Filtered by CWE-497
Filtered by vendor Subscriptions
Total 195 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2025-4614 1 Palo Alto Networks 1 Pan-os 2025-10-09 N/A
An information disclosure vulnerability in Palo Alto Networks PAN-OS® software enables an authenticated administrator to view session tokens of users authenticated to the firewall web UI. This may allow impersonation of users whose session tokens are leaked.   The security risk posed by this issue is significantly minimized when CLI access is restricted to a limited group of administrators. Cloud NGFW and Prisma® Access are not affected by this vulnerability.
CVE-2025-59447 1 Yosmart 1 Yolink Smart Hub 2025-10-08 2.2 Low
The YoSmart YoLink Smart Hub device 0382 exposes a UART debug interface. An attacker with direct physical access can leverage this interface to read a boot log, which includes network access credentials.
CVE-2025-44823 1 Nagios 1 Log Server 2025-10-08 9.9 Critical
Nagios Log Server before 2024R1.3.2 allows authenticated users to retrieve cleartext administrative API keys via a /nagioslogserver/index.php/api/system/get_users call. This is GL:NLS#475.
CVE-2025-58585 1 Sick 3 Logistic Diagnostic Analytics, Package Analytics, Tire Analytics 2025-10-08 5.3 Medium
Multiple endpoints with sensitive information do not require authentication, making the application susceptible to information gathering.
CVE-2025-58579 1 Sick 5 Baggage Analytics, Enterprise Analytics, Logistic Diagnostic Analytics and 2 more 2025-10-08 5.3 Medium
Due to a lack of authentication, it is possible for an unauthenticated user to request data from this endpoint, making the application vulnerable for user enumeration.
CVE-2024-45549 1 Qualcomm 320 Ar8035, Ar8035 Firmware, Fastconnect 6700 and 317 more 2025-10-06 7.7 High
Information disclosure while creating MQ channels.
CVE-2025-58583 2025-10-06 5.3 Medium
The application provides access to a login protected H2 database for caching purposes. The username is prefilled.
CVE-2025-60092 2 Shahjada, Wordpress 2 Download Manager, Wordpress 2025-09-29 5.3 Medium
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Shahjada Download Manager allows Retrieve Embedded Sensitive Data. This issue affects Download Manager: from n/a through 3.3.24.
CVE-2025-60119 2 Coschedule, Wordpress 2 Coschedule, Wordpress 2025-09-29 5.3 Medium
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in CoSchedule CoSchedule allows Retrieve Embedded Sensitive Data. This issue affects CoSchedule: from n/a through 3.3.10.
CVE-2025-60167 3 Elementor, Honzat, Wordpress 3 Elementor, Page Manager For Elementor, Wordpress 2025-09-29 4.3 Medium
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in honzat Page Manager for Elementor allows Retrieve Embedded Sensitive Data. This issue affects Page Manager for Elementor: from n/a through 2.0.5.
CVE-2025-27149 1 Zulip 2 Zulip, Zulip Server 2025-09-27 2.7 Low
Zulip server provides an open-source team chat that helps teams stay productive and focused. Prior to 10.0, the data export to organization administrators feature in Zulip leaks private data. The collection of user-agent types identifying specific integrations or HTTP libraries (E.g., ZulipGitlabWebhook, okhttp, or PycURL) that have been used to access any organization on the server was incorrectly included in all three export types, regardless of if they were used to access the exported organization or not. The "public data" and "with consent" exports metadata including the titles of some topics in private channels which the administrator otherwise did not have access to, and none of the users consented to exporting and metadata for which users were in a group DM together. This vulnerability is fixed in 10.0.
CVE-2025-53862 1 Redhat 1 Ansible Automation Platform 2025-09-25 3.5 Low
A flaw was found in Ansible. Three API endpoints are accessible and return verbose, unauthenticated responses. This flaw allows a malicious user to access data that may contain important information.
CVE-2025-36146 1 Ibm 1 Watsonx.data 2025-09-25 4.3 Medium
IBM Lakehouse (watsonx.data 2.2) could allow an authenticated user to obtain sensitive server component version information which could aid in further attacks against the system.
CVE-2025-58007 2 Nerdpress, Wordpress 2 Social Pug Wordpress, Wordpress 2025-09-25 4.3 Medium
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in NerdPress Social Pug allows Retrieve Embedded Sensitive Data. This issue affects Social Pug: from n/a through 1.35.1.
CVE-2025-59582 1 Wordpress 1 Wordpress 2025-09-23 5.3 Medium
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Darren Cooney Ajax Load More allows Retrieve Embedded Sensitive Data. This issue affects Ajax Load More: from n/a through 7.6.0.2.
CVE-2025-57916 1 Wordpress 1 Wordpress 2025-09-23 4.3 Medium
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Nurul Amin WP System Information allows Retrieve Embedded Sensitive Data. This issue affects WP System Information: from n/a through 1.5.
CVE-2025-57937 2 Etruel, Wordpress 2 Wpematico Rss Feed Fetcher, Wordpress 2025-09-23 4.3 Medium
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in etruel WPeMatico RSS Feed Fetcher allows Retrieve Embedded Sensitive Data. This issue affects WPeMatico RSS Feed Fetcher: from n/a through 2.8.10.
CVE-2025-58015 2 Ays-pro, Wordpress 2 Quiz Maker, Wordpress 2025-09-23 5.3 Medium
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Ays Pro Quiz Maker allows Retrieve Embedded Sensitive Data. This issue affects Quiz Maker: from n/a through 6.7.0.61.
CVE-2024-12367 1 Vegagrup 1 Vega Master 2025-09-23 8.6 High
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Vegagrup Software Vega Master allows Directory Indexing.This issue affects Vega Master: from v.1.12.35 through 20250916.  NOTE: The vendor did not inform about the completion of the fixing process within the specified time. The CVE will be updated when new information becomes available.
CVE-2025-49147 1 Umbraco 1 Umbraco Cms 2025-09-22 5.3 Medium
Umbraco, a free and open source .NET content management system, has a vulnerability in versions 10.0.0 through 10.8.10 and 13.0.0 through 13.9.1. Via a request to an anonymously authenticated endpoint it's possible to retrieve information about the configured password requirements. The information available is limited but would perhaps give some additional detail useful for someone attempting to brute force derive a user's password. This information was not exposed in Umbraco 7 or 8, nor in 14 or higher versions. The vulnerability is patched in versions 10.8.11 and 13.9.2.