Total
120 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-51586 | 2025-09-09 | N/A | 3.7 LOW | ||
| An issue was discoverd in file controllers/admin/AdminLoginController.php in PrestaShop before 8.2.1 allowing attackers to gain sensitive information via the reset password feature. | |||||
| CVE-2025-1939 | 1 Mozilla | 1 Firefox | 2025-09-08 | N/A | 3.9 LOW |
| Android apps can load web pages using the Custom Tabs feature. This feature supports a transition animation that could have been used to trick a user into granting sensitive permissions by hiding what the user was actually clicking. This vulnerability affects Firefox < 136. | |||||
| CVE-2024-7697 | 1 Transsion | 1 Carlcare | 2025-09-05 | N/A | 7.5 HIGH |
| Logical vulnerability in the mobile application (com.transsion.carlcare) may lead to user information leakage risks. | |||||
| CVE-2024-11206 | 2025-09-05 | N/A | 7.5 HIGH | ||
| Unauthorized access vulnerability in the mobile application (com.transsion.phoenix) can lead to the leakage of user information. | |||||
| CVE-2025-54124 | 1 Xwiki | 1 Xwiki | 2025-09-02 | N/A | 6.5 MEDIUM |
| XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. XWiki Platform Legacy Old Core and XWiki Platform Old Core versions 9.8-rc-1 through 16.4.6, 16.5.0-rc-1 through 16.10.4, and 17.0.0-rc-1 through 17.1.0, any user with editing rights can create an XClass with a database list property that references a password property. When adding an object of that XClass, the content of that password property is displayed. In practice, with a standard rights setup, this means that any user with an account on the wiki can access password hashes of all users, and possibly other password properties (with hashed or plain storage) that are on pages that the user can view. This issue is fixed in versions 16.4.7, 16.10.5 and 17.2.0-rc-1. | |||||
| CVE-2025-54125 | 1 Xwiki | 1 Xwiki | 2025-09-02 | N/A | 6.5 MEDIUM |
| XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. XWiki Platform Legacy Old Core and XWiki Platform Old Core versions 1.1 through 16.4.6, 16.5.0-rc-1 through 16.10.4 and 17.0.0-rc-1 through 17.1.0, the XML export of a page in XWiki that can be triggered by any user with view rights on a page by appending ?xpage=xml to the URL includes password and email properties stored on a document that aren't named password or email. This is fixed in versions 16.4.7, 16.10.5 and 17.2.0-rc-1. To work around this issue, the file templates/xml.vm in the deployed WAR can be deleted if the XML isn't needed. There isn't any feature in XWiki itself that depends on the XML export. | |||||
| CVE-2024-49765 | 1 Discourse | 1 Discourse | 2025-08-26 | N/A | 5.3 MEDIUM |
| Discourse is an open source platform for community discussion. Sites that are using discourse connect but still have local logins enabled could allow attackers to bypass discourse connect to create accounts and login. This problem is patched in the latest version of Discourse. Users unable to upgrade who are using discourse connect may disable all other login methods as a workaround. | |||||
| CVE-2025-6017 | 1 Redhat | 1 Advanced Cluster Management For Kubernetes | 2025-08-20 | N/A | 5.5 MEDIUM |
| A flaw was found in Red Hat Advanced Cluster Management through versions 2.10, before 2.10.7, 2.11, before 2.11.4, and 2.12, before 2.12.4. This vulnerability allows an unprivileged user to view confidential managed cluster credentials through the UI. This information should only be accessible to authorized users and may result in the loss of confidentiality of administrative information, which could be leaked to unauthorized actors. | |||||
| CVE-2024-11216 | 2025-08-19 | N/A | 7.6 HIGH | ||
| Authorization Bypass Through User-Controlled Key, Exposure of Private Personal Information to an Unauthorized Actor vulnerability in PozitifIK Pik Online allows Account Footprinting, Session Hijacking.This issue affects Pik Online: before 3.1.5. | |||||
| CVE-2025-41685 | 2025-08-19 | N/A | 6.5 MEDIUM | ||
| A low-privileged remote attacker can obtain the username of another registered Sunny Portal user by entering that user's email address. | |||||
| CVE-2025-53765 | 1 Microsoft | 2 Azure App Service On Azure Stack, Azure Stack Hub | 2025-08-18 | N/A | 4.4 MEDIUM |
| Exposure of private personal information to an unauthorized actor in Azure Stack allows an authorized attacker to disclose information locally. | |||||
| CVE-2025-43259 | 1 Apple | 1 Macos | 2025-08-01 | N/A | 4.6 MEDIUM |
| This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An attacker with physical access to a locked device may be able to view sensitive user information. | |||||
| CVE-2025-31276 | 1 Apple | 2 Ipados, Iphone Os | 2025-07-31 | N/A | 5.3 MEDIUM |
| This issue was addressed through improved state management. This issue is fixed in iOS 18.6 and iPadOS 18.6, iPadOS 17.7.9. Remote content may be loaded even when the 'Load Remote Images' setting is turned off. | |||||
| CVE-2025-43227 | 1 Apple | 7 Ipados, Iphone Os, Macos and 4 more | 2025-07-31 | N/A | 7.5 HIGH |
| This issue was addressed through improved state management. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, watchOS 11.6, visionOS 2.6. Processing maliciously crafted web content may disclose sensitive user information. | |||||
| CVE-2025-43217 | 1 Apple | 2 Ipados, Iphone Os | 2025-07-31 | N/A | 4.0 MEDIUM |
| The issue was addressed by adding additional logic. This issue is fixed in iPadOS 17.7.9, iOS 18.6 and iPadOS 18.6. Privacy Indicators for microphone or camera access may not be correctly displayed. | |||||
| CVE-2024-10267 | 1 Superagi | 1 Superagi | 2025-07-18 | N/A | 7.5 HIGH |
| An information disclosure vulnerability exists in the latest version of transformeroptimus/superagi. An attacker can leak sensitive user information, including names, emails, and passwords, by attempting to register a new account with an email that is already in use. The server returns all information associated with the existing account. The vulnerable endpoint is located in the user registration functionality. | |||||
| CVE-2025-49715 | 1 Microsoft | 1 Dynamics 365 | 2025-07-17 | N/A | 7.5 HIGH |
| Exposure of private personal information to an unauthorized actor in Dynamics 365 FastTrack Implementation Assets allows an unauthorized attacker to disclose information over a network. | |||||
| CVE-2025-49134 | 1 Weblate | 1 Weblate | 2025-07-16 | N/A | 5.3 MEDIUM |
| Weblate is a web based localization tool. Prior to version 5.12, the audit log notifications included the full IP address of the acting user. This could be obtained by third-party servers such as SMTP relays, or spam filters. This issue has been patched in version 5.12. | |||||
| CVE-2025-53625 | 2025-07-15 | N/A | N/A | ||
| The DynamicPageList3 extension is a reporting tool for MediaWiki, listing category members and intersections with various formats and details. Several #dpl parameters can leak usernames that have been hidden using revision deletion, suppression, or the hideuser block flag. The vulnerability is fixed in 3.6.4. | |||||
| CVE-2025-53374 | 2025-07-08 | N/A | N/A | ||
| Dokploy is a self-hostable Platform as a Service (PaaS) that simplifies the deployment and management of applications and databases. An authenticated low-privileged account can retrieve detailed profile information about another users in the same organization by directly invoking user.one. The response discloses personally-identifiable information (PII) such as e-mail address, role, two-factor status, organization ID, and various account flags. The fix will be available in the v0.23.7. | |||||