Total
9268 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-43018 | 2025-07-31 | N/A | N/A | ||
| Certain HP LaserJet Pro printers may be vulnerable to information disclosure when a non-authenticated user queries a device’s local address book. | |||||
| CVE-2025-4426 | 2025-07-31 | N/A | 6.0 MEDIUM | ||
| The vulnerability was identified in the code developed specifically for Lenovo. Please visit "Lenovo Product Security Advisories and Announcements" webpage for more information about the vulnerability. https://support.lenovo.com/us/en/product_security/home | |||||
| CVE-2024-20396 | 1 Cisco | 1 Webex Teams | 2025-07-31 | N/A | 5.3 MEDIUM |
| A vulnerability in the protocol handlers of Cisco Webex App could allow an unauthenticated, remote attacker to gain access to sensitive information. This vulnerability exists because the affected application does not safely handle file protocol handlers. An attacker could exploit this vulnerability by persuading a user to follow a link that is designed to cause the application to send requests. If the attacker can observe transmitted traffic in a privileged network position, a successful exploit could allow the attacker to capture sensitive information, including credential information, from the requests. | |||||
| CVE-2024-28442 | 1 Yealink | 2 Vp59, Vp59 Firmware | 2025-07-30 | N/A | 7.5 HIGH |
| Directory Traversal vulnerability in Yealink VP59 v.91.15.0.118 allows a physically proximate attacker to obtain sensitive information via terms of use function in the company portal component. | |||||
| CVE-2020-36848 | 1 Boldgrid | 1 Total Upkeep | 2025-07-29 | N/A | 7.5 HIGH |
| The Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.14.9 via the env-info.php and restore-info.json files. This makes it possible for unauthenticated attackers to find the location of back-up files and subsequently download them. | |||||
| CVE-2025-30758 | 1 Oracle | 1 Siebel Crm Deployment | 2025-07-29 | N/A | 5.3 MEDIUM |
| Vulnerability in the Siebel CRM End User product of Oracle Siebel CRM (component: User Interface). Supported versions that are affected are 25.0-25.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel CRM End User. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Siebel CRM End User accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N). | |||||
| CVE-2025-29628 | 2025-07-29 | N/A | 8.1 HIGH | ||
| An issue in Gardyn 4 allows a remote attacker to obtain sensitive information and execute arbitrary code via a request | |||||
| CVE-2020-36850 | 2025-07-29 | N/A | N/A | ||
| An information disclosure vulnerability exits in Sitecore JSS React Sample Application 11.0.0 - 14.0.1 that may cause page content intended for one user to be shown to another user. | |||||
| CVE-2025-29629 | 2025-07-29 | N/A | 8.8 HIGH | ||
| An issue in Gardyn 4 allows a remote attacker to obtain sensitive information and execute arbitrary code via the Gardyn Home component | |||||
| CVE-2025-3508 | 2025-07-29 | N/A | N/A | ||
| Certain HP DesignJet products may be vulnerable to information disclosure though printer's web interface allowing unauthenticated users to view sensitive print job information. | |||||
| CVE-2024-3574 | 1 Scrapy | 1 Scrapy | 2025-07-28 | N/A | 7.5 HIGH |
| In scrapy version 2.10.1, an issue was identified where the Authorization header, containing credentials for server authentication, is leaked to a third-party site during a cross-domain redirect. This vulnerability arises from the failure to remove the Authorization header when redirecting across domains. The exposure of the Authorization header to unauthorized actors could potentially allow for account hijacking. | |||||
| CVE-2025-8039 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-07-28 | N/A | 8.1 HIGH |
| In some cases search terms persisted in the URL bar even after navigating away from the search page. This vulnerability affects Firefox < 141, Firefox ESR < 140.1, Thunderbird < 141, and Thunderbird < 140.1. | |||||
| CVE-2025-30086 | 2025-07-25 | N/A | 4.9 MEDIUM | ||
| CNCF Harbor 2.13.x before 2.13.1 and 2.12.x before 2.12.4 allows information disclosure by administrators who can exploit an ORM Leak present in the /api/v2.0/users endpoint to leak users' password hash and salt values. The q URL parameter allows a user to filter users by any column, and filter password=~ could be abused to leak out a user's password hash character by character. An attacker with administrator access could exploit this to leak highly sensitive information stored in the Harbor database. All endpoints that support the q URL parameter are vulnerable to this ORM leak attack. | |||||
| CVE-2024-51769 | 1 Hpe | 1 Autopass License Server | 2025-07-25 | N/A | 7.5 HIGH |
| An information disclosure vulnerability exists in HPE AutoPass License Server (APLS) prior to 9.17. | |||||
| CVE-2025-7780 | 2025-07-25 | N/A | 6.5 MEDIUM | ||
| The AI Engine plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.9.4. The simpleTranscribeAudio endpoint fails to restrict URL schemes before calling get_audio(). This makes it possible for authenticated attackers, with Subscriber-level access and above, to read any file on the web server and exfiltrate it via the plugin’s OpenAI API integration. | |||||
| CVE-2020-29010 | 1 Fortinet | 1 Fortios | 2025-07-24 | N/A | 5.0 MEDIUM |
| An exposure of sensitive information to an unauthorized actor vulnerability in FortiOS version 6.2.4 and below, version 6.0.10 and belowmay allow remote authenticated actors to read the SSL VPN events log entries of users in other VDOMs by executing "get vpn ssl monitor" from the CLI. The sensitive data includes usernames, user groups, and IP address. | |||||
| CVE-2021-24008 | 1 Fortinet | 5 Fortiddos, Fortiddos-cm, Fortimail and 2 more | 2025-07-24 | N/A | 5.3 MEDIUM |
| An exposure of sensitive system information to an unauthorized control sphere vulnerability [CWE-497] in FortiDDoS version 5.4.0, version 5.3.2 and below, version 5.2.0, version 5.1.0, version 5.0.0, version 4.7.0, version 4.6.0, version 4.5.0, version 4.4.2 and below, FortiDDoS-CM version 5.3.0, version 5.2.0, version 5.1.0, version 5.0.0, version 4.7.0, FortiVoice version 6.0.6 and below, FortiRecorder version 6.0.3 and below and FortiMail version 6.4.1 and below, version 6.2.4 and below, version 6.0.9 and below may allow a remote, unauthenticated attacker to obtain potentially sensitive software-version information by reading a JavaScript file. | |||||
| CVE-2024-56193 | 1 Google | 1 Android | 2025-07-24 | N/A | 5.1 MEDIUM |
| There is a possible disclosure of Bluetooth adapter details due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-20507 | 1 Cisco | 1 Meeting Management | 2025-07-23 | N/A | 4.3 MEDIUM |
| A vulnerability in the logging subsystem of Cisco Meeting Management could allow an authenticated, remote attacker to view sensitive information in clear text on an affected system. This vulnerability is due to improper storage of sensitive information within the web-based management interface of an affected device. An attacker could exploit this vulnerability by logging in to the web-based management interface. A successful exploit could allow the attacker to view sensitive data that is stored on the affected device. | |||||
| CVE-2022-20630 | 1 Cisco | 1 Catalyst Center | 2025-07-23 | 2.1 LOW | 4.4 MEDIUM |
| A vulnerability in the audit log of Cisco DNA Center could allow an authenticated, local attacker to view sensitive information in clear text. This vulnerability is due to the unsecured logging of sensitive information on an affected system. An attacker with administrative privileges could exploit this vulnerability by accessing the audit logs through the CLI. A successful exploit could allow the attacker to retrieve sensitive information that includes user credentials. | |||||