Total
9301 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-22825 | 1 Schneider-electric | 4 Rack Power Distribution Unit With Network Management Card 2, Rack Power Distribution Unit With Network Management Card 2 Firmware, Rack Power Distribution Unit With Network Management Card 3 and 1 more | 2025-09-08 | 6.0 MEDIUM | 8.0 HIGH |
| A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists that could allow an attacker to access the system with elevated privileges when a privileged account clicks on a malicious URL that compromises the security token. Affected Products: AP7xxxx and AP8xxx with NMC2 (V6.9.6 or earlier), AP7xxx and AP8xxx with NMC3 (V1.1.0.3 or earlier), and APDU9xxx with NMC3 (V1.0.0.28 or earlier) | |||||
| CVE-2025-26453 | 1 Google | 1 Android | 2025-09-08 | N/A | 5.5 MEDIUM |
| In isContentUriForOtherUser of BluetoothOppSendFileInfo.java, there is a possible cross user data leak due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-12564 | 2025-09-08 | N/A | N/A | ||
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability was discovered in Open Design Alliance CDE inWEB SDK before 2025.3. Installing CDE Server with default settings allows unauthorized users to visit prometheus metrics page. This can allow attackers to understand more things about the target application which may help in further investigation and exploitation. | |||||
| CVE-2014-9199 | 1 Clorius Controls A\/s | 1 Java Web Client | 2025-09-05 | 10.0 HIGH | N/A |
| The Clorius Controls Java web client before 01.00.0009g allows remote attackers to discover credentials by sniffing the network for cleartext-equivalent traffic. | |||||
| CVE-2025-48527 | 1 Google | 1 Android | 2025-09-05 | N/A | 6.2 MEDIUM |
| In multiple locations, there is a possible way to leak hidden work profile notifications due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-43779 | 1 Clear | 1 Clearml Enterprise Server | 2025-09-05 | N/A | 7.7 HIGH |
| An information disclosure vulnerability exists in the Vault API functionality of ClearML Enterprise Server 3.22.5-1533. A specially crafted HTTP request can lead to reading vaults that have been previously disabled, possibly leaking sensitive credentials. An attacker can send a series of HTTP requests to trigger this vulnerability. | |||||
| CVE-2023-47799 | 1 Mahara | 1 Mahara | 2025-09-05 | N/A | 7.5 HIGH |
| Mahara before 22.10.4 and 23.x before 23.04.4 allows information disclosure if the experimental HTML bulk export is used via the administration interface or via the CLI, and the resulting export files are given to the account holders. They may contain images of other account holders because the cache is not cleared after the files of one account are exported. | |||||
| CVE-2025-29992 | 1 Mahara | 1 Mahara | 2025-09-05 | N/A | 7.5 HIGH |
| Mahara before 24.04.9 exposes database connection information if the database becomes unreachable, e.g., due to the database server being temporarily down or too busy. | |||||
| CVE-2024-39335 | 1 Mahara | 1 Mahara | 2025-09-05 | N/A | 9.1 CRITICAL |
| Supported versions of Mahara 24.04 before 24.04.1 and 23.04 before 23.04.6 are vulnerable to information being disclosed to an institution administrator under certain conditions via the 'Current submissions' page: Administration -> Groups -> Submissions. | |||||
| CVE-2025-36895 | 1 Google | 1 Android | 2025-09-05 | N/A | 7.5 HIGH |
| Information disclosure | |||||
| CVE-2025-6600 | 1 Github | 1 Enterprise Server | 2025-09-05 | N/A | 4.3 MEDIUM |
| An exposure of sensitive information vulnerability was identified in GitHub Enterprise Server that could allow an attacker to disclose the names of private repositories within an organization. This issue could be exploited by leveraging a user-to-server token with no scopes via the Search API endpoint. Successful exploitation required an organization administrator to install a malicious GitHub App in the organization’s repositories. This vulnerability impacted only GitHub Enterprise Server version 3.17 and was addressed in version 3.17.2. The vulnerability was reported through the GitHub Bug Bounty program. | |||||
| CVE-2024-7697 | 1 Transsion | 1 Carlcare | 2025-09-05 | N/A | 7.5 HIGH |
