are advised to use the repair folder functionality, which is available from the context menu of email folders, which will erase incorrect subject assignments. This vulnerability affects Thunderbird < 115.8.1. | |||||
| CVE-2024-21211 | 2 Netapp, Oracle | 6 Bootstrap Os, Hci Compute Node, Graalvm and 3 more | 2025-06-23 | N/A | 3.7 LOW |
| Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Compiler). Supported versions that are affected are Oracle Java SE: 23; Oracle GraalVM for JDK: 17.0.12, 21.0.4, 23; Oracle GraalVM Enterprise Edition: 20.3.15 and 21.3.11. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N). | |||||
| CVE-2024-29120 | 1 Apache | 1 Streampark | 2025-06-23 | N/A | 5.9 MEDIUM |
| In Streampark (version < 2.1.4), when a user logged in successfully, the Backend service would return "Authorization" as the front-end authentication credential. User can use this credential to request other users' information, including the administrator's username, password, salt value, etc. Mitigation: all users should upgrade to 2.1.4 | |||||
| CVE-2024-48883 | 1 Samsung | 38 Exynos 1080, Exynos 1080 Firmware, Exynos 1280 and 35 more | 2025-06-20 | N/A | 4.3 MEDIUM |
| An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 9820, 9825, 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, W920, W930, W1000, Modem 5123, and Modem 5300. The UE incorrectly handles a malformed uplink scheduling message, resulting in an information leak of the UE. | |||||
| CVE-2024-30917 | 1 Eprosima | 1 Fast Dds | 2025-06-17 | N/A | 5.5 MEDIUM |
| An issue was discovered in eProsima FastDDS v.2.14.0 and before, allows a local attacker to cause a denial of service (DoS) and obtain sensitive information via a crafted history_depth parameter in DurabilityService QoS component. | |||||
| CVE-2024-27232 | 1 Google | 1 Android | 2025-06-17 | N/A | 5.5 MEDIUM |
| In asn1_ec_pkey_parse of asn1_common.c, there is a possible OOB read due to a missing null check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-45242 | 1 Rhymix | 1 Rhymix | 2025-06-17 | N/A | 7.7 HIGH |
| Rhymix v2.1.22 was discovered to contain an arbitrary file deletion vulnerability via the procFileAdminEditImage method in /file/file.admin.controller.php. | |||||
| CVE-2025-37100 | 2025-06-12 | N/A | 7.7 HIGH | ||
| A vulnerability in the APIs of HPE Aruba Networking Private 5G Core could potentially expose sensitive information to unauthorized users. A successful exploitation could allow an attacker to iteratively navigate through the filesystem and ultimately download protected system files containing sensitive information. | |||||
| CVE-2024-3678 | 1 Adenion | 1 Blog2social | 2025-06-05 | N/A | 5.3 MEDIUM |
| The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.4.2. This makes it possible for unauthenticated attackers to view limited information from password protected posts. | |||||