ReportizFlow
Filtered by vendor
Subscriptions
Total
179 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-43469 | 1 Apple | 3 Macos, Macos Sequoia, Macos Sonoma | 2026-04-23 | 5.5 Medium |
| A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1. An app may be able to access sensitive user data. | ||||
| CVE-2026-6765 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-04-22 | 5.3 Medium |
| Information disclosure in the Form Autofill component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10. | ||||
| CVE-2025-0969 | 2 Brizy, Wordpress | 3 Brizy, Brizy-page Builder, Wordpress | 2026-04-22 | 6.5 Medium |
| The Brizy – Page Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.7.16 via the get_users() function. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data including email addresses and hashed passwords of administrators. | ||||
| CVE-2025-12536 | 2 Brainstormforce, Wordpress | 2 Sureforms, Wordpress | 2026-04-21 | 5.3 Medium |
| The SureForms plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.13.1 via the '_srfm_email_notification' post meta registration. This is due to setting the 'auth_callback' parameter to '__return_true', which allows unauthenticated access to the metadata. This makes it possible for unauthenticated attackers to extract sensitive data including email notification configurations, which frequently contain vendor-provided CRM/help desk dropbox addresses, CC/BCC recipients, and notification templates that can be abused to inject malicious data into downstream systems. | ||||
| CVE-2025-10859 | 2 Apple, Mozilla | 3 Ios, Firefox, Firefox For Ios | 2026-04-21 | 4 Medium |
| Cookie storage for non-HTML temporary documents was being shared incorrectly with normal browsing content, allowing information from private tabs to escape Incognito mode even after the user closed all tabs. This vulnerability was fixed in Firefox for iOS 143.1. | ||||
| CVE-2025-3035 | 1 Mozilla | 1 Firefox | 2026-04-20 | 5.3 Medium |
| By first using the AI chatbot in one tab and later activating it in another tab, the document title of the previous tab would leak into the chat prompt. This vulnerability was fixed in Firefox 137. | ||||
| CVE-2025-1939 | 1 Mozilla | 1 Firefox | 2026-04-20 | 3.9 Low |
| Android apps can load web pages using the Custom Tabs feature. This feature supports a transition animation that could have been used to trick a user into granting sensitive permissions by hiding what the user was actually clicking. This vulnerability was fixed in Firefox 136. | ||||
| CVE-2026-24321 | 1 Sap | 1 Commerce Cloud | 2026-04-18 | 5.3 Medium |
| SAP Commerce Cloud exposes multiple API endpoints to unauthenticated users, allowing them to submit requests to these open endpoints to retrieve sensitive information that is not intended to be publicly accessible via the front-end. This vulnerability has a low impact on confidentiality and does not affect integrity and availability. | ||||
| CVE-2026-24735 | 1 Apache | 1 Answer | 2026-04-18 | 7.5 High |
| Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Apache Answer. This issue affects Apache Answer: through 1.7.1. An unauthenticated API endpoint incorrectly exposes full revision history for deleted content. This allows unauthorized user to retrieve restricted or sensitive information. Users are recommended to upgrade to version 2.0.0, which fixes the issue. | ||||
| CVE-2025-15623 | 1 Sparxsystems | 1 Sparx Pro Cloud Server | 2026-04-17 | N/A |
| Exposure of Private Personal Information to an Unauthorized Actor, : Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Sparx Systems Pty Ltd. Sparx Pro Cloud Server. Unauthenticated user can retrieve database password in plaintext in certain situations | ||||
| CVE-2026-20834 | 1 Microsoft | 23 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 20 more | 2026-04-16 | 4.6 Medium |
| Absolute path traversal in Windows Shell allows an unauthorized attacker to perform spoofing with a physical attack. | ||||
| CVE-2026-0102 | 1 Microsoft | 1 Edge Chromium | 2026-04-15 | 3.1 Low |
| Under specific conditions, a malicious webpage may trigger autofill population after two consecutive taps, potentially without clear or intentional user consent. This could result in disclosure of stored autofill data such as addresses, email, or phone number metadata. | ||||
| CVE-2024-11216 | 2026-04-15 | 7.6 High | ||
| Authorization Bypass Through User-Controlled Key, Exposure of Private Personal Information to an Unauthorized Actor vulnerability in PozitifIK Pik Online allows Account Footprinting, Session Hijacking.This issue affects Pik Online: before 3.1.5. | ||||
| CVE-2025-26816 | 2026-04-15 | 6.5 Medium | ||
| A vulnerability in Intrexx Portal Server 12.0.2 and earlier which was classified as problematic potentially allows users with particular permissions under certain conditions to see potentially sensitive data from a different user context. | ||||
| CVE-2025-13008 | 2 M-files, M-files Corporation | 3 M-files Server, Server, M-files Server | 2026-04-15 | N/A |
| An information disclosure vulnerability in M-Files Server before versions 25.12.15491.7, 25.8 LTS SR3, 25.2 LTS SR3 and 24.8 LTS SR5 allows an authenticated attacker using M-Files Web to capture session tokens of other active users. | ||||
| CVE-2025-25042 | 2026-04-15 | 4.3 Medium | ||
| A vulnerability in the AOS-CX REST interface could allow an authenticated remote attacker with low privileges to view sensitive information. Successful exploitation could allow an attacker to read encrypted credentials of other users on the switch, potentially leading to further unauthorized access or data breaches. | ||||
| CVE-2024-44113 | 2026-04-15 | 4.3 Medium | ||
| Due to missing authorization checks, SAP Business Warehouse (BEx Analyzer) allows an authenticated attacker to access information over the network which is otherwise restricted. On successful exploitation the attacker can enumerate information causing a limited impact on confidentiality of the application. | ||||
| CVE-2025-20060 | 2026-04-15 | 7.5 High | ||
| An attacker could expose cross-user personal identifiable information (PII) and personal health information transmitted to the Android device via the Dario Health application database. | ||||
| CVE-2025-62362 | 2026-04-15 | N/A | ||
| gpp-burgerportaal is a Dutch government citizen portal application. In versions before 2.0.3, 3.0.2, and 4.0.1, the name and email address of employees who publish content are exposed in network responses and can be discovered by viewing the browser's developer tools network tab. This information disclosure may violate employee privacy expectations and could be used for targeted attacks or unwanted contact. This issue has been patched in versions 2.0.3, 3.0.2, and 4.0.1. No known workarounds exist. | ||||
| CVE-2023-50053 | 1 Foundation Platform | 1 Foundation App | 2026-04-15 | 7.6 High |
| An issue in Foundation.app Foundation platform 1.0 allows a remote attacker to obtain sensitive information via the Web3 authentication process of Foundation, the signed message lacks a nonce (random number) | ||||