ReportizFlow
Filtered by vendor
Subscriptions
Total
179 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-1650 | 3 Debian, Eventsource, Redhat | 11 Debian Linux, Eventsource, Ceph Storage and 8 more | 2026-02-24 | 8.1 High |
| Improper Removal of Sensitive Information Before Storage or Transfer in GitHub repository eventsource/eventsource prior to v2.0.2. | ||||
| CVE-2025-49715 | 1 Microsoft | 2 Dynamics 365, Dynamics 365 Fasttrack Implementation | 2026-02-20 | 7.5 High |
| Exposure of private personal information to an unauthorized actor in Dynamics 365 FastTrack Implementation Assets allows an unauthorized attacker to disclose information over a network. | ||||
| CVE-2020-37173 | 2 Avideo, Wwbn | 2 Avideo Platform, Avideo | 2026-02-18 | 7.5 High |
| AVideo Platform 8.1 contains an information disclosure vulnerability that allows attackers to enumerate user details through the playlistsFromUser.json.php endpoint. Attackers can retrieve sensitive user information including email, password hash, and administrative status by manipulating the users_id parameter. | ||||
| CVE-2025-53765 | 1 Microsoft | 2 Azure App Service On Azure Stack, Azure Stack Hub | 2026-02-13 | 4.4 Medium |
| Exposure of private personal information to an unauthorized actor in Azure Stack allows an authorized attacker to disclose information locally. | ||||
| CVE-2025-59843 | 2 Flagforge, Flagforgectf | 2 Flagforge, Flagforge | 2026-01-29 | 5.3 Medium |
| Flag Forge is a Capture The Flag (CTF) platform. From versions 2.0.0 to before 2.3.2, the public endpoint /api/user/[username] returns user email addresses in its JSON response. The fix, intended for release in 2.3.1 but only available starting in version 2.3.2, removes email addresses from public API responses while keeping the endpoint publicly accessible. Users should upgrade to version 2.3.2 or later to eliminate exposure. There are no workarounds for this vulnerability. | ||||
| CVE-2025-3950 | 1 Gitlab | 1 Gitlab | 2026-01-21 | 3.5 Low |
| GitLab has remediated an issue in GitLab CE/EE affecting all versions from 10.3 before 18.5.5, 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed a user to leak certain information by referencing specially crafted images that bypass asset proxy protection. | ||||
| CVE-2025-1030 | 1 Utarit | 1 Soliclub | 2026-01-16 | 7.5 High |
| Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Utarit Informatics Services Inc. SoliClub allows Query System for Information.This issue affects SoliClub: from 5.2.4 before 5.3.7. | ||||
| CVE-2025-53950 | 3 Apple, Fortinet, Microsoft | 4 Macos, Fortidlp, Fortidlp Agent and 1 more | 2026-01-14 | 5.1 Medium |
| An Exposure of Private Personal Information ('Privacy Violation') vulnerability [CWE-359] in Fortinet FortiDLP Agent's Outlookproxy plugin for MacOS and Windows 11.5.1 and 11.4.2 through 11.4.6 and 11.3.2 through 11.3.4 and 11.2.0 through 11.2.3 and 11.1.1. through 11.1.2 and 11.0.1 and 10.5.1 and 10.4.0, and 10.3.1 may allow an authenticated administrator to collect current user's email information. | ||||
| CVE-2024-29888 | 1 Saleor | 1 Saleor | 2026-01-08 | 4.2 Medium |
| Saleor is an e-commerce platform that serves high-volume companies. When using `Pickup: Local stock only` click-and-collect as a delivery method in specific conditions the customer could overwrite the warehouse address with its own, which exposes its address as click-and-collect address. This issue has been patched in versions: `3.14.61`, `3.15.37`, `3.16.34`, `3.17.32`, `3.18.28`, `3.19.15`. | ||||
| CVE-2025-68945 | 1 Gitea | 1 Gitea | 2026-01-01 | 5.8 Medium |
| In Gitea before 1.21.2, an anonymous user can visit a private user's project. | ||||
| CVE-2025-34441 | 1 Wwbn | 1 Avideo | 2025-12-19 | 7.5 High |
| AVideo versions prior to 20.1 expose sensitive user information through an unauthenticated public API endpoint. Responses include emails, usernames, administrative status, and last login times, enabling user enumeration and privacy violations. | ||||
| CVE-2024-23301 | 4 Fedoraproject, Redhat, Relax-and-recover and 1 more | 4 Fedora, Enterprise Linux, Relax-and-recover and 1 more | 2025-12-10 | 5.5 Medium |
| Relax-and-Recover (aka ReaR) through 2.7 creates a world-readable initrd when using GRUB_RESCUE=y. This allows local attackers to gain access to system secrets otherwise only readable by root. | ||||
| CVE-2025-66510 | 1 Nextcloud | 4 Nextcloud, Nextcloud Enterprise Server, Nextcloud Server and 1 more | 2025-12-10 | 4.5 Medium |
| Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server prior to 31.0.10 and 32.0.1 and Nextcloud Enterprise Server prior to 28.0.14.11, 29.0.16.8, 30.0.17.3, and 31.0.10, contacts search allowed to retrieve personal data of other users (emails, names, identifiers) without proper access control. This allows an authenticated user to retrieve information about accounts that are not related or added as contacts. | ||||
| CVE-2024-38103 | 1 Microsoft | 2 Edge, Edge Chromium | 2025-12-10 | 5.9 Medium |
| Microsoft Edge (Chromium-based) Information Disclosure Vulnerability | ||||
| CVE-2025-66027 | 1 Rallly | 1 Rallly | 2025-12-03 | 6.5 Medium |
| Rallly is an open-source scheduling and collaboration tool. Prior to version 4.5.6, an information disclosure vulnerability exposes participant details, including names and email addresses through the /api/trpc/polls.get,polls.participants.list endpoint, even when Pro privacy features are enabled. This bypasses intended privacy controls that should prevent participants from viewing other users’ personal information. This issue has been patched in version 4.5.6. | ||||
| CVE-2025-6017 | 1 Redhat | 2 Acm, Advanced Cluster Management For Kubernetes | 2025-11-21 | 5.5 Medium |
| A flaw was found in Red Hat Advanced Cluster Management through versions 2.10, before 2.10.7, 2.11, before 2.11.4, and 2.12, before 2.12.4. This vulnerability allows an unprivileged user to view confidential managed cluster credentials through the UI. This information should only be accessible to authorized users and may result in the loss of confidentiality of administrative information, which could be leaked to unauthorized actors. | ||||
| CVE-2025-36131 | 1 Ibm | 1 Db2 | 2025-11-19 | 4.6 Medium |
| IBM Db2 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes Db2 Connect Server) clpplus command exposes user credentials to the terminal which could be obtained by a third party with physical access to the system. | ||||
| CVE-2023-45720 | 1 Hcltech | 1 Hcl Leap | 2025-11-18 | 5.3 Medium |
| Insufficient default configuration in HCL Leap allows anonymous access to directory information. | ||||
| CVE-2024-7697 | 2 Tecno, Transsion | 2 Com.transsion.carlcare, Carlcare | 2025-11-13 | 7.5 High |
| Logical vulnerability in the mobile application (com.transsion.carlcare) may lead to user information leakage risks. | ||||
| CVE-2023-45721 | 1 Hcltech | 1 Domino Leap | 2025-11-04 | 5.3 Medium |
| Insufficient default configuration in HCL Leap allows anonymous access to directory information. | ||||