ReportizFlow
Filtered by vendor
Subscriptions
Total
131 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-5009 | 2 Apple, Google | 2 Ios, Gemini | 2025-10-09 | N/A |
| In Gemini iOS, when a user shared a snippet of a conversation, it would share the entire conversation via a sharable public link that contained the entire conversation history and not just the snippet. | ||||
| CVE-2023-36018 | 1 Microsoft | 1 Jupyter | 2025-10-09 | 7.8 High |
| Visual Studio Code Jupyter Extension Spoofing Vulnerability | ||||
| CVE-2023-36052 | 1 Microsoft | 1 Azure Command-line Interface | 2025-10-09 | 8.6 High |
| Azure CLI REST Command Information Disclosure Vulnerability | ||||
| CVE-2025-59843 | 2 Flagforge, Flagforgectf | 2 Flagforge, Flagforge | 2025-10-08 | 5.3 Medium |
| Flag Forge is a Capture The Flag (CTF) platform. From versions 2.0.0 to before 2.3.1, the public endpoint /api/user/[username] returns user email addresses in its JSON response. The problem has been patched in FlagForge version 2.3.1. The fix removes email addresses from public API responses while keeping the endpoint publicly accessible. Users should upgrade to version 2.3.1 or later to eliminate exposure. There are no workarounds for this vulnerability. | ||||
| CVE-2024-42325 | 1 Zabbix | 1 Zabbix | 2025-10-08 | 3.5 Low |
| Zabbix API user.get returns all users that share common group with the calling user. This includes media and other information, such as login attempts, etc. | ||||
| CVE-2025-10859 | 2 Apple, Mozilla | 3 Ios, Firefox, Firefox For Ios | 2025-10-03 | 4 Medium |
| Cookie storage for non-HTML temporary documents was being shared incorrectly with normal browsing content, allowing information from private tabs to escape Incognito mode even after the user closed all tabs This vulnerability affects Firefox for iOS < 143.1. | ||||
| CVE-2025-43357 | 1 Apple | 4 Ios, Ipados, Iphone Os and 1 more | 2025-09-30 | 5.5 Medium |
| This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Tahoe 26, iOS 26 and iPadOS 26. An app may be able to fingerprint the user. | ||||
| CVE-2025-1939 | 1 Mozilla | 1 Firefox | 2025-09-30 | 3.9 Low |
| Android apps can load web pages using the Custom Tabs feature. This feature supports a transition animation that could have been used to trick a user into granting sensitive permissions by hiding what the user was actually clicking. This vulnerability affects Firefox < 136. | ||||
| CVE-2025-53374 | 1 Dokploy | 1 Dokploy | 2025-09-29 | 4.3 Medium |
| Dokploy is a self-hostable Platform as a Service (PaaS) that simplifies the deployment and management of applications and databases. An authenticated low-privileged account can retrieve detailed profile information about another users in the same organization by directly invoking user.one. The response discloses personally-identifiable information (PII) such as e-mail address, role, two-factor status, organization ID, and various account flags. The fix will be available in the v0.23.7. | ||||
| CVE-2024-49765 | 1 Discourse | 1 Discourse | 2025-09-26 | 5.3 Medium |
| Discourse is an open source platform for community discussion. Sites that are using discourse connect but still have local logins enabled could allow attackers to bypass discourse connect to create accounts and login. This problem is patched in the latest version of Discourse. Users unable to upgrade who are using discourse connect may disable all other login methods as a workaround. | ||||
| CVE-2025-6017 | 1 Redhat | 2 Acm, Advanced Cluster Management For Kubernetes | 2025-09-25 | 5.5 Medium |
| A flaw was found in Red Hat Advanced Cluster Management through versions 2.10, before 2.10.7, 2.11, before 2.11.4, and 2.12, before 2.12.4. This vulnerability allows an unprivileged user to view confidential managed cluster credentials through the UI. This information should only be accessible to authorized users and may result in the loss of confidentiality of administrative information, which could be leaked to unauthorized actors. | ||||
| CVE-2024-28387 | 1 Axonaut | 1 Axonaut | 2025-09-18 | 7.5 High |
| An issue in axonaut v.3.1.23 and before allows a remote attacker to obtain sensitive information via the log.txt component. | ||||
| CVE-2025-53765 | 1 Microsoft | 2 Azure App Service On Azure Stack, Azure Stack Hub | 2025-09-17 | 4.4 Medium |
| Exposure of private personal information to an unauthorized actor in Azure Stack allows an authorized attacker to disclose information locally. | ||||
| CVE-2025-43310 | 1 Apple | 4 Macos, Macos Sequoia, Macos Sonoma and 1 more | 2025-09-17 | 4.4 Medium |
| A configuration issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to trick a user into copying sensitive data to the pasteboard. | ||||
| CVE-2025-43301 | 1 Apple | 4 Macos, Macos Sequoia, Macos Sonoma and 1 more | 2025-09-17 | 3.3 Low |
| A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to access contact info related to notifications in Notification Center. | ||||
| CVE-2025-43279 | 1 Apple | 1 Macos | 2025-09-17 | 6.2 Medium |
| A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Tahoe 26. An app may be able to access user-sensitive data. | ||||
| CVE-2025-51586 | 1 Prestashop | 1 Prestashop | 2025-09-12 | 3.7 Low |
| An issue was discoverd in file controllers/admin/AdminLoginController.php in PrestaShop before 8.2.1 allowing attackers to gain sensitive information via the reset password feature. | ||||
| CVE-2024-7697 | 2 Tecno, Transsion | 2 Com.transsion.carlcare, Carlcare | 2025-09-05 | 7.5 High |
| Logical vulnerability in the mobile application (com.transsion.carlcare) may lead to user information leakage risks. | ||||
| CVE-2024-11206 | 1 Tecno | 1 Com.transsion.phoenix | 2025-09-05 | 7.5 High |
| Unauthorized access vulnerability in the mobile application (com.transsion.phoenix) can lead to the leakage of user information. | ||||
| CVE-2025-54124 | 1 Xwiki | 2 Xwiki, Xwiki-platform | 2025-09-02 | 6.5 Medium |
| XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. XWiki Platform Legacy Old Core and XWiki Platform Old Core versions 9.8-rc-1 through 16.4.6, 16.5.0-rc-1 through 16.10.4, and 17.0.0-rc-1 through 17.1.0, any user with editing rights can create an XClass with a database list property that references a password property. When adding an object of that XClass, the content of that password property is displayed. In practice, with a standard rights setup, this means that any user with an account on the wiki can access password hashes of all users, and possibly other password properties (with hashed or plain storage) that are on pages that the user can view. This issue is fixed in versions 16.4.7, 16.10.5 and 17.2.0-rc-1. | ||||