ReportizFlow
Filtered by vendor
Subscriptions
Total
131 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-23301 | 4 Fedoraproject, Redhat, Relax-and-recover and 1 more | 4 Fedora, Enterprise Linux, Relax-and-recover and 1 more | 2025-06-04 | 5.5 Medium |
| Relax-and-Recover (aka ReaR) through 2.7 creates a world-readable initrd when using GRUB_RESCUE=y. This allows local attackers to gain access to system secrets otherwise only readable by root. | ||||
| CVE-2025-0679 | 1 Gitlab | 1 Gitlab | 2025-05-29 | 4.3 Medium |
| An issue has been discovered in GitLab CE/EE affecting all versions from 17.1 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. Under certain conditions un-authorised users can view full email addresses that should be partially obscured. | ||||
| CVE-2024-13228 | 1 Themeum | 1 Qubely | 2025-05-26 | 4.3 Medium |
| The Qubely – Advanced Gutenberg Blocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.8.13 via the 'qubely_get_content'. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, scheduled, password-protected, draft, and trashed post data. | ||||
| CVE-2022-2720 | 1 Octopus | 1 Octopus Server | 2025-05-16 | 5.3 Medium |
| In affected versions of Octopus Server it was identified that when a sensitive value is a substring of another value, sensitive value masking will only partially work. | ||||
| CVE-2024-38103 | 1 Microsoft | 1 Edge | 2025-05-05 | 5.9 Medium |
| Microsoft Edge (Chromium-based) Information Disclosure Vulnerability | ||||
| CVE-2024-26192 | 1 Microsoft | 1 Edge Chromium | 2025-05-03 | 8.2 High |
| Microsoft Edge (Chromium-based) Information Disclosure Vulnerability | ||||
| CVE-2024-29986 | 2 Google, Microsoft | 2 Android, Edge Chromium | 2025-05-03 | 5.4 Medium |
| Microsoft Edge for Android (Chromium-based) Information Disclosure Vulnerability | ||||
| CVE-2024-29987 | 1 Microsoft | 1 Edge Chromium | 2025-05-03 | 6.5 Medium |
| Microsoft Edge (Chromium-based) Information Disclosure Vulnerability | ||||
| CVE-2024-30056 | 1 Microsoft | 1 Edge Chromium | 2025-05-03 | 7.1 High |
| Microsoft Edge (Chromium-based) Information Disclosure Vulnerability | ||||
| CVE-2023-45721 | 2025-05-02 | 5.3 Medium | ||
| Insufficient default configuration in HCL Leap allows anonymous access to directory information. | ||||
| CVE-2023-45720 | 2025-04-29 | 5.3 Medium | ||
| Insufficient default configuration in HCL Leap allows anonymous access to directory information. | ||||
| CVE-2022-23634 | 5 Debian, Fedoraproject, Puma and 2 more | 5 Debian Linux, Fedora, Puma and 2 more | 2025-04-23 | 8 High |
| Puma is a Ruby/Rack web server built for parallelism. Prior to `puma` version `5.6.2`, `puma` may not always call `close` on the response body. Rails, prior to version `7.0.2.2`, depended on the response body being closed in order for its `CurrentAttributes` implementation to work correctly. The combination of these two behaviors (Puma not closing the body + Rails' Executor implementation) causes information leakage. This problem is fixed in Puma versions 5.6.2 and 4.3.11. This problem is fixed in Rails versions 7.02.2, 6.1.4.6, 6.0.4.6, and 5.2.6.2. Upgrading to a patched Rails _or_ Puma version fixes the vulnerability. | ||||
| CVE-2022-24719 | 1 Fluture-node Project | 1 Fluture-node | 2025-04-23 | 2.6 Low |
| Fluture-Node is a FP-style HTTP and streaming utils for Node based on Fluture. Using `followRedirects` or `followRedirectsWith` with any of the redirection strategies built into fluture-node 4.0.0 or 4.0.1, paired with a request that includes confidential headers such as Authorization or Cookie, exposes you to a vulnerability where, if the destination server were to redirect the request to a server on a third-party domain, or the same domain over unencrypted HTTP, the headers would be included in the follow-up request and be exposed to the third party, or potential http traffic sniffing. The redirection strategies made available in version 4.0.2 automatically redact confidential headers when a redirect is followed across to another origin. A workaround has been identified by using a custom redirection strategy via the `followRedirectsWith` function. The custom strategy can be based on the new strategies available in [email protected]. | ||||
