ReportizFlow
Filtered by vendor
Subscriptions
Total
330 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-14150 | 1 Ibm | 1 Webmethods Integration On Prem Integration Server | 2026-04-15 | 6.5 Medium |
| IBM webMethods Integration (on prem) - Integration Server 10.15 through IS_10.15_Core_Fix2411.1 to IS_11.1_Core_Fix8 IBM webMethods Integration could disclose sensitive user information in server responses. | ||||
| CVE-2024-11029 | 1 Redhat | 1 Enterprise Linux | 2026-04-15 | 5.5 Medium |
| A flaw was found in the FreeIPA API audit, where it sends the whole FreeIPA command line to journalctl. As a consequence, during the FreeIPA installation process, it inadvertently leaks the administrative user credentials, including the administrator password, to the journal database. In the worst-case scenario, where the journal log is centralized, users with access to it can have improper access to the FreeIPA administrator credentials. | ||||
| CVE-2025-5893 | 2026-04-15 | 9.8 Critical | ||
| Smart Parking Management System from Honding Technology has an Exposure of Sensitive Information vulnerability, allowing unauthenticated remote attackers to access a specific page and obtain plaintext administrator credentials. | ||||
| CVE-2022-4985 | 2 Sercomm, Vodafone | 3 H500s, H500s, Vodafone H500s | 2026-04-15 | N/A |
| Vodafone H500s devices running firmware v3.5.10 (hardware model Sercomm VFH500) expose the WiFi access point password via an unauthenticated HTTP endpoint. By sending a crafted GET request to /data/activation.json with specific headers and cookies, a remote attacker can retrieve a JSON document that contains the wifi_password field. This allows an unauthenticated attacker to obtain the WiFi credentials and gain unauthorized access to the wireless network, compromising confidentiality of network traffic and attached systems. | ||||
| CVE-2025-13160 | 1 Iq Service International | 1 Iq-support | 2026-04-15 | 5.3 Medium |
| IQ-Support developed by IQ Service International has a Exposure of Sensitive Information vulnerability, allowing unauthenticated remote attackers to access specific APIs to obtain sensitive information from the internal network. | ||||
| CVE-2023-4605 | 1 Lenovo | 1 Xclarity Administrator | 2026-04-15 | 6.5 Medium |
| A valid authenticated Lenovo XClarity Administrator (LXCA) user can potentially leverage an unauthenticated API endpoint to retrieve system event information. | ||||
| CVE-2025-24334 | 2026-04-15 | 3.3 Low | ||
| The Nokia Single RAN baseband software earlier than 23R2-SR 1.0 MP can be made to reveal the exact software release version by sending a specific HTTP POST request through the Mobile Network Operator (MNO) internal RAN management network. | ||||
| CVE-2024-47799 | 2026-04-15 | 3.5 Low | ||
| Exposure of sensitive system information to an unauthorized control sphere issue exists in Mesh Wi-Fi router RP562B firmware version v1.0.2 and earlier. If this vulnerability is exploited, a network-adjacent authenticated attacker may obtain information of the other devices connected through the Wi-Fi. | ||||
| CVE-2024-52321 | 2026-04-15 | N/A | ||
| Multiple SHARP routers contain an improper authentication vulnerability in the configuration backup function. The product's backup files containing sensitive information may be retrieved by a remote unauthenticated attacker. | ||||
| CVE-2025-69025 | 3 Aethonic, Woocommerce, Wordpress | 3 Poptics, Woocommerce, Wordpress | 2026-04-15 | 4.3 Medium |
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Aethonic Poptics poptics allows Retrieve Embedded Sensitive Data.This issue affects Poptics: from n/a through <= 1.0.20. | ||||
| CVE-2024-12367 | 1 Vegagrup | 1 Vega Master | 2026-04-15 | 8.6 High |
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Vegagrup Software Vega Master allows Directory Indexing.This issue affects Vega Master: from v.1.12.35 through 20250916. NOTE: The vendor did not inform about the completion of the fixing process within the specified time. The CVE will be updated when new information becomes available. | ||||
| CVE-2025-0036 | 2026-04-15 | 3.2 Low | ||
| In AMD Versal Adaptive SoC devices, the incorrect configuration of the SSS during runtime (post-boot) cryptographic operations could cause data to be incorrectly written to and read from invalid locations as well as returning incorrect cryptographic data. | ||||
| CVE-2025-10264 | 1 Digiever | 7 Ds-1200, Ds-16x00, Ds-2100 and 4 more | 2026-04-15 | 10 Critical |
| Certain models of NVR developed by Digiever has an Exposure of Sensitive Information vulnerability, allowing unauthenticated remoter attackers to access the system configuration file and obtain plaintext credentials of the NVR and its connected cameras. | ||||
| CVE-2024-9470 | 1 Paloaltonetworks | 1 Cortex Xsoar | 2026-04-15 | N/A |
| A vulnerability in Cortex XSOAR allows the disclosure of incident data to users who do not have the privilege to view the data. | ||||
| CVE-2024-36070 | 2026-04-15 | 7.5 High | ||
| tine before 2023.11.8, when an LDAP backend is used, allows anonymous remote attackers to obtain sensitive authentication information via setup.php because of getRegistryData in Setup/Frontend/Json.php. (An update is also available for the 2022.11 series.) | ||||
| CVE-2025-59447 | 1 Yosmart | 1 Yolink Smart Hub | 2026-04-15 | 2.2 Low |
| The YoSmart YoLink Smart Hub device 0382 exposes a UART debug interface. An attacker with direct physical access can leverage this interface to read a boot log, which includes network access credentials. | ||||
| CVE-2025-14712 | 1 Jhenggao | 1 Student Learning Assessment And Support System | 2026-04-15 | 7.5 High |
| Student Learning Assessment and Support System developed by JHENG GAO has a Exposure of Sensitive Information vulnerability, allowing unauthenticated remote attackers to view a specific page and obtain test accounts and password. | ||||
| CVE-2025-63051 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 4.3 Medium |
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in sizam REHub Framework rehub-framework allows Retrieve Embedded Sensitive Data.This issue affects REHub Framework: from n/a through < 19.9.9.4. | ||||
| CVE-2025-4364 | 2026-04-15 | N/A | ||
| The affected products could allow an unauthenticated attacker to access system information that could enable further access to sensitive files and obtain administrative credentials. | ||||
| CVE-2025-23287 | 1 Nvidia | 1 Gpu Display Driver | 2026-04-15 | 3.3 Low |
| NVIDIA GPU Display Driver for Windows contains a vulnerability where an attacker may access sensitive system-level information. A successful exploit of this vulnerability may lead to Information disclosure. | ||||