Total
9301 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-58278 | 1 Huawei | 1 Harmonyos | 2025-10-16 | N/A | 6.2 MEDIUM |
| Identity authentication bypass vulnerability in the Gallery app. Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2025-59921 | 1 Fortinet | 1 Fortiadc | 2025-10-16 | N/A | 6.5 MEDIUM |
| An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in Fortinet FortiADC version 7.4.0, version 7.2.3 and below, version 7.1.4 and below, 7.0 all versions, 6.2 all versions may allow an authenticated attacker to obtain sensitive data via crafted HTTP or HTTPs requests. | |||||
| CVE-2025-11717 | 2 Google, Mozilla | 2 Android, Firefox | 2025-10-15 | N/A | 9.1 CRITICAL |
| When switching between Android apps using the card carousel Firefox shows a black screen as its card image when a password-related screen was the last one being used. Prior to Firefox 144 the password edit screen was visible. This vulnerability affects Firefox < 144. | |||||
| CVE-2024-2725 | 1 Atisoluciones | 1 Ciges | 2025-10-15 | N/A | 7.5 HIGH |
| Information exposure vulnerability in the CIGESv2 system. A remote attacker might be able to access /vendor/composer/installed.json and retrieve all installed packages used by the application. | |||||
| CVE-2024-2728 | 1 Atisoluciones | 1 Ciges | 2025-10-15 | N/A | 4.1 MEDIUM |
| Information exposure vulnerability in the CIGESv2 system. This vulnerability could allow a local attacker to intercept traffic due to the lack of proper implementation of the TLS protocol. | |||||
| CVE-2025-57430 | 1 Creacast | 1 Creabox Manager | 2025-10-14 | N/A | 7.5 HIGH |
| Creacast Creabox Manager 4.4.4 exposes sensitive configuration data via a publicly accessible endpoint /get. When accessed, this endpoint returns internal configuration including the creacodec.lua file, which contains plaintext admin credentials. | |||||
| CVE-2025-57433 | 1 2wcom | 2 Ip-4c, Ip-4c Firmware | 2025-10-14 | N/A | 6.5 MEDIUM |
| The 2wcom IP-4c 2.15.5 device's web interface includes an information disclosure vulnerability. By sending a crafted POST request to a specific endpoint (/cwi/ajax_request/get_data.php), an authenticated attacker (even with a low-privileged account like guest) can retrieve the hashed passwords for the admin, manager, and guest accounts. This significantly weakens the system's security posture, as these hashes could be cracked offline, granting attackers administrative access to the device. | |||||
| CVE-2025-10281 | 2025-10-14 | N/A | 4.7 MEDIUM | ||
| BBOT's git_clone module could be abused to disclose a GitHub API key to an attacker controlled server with a malicious formatted git URL. | |||||
| CVE-2025-10282 | 2025-10-14 | N/A | 4.7 MEDIUM | ||
| BBOT's gitlab module could be abused to disclose a GitLab API key to an attacker controlled server with a malicious formatted git URL. | |||||
| CVE-2025-8915 | 2025-10-14 | N/A | N/A | ||
| Hardcoded TLS private key and certificate in firmware in Kiloview N30 2.02.246 allows malicious adversary to do a Mann-in-the-middle attack via the network | |||||
| CVE-2025-8886 | 2025-10-14 | N/A | 6.7 MEDIUM | ||
| Incorrect Permission Assignment for Critical Resource, Exposure of Sensitive Information to an Unauthorized Actor, Missing Authorization, Incorrect Authorization vulnerability in Usta Information Systems Inc. Aybs Interaktif allows Privilege Abuse, Authentication Bypass.This issue affects Aybs Interaktif: from 2024 through 28082025. | |||||
| CVE-2025-9196 | 2025-10-14 | N/A | 5.3 MEDIUM | ||
| The Trinity Audio – Text to Speech AI audio player to convert content into audio plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.21.0 via the ~/admin/inc/phpinfo.php file that gets created on install. This makes it possible for unauthenticated attackers to extract sensitive data including configuration data. | |||||
| CVE-2025-8484 | 2025-10-14 | N/A | 5.3 MEDIUM | ||
| The Code Quality Control Tool plugin for WordPress is vulnerable to Sensitive Information Exposure in version 0.1 through publicly exposed log files. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in the exposed log files. | |||||
| CVE-2025-11645 | 2025-10-14 | 2.1 LOW | 2.4 LOW | ||
| A security vulnerability has been detected in Tomofun Furbo Mobile App up to 7.57.0a on Android. This affects an unknown part of the component Authentication Token Handler. The manipulation leads to insecure storage of sensitive information. It is possible to launch the attack on the physical device. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-8887 | 2025-10-14 | N/A | 6.1 MEDIUM | ||
| Authorization Bypass Through User-Controlled Key, Missing Authorization, Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Usta Information Systems Inc. Aybs Interaktif allows Forceful Browsing, Parameter Injection, Input Data Manipulation.This issue affects Aybs Interaktif: from 2024 through 28082025. | |||||
| CVE-2025-61688 | 2025-10-14 | N/A | 8.6 HIGH | ||
| Omni manages Kubernetes on bare metal, virtual machines, or in a cloud. Prior to 1.1.5 and 1.0.2, Omni might leak sensitive information via an API. | |||||
| CVE-2025-59186 | 2025-10-14 | N/A | 5.5 MEDIUM | ||
| Exposure of sensitive information to an unauthorized actor in Windows Kernel allows an authorized attacker to disclose information locally. | |||||
| CVE-2025-58739 | 2025-10-14 | N/A | 6.5 MEDIUM | ||
| Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network. | |||||
| CVE-2025-59188 | 2025-10-14 | N/A | 5.5 MEDIUM | ||
| Exposure of sensitive information to an unauthorized actor in Windows Failover Cluster allows an authorized attacker to disclose information locally. | |||||
| CVE-2025-59184 | 2025-10-14 | N/A | 5.5 MEDIUM | ||
| Exposure of sensitive information to an unauthorized actor in Windows High Availability Services allows an authorized attacker to disclose information locally. | |||||