ReportizFlow
Filtered by vendor
Subscriptions
Total
9408 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-47966 | 2025-06-07 | 9.8 Critical | ||
| Exposure of sensitive information to an unauthorized actor in Power Automate allows an unauthorized attacker to elevate privileges over a network. | ||||
| CVE-2025-23216 | 2 Argoproj, Redhat | 2 Argo Cd, Openshift Gitops | 2025-06-06 | 6.8 Medium |
| Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. A vulnerability was discovered in Argo CD that exposed secret values in error messages and the diff view when an invalid Kubernetes Secret resource was synced from a repository. The vulnerability assumes the user has write access to the repository and can exploit it, either intentionally or unintentionally, by committing an invalid Secret to repository and triggering a Sync. Once exploited, any user with read access to Argo CD can view the exposed secret data. The vulnerability is fixed in v2.13.4, v2.12.10, and v2.11.13. | ||||
| CVE-2025-31171 | 1 Huawei | 1 Harmonyos | 2025-06-06 | 6.8 Medium |
| File read permission bypass vulnerability in the kernel file system module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2025-20129 | 2025-06-05 | 4.3 Medium | ||
| A vulnerability in the web-based chat interface of Cisco Customer Collaboration Platform (CCP), formerly Cisco SocialMiner, could allow an unauthenticated, remote attacker to persuade users to disclose sensitive data. This vulnerability is due to improper sanitization of HTTP requests that are sent to the web-based chat interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to the chat interface of a targeted user on a vulnerable server. A successful exploit could allow the attacker to redirect chat traffic to a server that is under their control, resulting in sensitive information being redirected to the attacker. | ||||
| CVE-2025-5690 | 2025-06-05 | 6.5 Medium | ||
| PostgreSQL Anonymizer v2.0 and v2.1 contain a vulnerability that allows a masked user to bypass the masking rules defined on a table and read the original data using a database cursor or the --insert option of pg_dump. This problem occurs only when dynamic masking is enabled, which is not the default setting. The problem is resolved in version 2.2.1 | ||||
| CVE-2022-34692 | 1 Microsoft | 1 Exchange Server | 2025-06-05 | 5.3 Medium |
| Microsoft Exchange Server Information Disclosure Vulnerability | ||||
| CVE-2024-11083 | 2 Profilepress, Properfraction | 2 Loginwp, Profilepress | 2025-06-05 | 5.3 Medium |
| The ProfilePress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.15.18 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as administrator. | ||||
| CVE-2024-12329 | 1 G5plus | 1 Essential Real Estate | 2025-06-05 | 4.3 Medium |
| The Essential Real Estate plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on several pages/post types in all versions up to, and including, 5.1.6. This makes it possible for authenticated attackers, with Contributor-level access and above, to access invoices and transaction logs | ||||
| CVE-2024-11282 | 1 Wpchill | 1 Passster | 2025-06-05 | 5.3 Medium |
| The Passster – Password Protect Pages and Content plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.2.10 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as administrator. | ||||
| CVE-2025-3877 | 2 Mozilla, Redhat | 6 Thunderbird, Enterprise Linux, Rhel Aus and 3 more | 2025-06-05 | 5.4 Medium |
| A crafted HTML email using mailbox:/// links can trigger automatic, unsolicited downloads of .pdf files to the user's desktop or home directory without prompting, even if auto-saving is disabled. This behavior can be abused to fill the disk with garbage data (e.g. using /dev/urandom on Linux) or to leak Windows credentials via SMB links when the email is viewed in HTML mode. While user interaction is required to download the .pdf file, visual obfuscation can conceal the download trigger. Viewing the email in HTML mode is enough to load external content. This vulnerability affects Thunderbird < 128.10.1 and Thunderbird < 138.0.1. | ||||
| CVE-2024-37325 | 1 Microsoft | 1 Azure Data Science Virtual Machine | 2025-06-05 | 8.1 High |
| Azure Science Virtual Machine (DSVM) Elevation of Privilege Vulnerability | ||||
| CVE-2024-35263 | 1 Microsoft | 1 Dynamics 365 | 2025-06-05 | 5.7 Medium |
| Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability | ||||
| CVE-2024-30096 | 1 Microsoft | 9 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 6 more | 2025-06-05 | 5.5 Medium |
| Windows Cryptographic Services Information Disclosure Vulnerability | ||||
| CVE-2024-13613 | 1 Kainex | 1 Wise Chat | 2025-06-04 | 7.5 High |
| The Wise Chat plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.3.3 via the 'uploads' directory. This makes it possible for unauthenticated attackers to extract sensitive data stored insecurely in the /wp-content/uploads directory which can contain file attachments included in chat messages. The vulnerability was partially patched in version 3.3.3. | ||||
| CVE-2025-5266 | 2 Mozilla, Redhat | 4 Firefox, Enterprise Linux, Rhel E4s and 1 more | 2025-06-04 | 6.5 Medium |
| Script elements loading cross-origin resources generated load and error events which leaked information enabling XS-Leaks attacks. This vulnerability affects Firefox < 139 and Firefox ESR < 128.11. | ||||
| CVE-2025-29805 | 2025-06-04 | 7.5 High | ||
| Exposure of sensitive information to an unauthorized actor in Outlook for Android allows an unauthorized attacker to disclose information over a network. | ||||
| CVE-2025-27736 | 2025-06-04 | 5.5 Medium | ||
| Exposure of sensitive information to an unauthorized actor in Windows Power Dependency Coordinator allows an authorized attacker to disclose information locally. | ||||
| CVE-2025-26667 | 2025-06-04 | 6.5 Medium | ||
| Exposure of sensitive information to an unauthorized actor in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. | ||||
| CVE-2024-27731 | 1 Friendica | 1 Friendica | 2025-06-04 | 6.1 Medium |
| Cross Site Scripting vulnerability in Friendica v.2023.12 allows a remote attacker to obtain sensitive information via the lack of file type filtering in the file attachment parameter. | ||||
| CVE-2024-23207 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2025-06-04 | 5.5 Medium |
| This issue was addressed with improved redaction of sensitive information. This issue is fixed in watchOS 10.3, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, macOS Ventura 13.6.4, macOS Monterey 12.7.3. An app may be able to access sensitive user data. | ||||