Vulnerabilities (CVE)

Filtered by CWE-359
Total 109 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-10267 1 Superagi 1 Superagi 2025-07-18 N/A 7.5 HIGH
An information disclosure vulnerability exists in the latest version of transformeroptimus/superagi. An attacker can leak sensitive user information, including names, emails, and passwords, by attempting to register a new account with an email that is already in use. The server returns all information associated with the existing account. The vulnerable endpoint is located in the user registration functionality.
CVE-2025-49715 1 Microsoft 1 Dynamics 365 2025-07-17 N/A 7.5 HIGH
Exposure of private personal information to an unauthorized actor in Dynamics 365 FastTrack Implementation Assets allows an unauthorized attacker to disclose information over a network.
CVE-2025-49134 1 Weblate 1 Weblate 2025-07-16 N/A 5.3 MEDIUM
Weblate is a web based localization tool. Prior to version 5.12, the audit log notifications included the full IP address of the acting user. This could be obtained by third-party servers such as SMTP relays, or spam filters. This issue has been patched in version 5.12.
CVE-2025-53625 2025-07-15 N/A N/A
The DynamicPageList3 extension is a reporting tool for MediaWiki, listing category members and intersections with various formats and details. Several #dpl parameters can leak usernames that have been hidden using revision deletion, suppression, or the hideuser block flag. The vulnerability is fixed in 3.6.4.
CVE-2025-53374 2025-07-08 N/A N/A
Dokploy is a self-hostable Platform as a Service (PaaS) that simplifies the deployment and management of applications and databases. An authenticated low-privileged account can retrieve detailed profile information about another users in the same organization by directly invoking user.one. The response discloses personally-identifiable information (PII) such as e-mail address, role, two-factor status, organization ID, and various account flags. The fix will be available in the v0.23.7.
CVE-2025-6017 2025-07-03 N/A 5.5 MEDIUM
A flaw was found in Red Hat Advanced Cluster Management through versions 2.10, before 2.10.7, 2.11, before 2.11.4, and 2.12, before 2.12.4. This vulnerability allows an unprivileged user to view confidential managed cluster credentials through the UI. This information should only be accessible to authorized users and may result in the loss of confidentiality of administrative information, which could be leaked to unauthorized actors.
CVE-2025-5334 1 Devolutions 1 Remote Desktop Manager 2025-07-02 N/A 7.5 HIGH
Exposure of private personal information to an unauthorized actor in the user vaults component of Devolutions Remote Desktop Manager allows an authenticated user to gain unauthorized access to private personal information. Under specific circumstances, entries may be unintentionally moved from user vaults to shared vaults when edited by their owners, making them accessible to other users. This issue affects the following versions : * Remote Desktop Manager Windows 2025.1.34.0 and earlier * Remote Desktop Manager macOS 2025.1.16.3 and earlier * Remote Desktop Manager Android 2025.1.3.3 and earlier * Remote Desktop Manager iOS 2025.1.6.0 and earlier
CVE-2023-36052 1 Microsoft 1 Azure Command-line Interface 2025-07-02 N/A 8.6 HIGH
Azure CLI REST Command Information Disclosure Vulnerability
CVE-2024-23211 1 Apple 5 Ipados, Iphone Os, Macos and 2 more 2025-06-20 N/A 3.3 LOW
A privacy issue was addressed with improved handling of user preferences. This issue is fixed in watchOS 10.3, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, iOS 16.7.5 and iPadOS 16.7.5, Safari 17.3. A user's private browsing activity may be visible in Settings.
CVE-2023-42830 1 Apple 3 Ipados, Iphone Os, Macos 2025-06-16 N/A 3.3 LOW
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4. An app may be able to read sensitive location information.
CVE-2021-22876 8 Broadcom, Debian, Fedoraproject and 5 more 12 Fabric Operating System, Debian Linux, Fedora and 9 more 2025-06-09 5.0 MEDIUM 5.3 MEDIUM
curl 7.1.1 to and including 7.75.0 is vulnerable to an "Exposure of Private Personal Information to an Unauthorized Actor" by leaking credentials in the HTTP Referer: header. libcurl does not strip off user credentials from the URL when automatically populating the Referer: HTTP request header field in outgoing HTTP requests, and therefore risks leaking sensitive data to the server that is the target of the second HTTP request.
CVE-2024-11396 1 Awplife 1 Event Monster 2025-06-05 N/A 5.3 MEDIUM
The Event Monster – Event Management, Tickets Booking, Upcoming Event plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.4.3 via the Visitors List Export file. During the export, a CSV file is created in the wp-content folder with a hardcoded filename that is publicly accessible. This makes it possible for unauthenticated attackers to extract data about event visitors, that includes first and last names, email, and phone number.
CVE-2025-0679 1 Gitlab 1 Gitlab 2025-05-29 N/A 4.3 MEDIUM
An issue has been discovered in GitLab CE/EE affecting all versions from 17.1 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. Under certain conditions un-authorised users can view full email addresses that should be partially obscured.
CVE-2024-13228 1 Themeum 1 Qubely 2025-05-26 N/A 4.3 MEDIUM
The Qubely – Advanced Gutenberg Blocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.8.13 via the 'qubely_get_content'. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, scheduled, password-protected, draft, and trashed post data.
CVE-2024-13953 2025-05-23 N/A 4.9 MEDIUM
Sensitive device logger information in ASPECT may be exposed if administrator credentials become compromisedThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*.
CVE-2022-2720 1 Octopus 1 Octopus Server 2025-05-16 N/A 5.3 MEDIUM
In affected versions of Octopus Server it was identified that when a sensitive value is a substring of another value, sensitive value masking will only partially work.
CVE-2023-45721 2025-05-02 N/A 5.3 MEDIUM
Insufficient default configuration in HCL Leap allows anonymous access to directory information.
CVE-2023-45720 2025-04-29 N/A 5.3 MEDIUM
Insufficient default configuration in HCL Leap allows anonymous access to directory information.
CVE-2025-3035 1 Mozilla 1 Firefox 2025-04-15 N/A 5.3 MEDIUM
By first using the AI chatbot in one tab and later activating it in another tab, the document title of the previous tab would leak into the chat prompt. This vulnerability affects Firefox < 137.
CVE-2024-53258 1 Autolabproject 1 Autolab 2025-04-07 N/A 5.3 MEDIUM
Autolab is a course management service that enables auto-graded programming assignments. From Autolab versions v.3.0.0 onward students can download all assignments from another student, as long as they are logged in, using the download_all_submissions feature. This can allow for leakage of submissions to unauthorized users, such as downloading submissions from other students in the class, or even instructor test submissions, given they know their user IDs. This issue has been patched in commit `1aa4c769` which is not yet in a release version, but is expected to be included in version 3.0.3. Users are advised to either manually patch or to wait for version 3.0.3. As a workaround administrators can disable the feature.