ReportizFlow
Filtered by vendor
Subscriptions
Total
305 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-27550 | 1 Ibm | 1 Jazz Reporting Service | 2026-02-23 | 3.5 Low |
| IBM Jazz Reporting Service could allow an authenticated user on the host network to obtain sensitive information about other projects that reside on the server. | ||||
| CVE-2026-25325 | 2 Rtcamp, Wordpress | 2 Rtmedia For Wordpress, Buddypress And Bbpress, Wordpress | 2026-02-20 | 5.3 Medium |
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in rtCamp rtMedia for WordPress, BuddyPress and bbPress buddypress-media allows Retrieve Embedded Sensitive Data.This issue affects rtMedia for WordPress, BuddyPress and bbPress: from n/a through <= 4.7.8. | ||||
| CVE-2025-36238 | 1 Ibm | 1 Powervm Hypervisor | 2026-02-19 | 6 Medium |
| IBM PowerVM Hypervisor FW1110.00 through FW1110.03, FW1060.00 through FW1060.51, and FW950.00 through FW950.F0 could allow a local user with administration privileges to obtain sensitive information from a Virtual TPM through a series of PowerVM service procedures. | ||||
| CVE-2023-37525 | 1 Hcltech | 1 Bigfix Compliance | 2026-02-12 | 5.3 Medium |
| A sensitive information disclosure in HCL BigFix Compliance allows a remote attacker to access files under the WEB-INF directory, which may contain Java class files and configuration information, leading to unauthorized access to application internals. | ||||
| CVE-2025-9986 | 1 Vadi Corporate Information Systems | 1 Digikent | 2026-02-12 | 8.2 High |
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Vadi Corporate Information Systems Ltd. Co. DIGIKENT allows Excavation.This issue affects DIGIKENT: through 13092025. | ||||
| CVE-2025-13651 | 1 Microcom | 1 Zeusweb | 2026-02-12 | N/A |
| Exposure of Sensitive System Information to an Unauthorized Actor vulnerability in Microcom ZeusWeb allows Web Application Fingerprinting of sensitive data. This issue affects ZeusWeb: 6.1.31. | ||||
| CVE-2025-63058 | 2 Hiroaki Miyashita, Wordpress | 2 Custom Field Template, Wordpress | 2026-02-11 | 4.4 Medium |
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Hiroaki Miyashita Custom Field Template custom-field-template allows Retrieve Embedded Sensitive Data.This issue affects Custom Field Template: from n/a through <= 2.7.4. | ||||
| CVE-2025-66599 | 1 Yokogawa | 1 Fast/tools | 2026-02-09 | N/A |
| A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. Physical paths could be displayed on web pages. This information could be exploited by an attacker for other attacks. The affected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to R10.04 | ||||
| CVE-2025-4614 | 2 Palo Alto Networks, Paloaltonetworks | 2 Pan-os, Pan-os | 2026-02-06 | 2.7 Low |
| An information disclosure vulnerability in Palo Alto Networks PAN-OS® software enables an authenticated administrator to view session tokens of users authenticated to the firewall web UI. This may allow impersonation of users whose session tokens are leaked. The security risk posed by this issue is significantly minimized when CLI access is restricted to a limited group of administrators. Cloud NGFW and Prisma® Access are not affected by this vulnerability. | ||||
| CVE-2025-14150 | 1 Ibm | 1 Webmethods Integration On Prem Integration Server | 2026-02-05 | 6.5 Medium |
| IBM webMethods Integration (on prem) - Integration Server 10.15 through IS_10.15_Core_Fix2411.1 to IS_11.1_Core_Fix8 IBM webMethods Integration could disclose sensitive user information in server responses. | ||||
| CVE-2026-24998 | 2 Wordpress, Wpmudev | 2 Wordpress, Hustle | 2026-02-04 | 5.3 Medium |
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPMU DEV - Your All-in-One WordPress Platform Hustle wordpress-popup allows Retrieve Embedded Sensitive Data.This issue affects Hustle: from n/a through <= 7.8.9.2. | ||||
| CVE-2026-25023 | 1 Wordpress | 1 Wordpress | 2026-02-04 | 5.3 Medium |
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in mdedev Run Contests, Raffles, and Giveaways with ContestsWP contest-code-checker allows Retrieve Embedded Sensitive Data.This issue affects Run Contests, Raffles, and Giveaways with ContestsWP: from n/a through <= 2.0.7. | ||||
| CVE-2025-67717 | 1 Zitadel | 1 Zitadel | 2026-02-02 | 4.3 Medium |
| ZITADEL is an open-source identity infrastructure tool. Versions 2.44.0 through 3.4.4 and 4.0.0-rc.1 through 4.7.1 disclose the total number of instance users to authenticated users, regardless of their specific permissions. While this does not leak individual user data or PII, disclosing the total user count via the totalResult field constitutes an information disclosure vulnerability that may be sensitive in certain contexts. This issue is fixed in versions 3.4.5 and 4.7.2. | ||||
| CVE-2026-0798 | 1 Gitea | 1 Gitea | 2026-01-30 | 3.5 Low |
| Gitea may send release notification emails for private repositories to users whose access has been revoked. When a repository is changed from public to private, users who previously watched the repository may continue to receive release notifications, potentially disclosing release titles, tags, and content. | ||||
| CVE-2025-67954 | 1 Wordpress | 1 Wordpress | 2026-01-29 | 6.5 Medium |
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Dimitri Grassi Salon booking system salon-booking-system allows Retrieve Embedded Sensitive Data.This issue affects Salon booking system: from n/a through <= 10.30.3. | ||||
| CVE-2025-64258 | 2 Wordpress, Wpwebelite | 2 Wordpress, Follow My Blog Post | 2026-01-29 | 7.5 High |
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in wpweb Follow My Blog Post follow-my-blog-post allows Retrieve Embedded Sensitive Data.This issue affects Follow My Blog Post: from n/a through <= 2.3.9. | ||||
| CVE-2025-43024 | 1 Hp | 1 Thinpro | 2026-01-29 | 7.5 High |
| A GUI dialog of an application allows to view what files are in the file system without proper authorization. | ||||
| CVE-2025-63051 | 1 Wordpress | 1 Wordpress | 2026-01-28 | 4.3 Medium |
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in sizam REHub Framework rehub-framework allows Retrieve Embedded Sensitive Data.This issue affects REHub Framework: from n/a through < 19.9.9.4. | ||||
| CVE-2025-68046 | 2 Themehunk, Wordpress | 2 Contact Form & Lead Form Elementor Builder, Wordpress | 2026-01-28 | 6.5 Medium |
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in ThemeHunk Contact Form & Lead Form Elementor Builder lead-form-builder allows Retrieve Embedded Sensitive Data.This issue affects Contact Form & Lead Form Elementor Builder: from n/a through <= 2.0.1. | ||||
| CVE-2025-47319 | 1 Qualcomm | 237 Ar8035, Ar8035 Firmware, Fastconnect 6200 and 234 more | 2026-01-28 | 6.7 Medium |
| Information disclosure while exposing internal TA-to-TA communication APIs to HLOS | ||||