| CVE-2022-35932 | 1 Nextcloud | 1 Talk | 2025-04-23 | 3.5 Low |
| Nextcloud Talk is a video and audio conferencing app for Nextcloud. Prior to versions 12.2.7, 13.0.7, and 14.0.3, password protected conversations are susceptible to brute force attacks if the attacker has the link/conversation token. It is recommended that the Nextcloud Talk application is upgraded to 12.2.7, 13.0.7 or 14.0.3. There are currently no known workarounds available apart from not having password protected conversations. | ||||
| CVE-2022-36091 | 1 Xwiki | 1 Xwiki | 2025-04-23 | 7.5 High |
| XWiki Platform Web Templates are templates for XWiki Platform, a generic wiki platform. Through the suggestion feature, string and list properties of objects the user shouldn't have access to can be accessed in versions prior to 13.10.4 and 14.2. This includes private personal information like email addresses and salted password hashes of registered users but also other information stored in properties of objects. Sensitive configuration fields like passwords for LDAP or SMTP servers could be accessed. By exploiting an additional vulnerability, this issue can even be exploited on private wikis at least for string properties. The issue is patched in version 13.10.4 and 14.2. Password properties are no longer displayed and rights are checked for other properties. A workaround is available. The template file `suggest.vm` can be replaced by a patched version without upgrading or restarting XWiki unless it has been overridden, in which case the overridden template should be patched, too. This might need adjustments for older versions, though. | ||||
| CVE-2022-41936 | 1 Xwiki | 1 Xwiki | 2025-04-23 | 5.3 Medium |
| XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The `modifications` rest endpoint does not filter out entries according to the user's rights. Therefore, information hidden from unauthorized users are exposed though the `modifications` rest endpoint (comments and page names etc). Users should upgrade to XWiki 14.6+, 14.4.3+, or 13.10.8+. Older versions have not been patched. There are no known workarounds. | ||||
| CVE-2022-41971 | 1 Nextcloud | 1 Nextcloud Talk | 2025-04-23 | 4.8 Medium |
| Nextcould Talk android is a video and audio conferencing app for Nextcloud. Prior to versions 12.2.8, 13.0.10, 14.0.6, and 15.0.0, guests can continue to receive video streams from a call after being removed from a conversation. An attacker would be able to see videos on a call in a public conversation after being removed from that conversation, provided that they were removed while being in the call. Versions 12.2.8, 13.0.10, 14.0.6, and 15.0.0 contain patches for the issue. No known workarounds are available. | ||||
| CVE-2022-24819 | 1 Xwiki | 1 Xwiki | 2025-04-22 | 5.3 Medium |
| XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. A guest user without the right to view pages of the wiki can still list documents related to users of the wiki. The problem has been patched in XWiki versions 12.10.11, 13.4.4, and 13.9-rc-1. There is no known workaround for this problem. | ||||
| CVE-2022-24820 | 1 Xwiki | 1 Xwiki | 2025-04-22 | 5.3 Medium |
| XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. A guest user without the right to view pages of the wiki can still list documents by rendering some velocity documents. The problem has been patched in XWiki versions 12.10.11, 13.4.4, and 13.9-rc-1. There is no known workaround for this problem. | ||||
| CVE-2022-24890 | 1 Nextcloud | 1 Talk | 2025-04-22 | 2.4 Low |
| Nextcloud Talk is a video and audio conferencing app for Nextcloud. In versions prior to 13.0.5 and 14.0.0, a call moderator can indirectly enable user webcams by granting permissions, if they were enabled before removing the permissions. A patch is available in versions 13.0.5 and 14.0.0. There are currently no known workarounds. | ||||