| Logical vulnerability in the mobile application (com.transsion.carlcare) may lead to user information leakage risks. | |||||
| CVE-2025-22430 | 1 Google | 1 Android | 2025-09-04 | N/A | 5.5 MEDIUM |
| In isInSignificantPlace of multiple files, there is a possible way to access sensitive information due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-9774 | 1 Remoteclinic | 1 Remote Clinic | 2025-09-04 | 5.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability has been found in RemoteClinic up to 2.0. This issue affects some unknown processing of the file /patients/edit-patient.php. The manipulation of the argument Email leads to information disclosure. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-20336 | 2025-09-04 | N/A | 5.3 MEDIUM | ||
| A vulnerability in the directory permissions of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 could allow an unauthenticated, remote attacker to access sensitive information on an affected device. This vulnerability exists because the product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. An attacker could exploit this vulnerability by sending a crafted packet to the IP address of a device that has Web Access enabled. A successful exploit could allow the attacker to access sensitive information from the device. Note: To exploit this vulnerability, Web Access must be enabled on the phone. Web Access is disabled by default. | |||||
| CVE-2025-6984 | 2025-09-04 | N/A | 7.5 HIGH | ||
| The langchain-ai/langchain project, specifically the EverNoteLoader component, is vulnerable to XML External Entity (XXE) attacks due to insecure XML parsing. The affected version is 0.3.63. The vulnerability arises from the use of etree.iterparse() without disabling external entity references, which can lead to sensitive information disclosure. An attacker could exploit this by crafting a malicious XML payload that references local files, potentially exposing sensitive data such as /etc/passwd. | |||||
| CVE-2024-29885 | 1 Silverstripe | 1 Reports | 2025-09-04 | N/A | 4.3 MEDIUM |
| silverstripe/reports is an API for creating backend reports in the Silverstripe Framework. In affected versions reports can be accessed by their direct URL by any user who has access to view the reports admin section, even if the `canView()` method for that report returns `false`. This issue has been addressed in version 5.2.3. All users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2024-32467 | 1 Metersphere | 1 Metersphere | 2025-09-04 | N/A | 5.7 MEDIUM |
| MeterSphere is an open source continuous testing platform. Prior to version 2.10.14-lts, members without space permissions can view member information from other workspaces beyond their authority. Version 2.10.14-lts fixes this issue. | |||||
| CVE-2024-34358 | 1 Typo3 | 1 Typo3 | 2025-09-03 | N/A | 5.3 MEDIUM |
| TYPO3 is an enterprise content management system. Starting in version 9.0.0 and prior to versions 9.5.48 ELTS, 10.4.45 ELTS, 11.5.37 LTS, 12.4.15 LTS, and 13.1.1, the `ShowImageController` (`_eID tx_cms_showpic_`) lacks a cryptographic HMAC-signature on the `frame` HTTP query parameter (e.g. `/index.php?eID=tx_cms_showpic?file=3&...&frame=12345`). This allows adversaries to instruct the system to produce an arbitrary number of thumbnail images on the server side. TYPO3 versions 9.5.48 ELTS, 10.4.45 ELTS, 11.5.37 LTS, 12.4.15 LTS, 13.1.1 fix the problem described. | |||||
| CVE-2024-42486 | 1 Cilium | 1 Cilium | 2025-09-03 | N/A | 5.4 MEDIUM |
| Cilium is a networking, observability, and security solution with an eBPF-based dataplane. In versions on the 1.15.x branch prior to 1.15.8 and the 1.16.x branch prior to 1.16.1, ReferenceGrant changes are not correctly propagated in Cilium's GatewayAPI controller, which could lead to Gateway resources being able to access secrets for longer than intended, or to Routes having the ability to forward traffic to backends in other namespaces for longer than intended. This issue has been patched in Cilium v1.15.8 and v1.16.1. As a workaround, any modification of a related Gateway/HTTPRoute/GRPCRoute/TCPRoute CRD (for example, adding any label to any of these resources) will trigger a reconciliation of ReferenceGrants on an affected cluster. | |||||