Total
9064 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-34005 | 1 Moodle | 1 Moodle | 2025-05-01 | N/A | 6.5 MEDIUM |
| In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user with both access to restore database activity modules and direct access to the web server outside of the Moodle webroot could execute a local file include. | |||||
| CVE-2024-34003 | 1 Moodle | 1 Moodle | 2025-05-01 | N/A | 5.9 MEDIUM |
| In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user with both access to restore workshop modules and direct access to the web server outside of the Moodle webroot could execute a local file include. | |||||
| CVE-2024-34002 | 1 Moodle | 1 Moodle | 2025-05-01 | N/A | 6.5 MEDIUM |
| In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user with both access to restore feedback modules and direct access to the web server outside of the Moodle webroot could execute a local file include. | |||||
| CVE-2022-30556 | 3 Apache, Fedoraproject, Netapp | 3 Http Server, Fedora, Clustered Data Ontap | 2025-05-01 | 5.0 MEDIUM | 7.5 HIGH |
| Apache HTTP Server 2.4.53 and earlier may return lengths to applications calling r:wsread() that point past the end of the storage allocated for the buffer. | |||||
| CVE-2022-27949 | 1 Apache | 1 Airflow | 2025-04-30 | N/A | 7.5 HIGH |
| A vulnerability in UI of Apache Airflow allows an attacker to view unmasked secrets in rendered template values for tasks which were not executed (for example when they were depending on past and previous instances of the task failed). This issue affects Apache Airflow prior to 2.3.1. | |||||
| CVE-2024-26470 | 1 Fullstackhero | 1 .net 9 Starter Kit | 2025-04-30 | N/A | 8.1 HIGH |
| A host header injection vulnerability in the forgot password function of FullStackHero's WebAPI Boilerplate v1.0.0 and v1.0.1 allows attackers to leak the password reset token via a crafted request. | |||||
| CVE-2025-24270 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2025-04-30 | N/A | 5.7 MEDIUM |
| This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.4, tvOS 18.4, macOS Ventura 13.7.5, iPadOS 17.7.6, macOS Sonoma 14.7.5, iOS 18.4 and iPadOS 18.4, visionOS 2.4. An attacker on the local network may be able to leak sensitive user information. | |||||
| CVE-2022-42132 | 1 Liferay | 2 Digital Experience Platform, Liferay Portal | 2025-04-30 | N/A | 5.9 MEDIUM |
| The Test LDAP Users functionality in Liferay Portal 7.0.0 through 7.4.3.4, and Liferay DXP 7.0 fix pack 102 and earlier, 7.1 before fix pack 27, 7.2 before fix pack 17, 7.3 before update 4, and DXP 7.4 GA includes the LDAP credential in the page URL when paginating through the list of users, which allows man-in-the-middle attackers or attackers with access to the request logs to see the LDAP credential. | |||||
| CVE-2024-11299 | 1 Caseproof | 1 Memberpress | 2025-04-30 | N/A | 5.3 MEDIUM |
| The Memberpress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.11.37 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as administrator. | |||||
| CVE-2025-3059 | 2025-04-29 | N/A | 5.3 MEDIUM | ||
| Vulnerability in Drupal Profile Private.This issue affects Profile Private: *.*. | |||||
| CVE-2025-3923 | 2025-04-29 | N/A | 5.3 MEDIUM | ||
| The Prevent Direct Access – Protect WordPress Files plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.8.8 via the 'generate_unique_string' due to insufficient randomness of the generated file name. This makes it possible for unauthenticated attackers to extract sensitive data including files protected by the plugin if the attacker can determine the file name. | |||||
| CVE-2024-33865 | 2 Linqi, Microsoft | 2 Linqi, Windows | 2025-04-28 | N/A | 7.5 HIGH |
| An issue was discovered in linqi before 1.4.0.1 on Windows. There is an NTLM hash leak via the /api/Cdn/GetFile and /api/DocumentTemplate/{GUID] endpoints. | |||||
| CVE-2024-21501 | 2 Apostrophecms, Fedoraproject | 2 Sanitize-html, Fedora | 2025-04-25 | N/A | 5.3 MEDIUM |
| Versions of the package sanitize-html before 2.12.1 are vulnerable to Information Exposure when used on the backend and with the style attribute allowed, allowing enumeration of files in the system (including project dependencies). An attacker could exploit this vulnerability to gather details about the file system structure and dependencies of the targeted server. | |||||
| CVE-2022-26885 | 1 Apache | 1 Dolphinscheduler | 2025-04-25 | N/A | 7.5 HIGH |
| When using tasks to read config files, there is a risk of database password disclosure. We recommend you upgrade to version 2.0.6 or higher. | |||||
| CVE-2022-28607 | 1 Isic.lk Project | 1 Isic.lk | 2025-04-24 | N/A | 7.5 HIGH |
| An issue was discovered in asith-eranga ISIC tour booking through version published on Feb 13th 2018, allows attackers to gain sensitive information via the action parameter to /system/user/modules/mod_users/controller.php. | |||||
| CVE-2022-42766 | 2 Google, Unisoc | 14 Android, S8011, Sc7731e and 11 more | 2025-04-23 | N/A | 5.5 MEDIUM |
| In wlan driver, there is a possible missing permission check, This could lead to local information disclosure. | |||||
| CVE-2021-37192 | 1 Siemens | 1 Sinema Remote Connect Server | 2025-04-23 | 3.3 LOW | 4.3 MEDIUM |
| A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). The affected software has an information disclosure vulnerability that could allow an attacker to retrieve a list of network devices a known user can manage. | |||||
| CVE-2021-37190 | 1 Siemens | 1 Sinema Remote Connect Server | 2025-04-23 | 3.3 LOW | 4.3 MEDIUM |
| A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). The affected software has an information disclosure vulnerability that could allow an attacker to retrieve VPN connection for a known user. | |||||
| CVE-2023-50324 | 1 Ibm | 1 Cognos Command Center | 2025-04-23 | N/A | 5.3 MEDIUM |
| IBM Cognos Command Center 10.2.4.1 and 10.2.5 exposes details the X-AspNet-Version Response Header that could allow an attacker to obtain information of the application environment to conduct further attacks. IBM X-Force ID: 275038. | |||||
| CVE-2022-42782 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-04-23 | N/A | 5.5 MEDIUM |
| In wlan driver, there is a possible missing permission check, This could lead to local information disclosure. | |||||