Filtered by vendor
Subscriptions
Total
195 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2025-4614 | 1 Palo Alto Networks | 1 Pan-os | 2025-10-09 | N/A |
An information disclosure vulnerability in Palo Alto Networks PAN-OS® software enables an authenticated administrator to view session tokens of users authenticated to the firewall web UI. This may allow impersonation of users whose session tokens are leaked. The security risk posed by this issue is significantly minimized when CLI access is restricted to a limited group of administrators. Cloud NGFW and Prisma® Access are not affected by this vulnerability. | ||||
CVE-2025-59447 | 1 Yosmart | 1 Yolink Smart Hub | 2025-10-08 | 2.2 Low |
The YoSmart YoLink Smart Hub device 0382 exposes a UART debug interface. An attacker with direct physical access can leverage this interface to read a boot log, which includes network access credentials. | ||||
CVE-2025-44823 | 1 Nagios | 1 Log Server | 2025-10-08 | 9.9 Critical |
Nagios Log Server before 2024R1.3.2 allows authenticated users to retrieve cleartext administrative API keys via a /nagioslogserver/index.php/api/system/get_users call. This is GL:NLS#475. | ||||
CVE-2025-58585 | 1 Sick | 3 Logistic Diagnostic Analytics, Package Analytics, Tire Analytics | 2025-10-08 | 5.3 Medium |
Multiple endpoints with sensitive information do not require authentication, making the application susceptible to information gathering. | ||||
CVE-2025-58579 | 1 Sick | 5 Baggage Analytics, Enterprise Analytics, Logistic Diagnostic Analytics and 2 more | 2025-10-08 | 5.3 Medium |
Due to a lack of authentication, it is possible for an unauthenticated user to request data from this endpoint, making the application vulnerable for user enumeration. | ||||
CVE-2024-45549 | 1 Qualcomm | 320 Ar8035, Ar8035 Firmware, Fastconnect 6700 and 317 more | 2025-10-06 | 7.7 High |
Information disclosure while creating MQ channels. | ||||
CVE-2025-58583 | 2025-10-06 | 5.3 Medium | ||
The application provides access to a login protected H2 database for caching purposes. The username is prefilled. | ||||
CVE-2025-60092 | 2 Shahjada, Wordpress | 2 Download Manager, Wordpress | 2025-09-29 | 5.3 Medium |
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Shahjada Download Manager allows Retrieve Embedded Sensitive Data. This issue affects Download Manager: from n/a through 3.3.24. | ||||
CVE-2025-60119 | 2 Coschedule, Wordpress | 2 Coschedule, Wordpress | 2025-09-29 | 5.3 Medium |
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in CoSchedule CoSchedule allows Retrieve Embedded Sensitive Data. This issue affects CoSchedule: from n/a through 3.3.10. | ||||
CVE-2025-60167 | 3 Elementor, Honzat, Wordpress | 3 Elementor, Page Manager For Elementor, Wordpress | 2025-09-29 | 4.3 Medium |
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in honzat Page Manager for Elementor allows Retrieve Embedded Sensitive Data. This issue affects Page Manager for Elementor: from n/a through 2.0.5. | ||||
CVE-2025-27149 | 1 Zulip | 2 Zulip, Zulip Server | 2025-09-27 | 2.7 Low |
Zulip server provides an open-source team chat that helps teams stay productive and focused. Prior to 10.0, the data export to organization administrators feature in Zulip leaks private data. The collection of user-agent types identifying specific integrations or HTTP libraries (E.g., ZulipGitlabWebhook, okhttp, or PycURL) that have been used to access any organization on the server was incorrectly included in all three export types, regardless of if they were used to access the exported organization or not. The "public data" and "with consent" exports metadata including the titles of some topics in private channels which the administrator otherwise did not have access to, and none of the users consented to exporting and metadata for which users were in a group DM together. This vulnerability is fixed in 10.0. | ||||
CVE-2025-53862 | 1 Redhat | 1 Ansible Automation Platform | 2025-09-25 | 3.5 Low |
A flaw was found in Ansible. Three API endpoints are accessible and return verbose, unauthenticated responses. This flaw allows a malicious user to access data that may contain important information. | ||||
CVE-2025-36146 | 1 Ibm | 1 Watsonx.data | 2025-09-25 | 4.3 Medium |
IBM Lakehouse (watsonx.data 2.2) could allow an authenticated user to obtain sensitive server component version information which could aid in further attacks against the system. | ||||
CVE-2025-58007 | 2 Nerdpress, Wordpress | 2 Social Pug Wordpress, Wordpress | 2025-09-25 | 4.3 Medium |
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in NerdPress Social Pug allows Retrieve Embedded Sensitive Data. This issue affects Social Pug: from n/a through 1.35.1. | ||||
CVE-2025-59582 | 1 Wordpress | 1 Wordpress | 2025-09-23 | 5.3 Medium |
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Darren Cooney Ajax Load More allows Retrieve Embedded Sensitive Data. This issue affects Ajax Load More: from n/a through 7.6.0.2. | ||||
CVE-2025-57916 | 1 Wordpress | 1 Wordpress | 2025-09-23 | 4.3 Medium |
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Nurul Amin WP System Information allows Retrieve Embedded Sensitive Data. This issue affects WP System Information: from n/a through 1.5. | ||||
CVE-2025-57937 | 2 Etruel, Wordpress | 2 Wpematico Rss Feed Fetcher, Wordpress | 2025-09-23 | 4.3 Medium |
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in etruel WPeMatico RSS Feed Fetcher allows Retrieve Embedded Sensitive Data. This issue affects WPeMatico RSS Feed Fetcher: from n/a through 2.8.10. | ||||
CVE-2025-58015 | 2 Ays-pro, Wordpress | 2 Quiz Maker, Wordpress | 2025-09-23 | 5.3 Medium |
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Ays Pro Quiz Maker allows Retrieve Embedded Sensitive Data. This issue affects Quiz Maker: from n/a through 6.7.0.61. | ||||
CVE-2024-12367 | 1 Vegagrup | 1 Vega Master | 2025-09-23 | 8.6 High |
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Vegagrup Software Vega Master allows Directory Indexing.This issue affects Vega Master: from v.1.12.35 through 20250916. NOTE: The vendor did not inform about the completion of the fixing process within the specified time. The CVE will be updated when new information becomes available. | ||||
CVE-2025-49147 | 1 Umbraco | 1 Umbraco Cms | 2025-09-22 | 5.3 Medium |
Umbraco, a free and open source .NET content management system, has a vulnerability in versions 10.0.0 through 10.8.10 and 13.0.0 through 13.9.1. Via a request to an anonymously authenticated endpoint it's possible to retrieve information about the configured password requirements. The information available is limited but would perhaps give some additional detail useful for someone attempting to brute force derive a user's password. This information was not exposed in Umbraco 7 or 8, nor in 14 or higher versions. The vulnerability is patched in versions 10.8.11 and 13.9.2. |