Total
9146 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2010-0488 | 1 Microsoft | 7 Internet Explorer, Windows 2000, Windows 2003 Server and 4 more | 2025-01-21 | 6.5 Medium |
| Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, and 7 does not properly handle unspecified "encoding strings," which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site, aka "Post Encoding Information Disclosure Vulnerability." | ||||
| CVE-2024-34717 | 1 Prestashop | 1 Prestashop | 2025-01-21 | 5.3 Medium |
| PrestaShop is an open source e-commerce web application. In PrestaShop 8.1.5, any invoice can be downloaded from front-office in anonymous mode, by supplying a random secure_key parameter in the url. This issue is patched in version 8.1.6. No known workarounds are available. | ||||
| CVE-2024-50312 | 1 Redhat | 2 Openshift, Openshift Container Platform | 2025-01-21 | 5.3 Medium |
| A vulnerability was found in GraphQL due to improper access controls on the GraphQL introspection query. This flaw allows unauthorized users to retrieve a comprehensive list of available queries and mutations. Exposure to this flaw increases the attack surface, as it can facilitate the discovery of flaws or errors specific to the application's GraphQL implementation. | ||||
| CVE-2024-12578 | 2025-01-17 | 5.3 Medium | ||
| The Tickera – WordPress Event Ticketing plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.5.4.8 via the 'tickera_tickets_info' endpoint. This makes it possible for unauthenticated attackers to extract sensitive data from bookings like full names, email addresses, check-in/out timestamps and more. | ||||
| CVE-2008-3474 | 1 Microsoft | 6 Internet Explorer, Windows 2000, Windows Server 2003 and 3 more | 2025-01-17 | 6.5 Medium |
| Microsoft Internet Explorer 6 and 7 does not properly determine the domain or security zone of origin of web script, which allows remote attackers to bypass the intended cross-domain security policy and obtain sensitive information via a crafted HTML document, aka "Cross-Domain Information Disclosure Vulnerability." | ||||
| CVE-2024-28235 | 1 Contao | 1 Contao | 2025-01-17 | 8.4 High |
| Contao is an open source content management system. Starting in version 4.9.0 and prior to versions 4.13.40 and 5.3.4, when checking for broken links on protected pages, Contao sends the cookie header to external urls as well, the passed options for the http client are used for all requests. Contao versions 4.13.40 and 5.3.4 have a patch for this issue. As a workaround, disable crawling protected pages. | ||||
| CVE-2024-4109 | 1 Redhat | 1 Jboss Enterprise Application Platform | 2025-01-16 | 0.0 Low |
| Red Hat Product Security has determined that this CVE is not a security vulnerability. | ||||
| CVE-2022-3091 | 1 Ronds | 1 Equipment Predictive Maintenance | 2025-01-16 | 7.5 High |
| RONDS EPM version 1.19.5 has a vulnerability in which a function could allow unauthenticated users to leak credentials. In some circumstances, an attacker can exploit this vulnerability to execute operating system (OS) commands. | ||||
| CVE-2024-12008 | 1 Boldgrid | 1 W3 Total Cache | 2025-01-16 | 5.3 Medium |
| The W3 Total Cache plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.8.1 through the publicly exposed debug log file. This makes it possible for unauthenticated attackers to view potentially sensitive information in the exposed log file. For example, the log file may contain nonce values that can be used in further CSRF attacks. Note: the debug feature must be enabled for this to be a concern, and it is disabled by default. | ||||
| CVE-2023-34437 | 1 Bakerhughes | 2 Bentley Nevada 3500 System, Bentley Nevada 3500 System Firmware | 2025-01-16 | 7.5 High |
| Baker Hughes – Bently Nevada 3500 System TDI Firmware version 5.05 contains a vulnerability in their password retrieval functionality which could allow an attacker to access passwords stored on the device. | ||||
| CVE-2021-47403 | 1 Linux | 1 Linux Kernel | 2025-01-16 | 7.1 High |
| In the Linux kernel, the following vulnerability has been resolved: ipack: ipoctal: fix module reference leak A reference to the carrier module was taken on every open but was only released once when the final reference to the tty struct was dropped. Fix this by taking the module reference and initialising the tty driver data when installing the tty. | ||||
| CVE-2024-23302 | 1 Couchbase | 1 Couchbase Server | 2025-01-16 | 7.5 High |
| Couchbase Server before 7.2.4 has a private key leak in goxdcr.log. | ||||
| CVE-2024-4837 | 1 Progress | 1 Telerik Report Server | 2025-01-16 | 5.3 Medium |
| In Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or earlier, on IIS, an unauthenticated attacker can gain access to Telerik Report Server restricted functionality via a trust boundary violation vulnerability. | ||||
| CVE-2024-34080 | 1 Mantisbt | 1 Mantisbt | 2025-01-16 | 5.3 Medium |
| MantisBT (Mantis Bug Tracker) is an open source issue tracker. If an issue references a note that belongs to another issue that the user doesn't have access to, then it gets hyperlinked. Clicking on the link gives an access denied error as expected, yet some information remains available via the link, link label, and tooltip. This can result in disclosure of the existence of the note, the note author name, the note creation timestamp, and the issue id the note belongs to. Version 2.26.2 contains a patch for the issue. No known workarounds are available. | ||||
| CVE-2024-8902 | 1 Webtechstreet | 1 Elementor Addon Elements | 2025-01-16 | 4.3 Medium |
| The Elementor Addon Elements plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.13.8 via the render_column function in modules/data-table/widgets/data-table.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft template data. | ||||
| CVE-2024-6455 | 1 Wpmet | 1 Elements Kit Elementor Addons | 2025-01-16 | 5.3 Medium |
| The ElementsKit Elementor addons plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.2.0 due to a missing capability checks on ekit_widgetarea_content function. This makes it possible for unauthenticated attackers to view any item created in Elementor, such as posts, pages and templates including drafts, pending and private items. | ||||
| CVE-2025-0472 | 2025-01-16 | 7.5 High | ||
| Information exposure in the PMB platform affecting versions 4.2.13 and earlier. This vulnerability allows an attacker to upload a file to the environment and enumerate the internal files of a machine by looking at the request response. | ||||
| CVE-2025-0481 | 2025-01-15 | 5.3 Medium | ||
| A vulnerability classified as problematic has been found in D-Link DIR-878 1.03. Affected is an unknown function of the file /dllog.cgi of the component HTTP POST Request Handler. The manipulation leads to information disclosure. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2011-3712 | 1 Cakephp | 1 Cakephp | 2025-01-15 | N/A |
| CakePHP 1.3.7 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by dispatcher.php and certain other files. | ||||
| CVE-2015-8336 | 1 Huawei | 1 Fusioncompute | 2025-01-15 | 4.3 Medium |
| Huawei FusionCompute with software before V100R005C10SPC700 allows remote authenticated users to obtain sensitive "role and permission" information via unspecified vectors. | ||||