Total
109 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2024-10267 | 1 Superagi | 1 Superagi | 2025-07-18 | N/A | 7.5 HIGH |
An information disclosure vulnerability exists in the latest version of transformeroptimus/superagi. An attacker can leak sensitive user information, including names, emails, and passwords, by attempting to register a new account with an email that is already in use. The server returns all information associated with the existing account. The vulnerable endpoint is located in the user registration functionality. | |||||
CVE-2025-49715 | 1 Microsoft | 1 Dynamics 365 | 2025-07-17 | N/A | 7.5 HIGH |
Exposure of private personal information to an unauthorized actor in Dynamics 365 FastTrack Implementation Assets allows an unauthorized attacker to disclose information over a network. | |||||
CVE-2025-49134 | 1 Weblate | 1 Weblate | 2025-07-16 | N/A | 5.3 MEDIUM |
Weblate is a web based localization tool. Prior to version 5.12, the audit log notifications included the full IP address of the acting user. This could be obtained by third-party servers such as SMTP relays, or spam filters. This issue has been patched in version 5.12. | |||||
CVE-2025-53625 | 2025-07-15 | N/A | N/A | ||
The DynamicPageList3 extension is a reporting tool for MediaWiki, listing category members and intersections with various formats and details. Several #dpl parameters can leak usernames that have been hidden using revision deletion, suppression, or the hideuser block flag. The vulnerability is fixed in 3.6.4. | |||||
CVE-2025-53374 | 2025-07-08 | N/A | N/A | ||
Dokploy is a self-hostable Platform as a Service (PaaS) that simplifies the deployment and management of applications and databases. An authenticated low-privileged account can retrieve detailed profile information about another users in the same organization by directly invoking user.one. The response discloses personally-identifiable information (PII) such as e-mail address, role, two-factor status, organization ID, and various account flags. The fix will be available in the v0.23.7. | |||||
CVE-2025-6017 | 2025-07-03 | N/A | 5.5 MEDIUM | ||
A flaw was found in Red Hat Advanced Cluster Management through versions 2.10, before 2.10.7, 2.11, before 2.11.4, and 2.12, before 2.12.4. This vulnerability allows an unprivileged user to view confidential managed cluster credentials through the UI. This information should only be accessible to authorized users and may result in the loss of confidentiality of administrative information, which could be leaked to unauthorized actors. | |||||
CVE-2025-5334 | 1 Devolutions | 1 Remote Desktop Manager | 2025-07-02 | N/A | 7.5 HIGH |
Exposure of private personal information to an unauthorized actor in the user vaults component of Devolutions Remote Desktop Manager allows an authenticated user to gain unauthorized access to private personal information. Under specific circumstances, entries may be unintentionally moved from user vaults to shared vaults when edited by their owners, making them accessible to other users. This issue affects the following versions : * Remote Desktop Manager Windows 2025.1.34.0 and earlier * Remote Desktop Manager macOS 2025.1.16.3 and earlier * Remote Desktop Manager Android 2025.1.3.3 and earlier * Remote Desktop Manager iOS 2025.1.6.0 and earlier | |||||
CVE-2023-36052 | 1 Microsoft | 1 Azure Command-line Interface | 2025-07-02 | N/A | 8.6 HIGH |
Azure CLI REST Command Information Disclosure Vulnerability | |||||
CVE-2024-23211 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2025-06-20 | N/A | 3.3 LOW |
A privacy issue was addressed with improved handling of user preferences. This issue is fixed in watchOS 10.3, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, iOS 16.7.5 and iPadOS 16.7.5, Safari 17.3. A user's private browsing activity may be visible in Settings. | |||||
CVE-2023-42830 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2025-06-16 | N/A | 3.3 LOW |
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4. An app may be able to read sensitive location information. | |||||
CVE-2021-22876 | 8 Broadcom, Debian, Fedoraproject and 5 more | 12 Fabric Operating System, Debian Linux, Fedora and 9 more | 2025-06-09 | 5.0 MEDIUM | 5.3 MEDIUM |
curl 7.1.1 to and including 7.75.0 is vulnerable to an "Exposure of Private Personal Information to an Unauthorized Actor" by leaking credentials in the HTTP Referer: header. libcurl does not strip off user credentials from the URL when automatically populating the Referer: HTTP request header field in outgoing HTTP requests, and therefore risks leaking sensitive data to the server that is the target of the second HTTP request. | |||||
CVE-2024-11396 | 1 Awplife | 1 Event Monster | 2025-06-05 | N/A | 5.3 MEDIUM |
The Event Monster – Event Management, Tickets Booking, Upcoming Event plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.4.3 via the Visitors List Export file. During the export, a CSV file is created in the wp-content folder with a hardcoded filename that is publicly accessible. This makes it possible for unauthenticated attackers to extract data about event visitors, that includes first and last names, email, and phone number. | |||||
CVE-2025-0679 | 1 Gitlab | 1 Gitlab | 2025-05-29 | N/A | 4.3 MEDIUM |
An issue has been discovered in GitLab CE/EE affecting all versions from 17.1 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. Under certain conditions un-authorised users can view full email addresses that should be partially obscured. | |||||
CVE-2024-13228 | 1 Themeum | 1 Qubely | 2025-05-26 | N/A | 4.3 MEDIUM |
The Qubely – Advanced Gutenberg Blocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.8.13 via the 'qubely_get_content'. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, scheduled, password-protected, draft, and trashed post data. | |||||
CVE-2024-13953 | 2025-05-23 | N/A | 4.9 MEDIUM | ||
Sensitive device logger information in ASPECT may be exposed if administrator credentials become compromisedThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*. | |||||
CVE-2022-2720 | 1 Octopus | 1 Octopus Server | 2025-05-16 | N/A | 5.3 MEDIUM |
In affected versions of Octopus Server it was identified that when a sensitive value is a substring of another value, sensitive value masking will only partially work. | |||||
CVE-2023-45721 | 2025-05-02 | N/A | 5.3 MEDIUM | ||
Insufficient default configuration in HCL Leap allows anonymous access to directory information. | |||||
CVE-2023-45720 | 2025-04-29 | N/A | 5.3 MEDIUM | ||
Insufficient default configuration in HCL Leap allows anonymous access to directory information. | |||||
CVE-2025-3035 | 1 Mozilla | 1 Firefox | 2025-04-15 | N/A | 5.3 MEDIUM |
By first using the AI chatbot in one tab and later activating it in another tab, the document title of the previous tab would leak into the chat prompt. This vulnerability affects Firefox < 137. | |||||
CVE-2024-53258 | 1 Autolabproject | 1 Autolab | 2025-04-07 | N/A | 5.3 MEDIUM |
Autolab is a course management service that enables auto-graded programming assignments. From Autolab versions v.3.0.0 onward students can download all assignments from another student, as long as they are logged in, using the download_all_submissions feature. This can allow for leakage of submissions to unauthorized users, such as downloading submissions from other students in the class, or even instructor test submissions, given they know their user IDs. This issue has been patched in commit `1aa4c769` which is not yet in a release version, but is expected to be included in version 3.0.3. Users are advised to either manually patch or to wait for version 3.0.3. As a workaround administrators can disable the feature. |