Total
192 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-0061 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2025-10-24 | N/A | 8.7 HIGH |
| SAP BusinessObjects Business Intelligence Platform allows an unauthenticated attacker to perform session hijacking over the network without any user interaction, due to an information disclosure vulnerability. Attacker can access and modify all the data of the application. | |||||
| CVE-2025-34156 | 2025-10-23 | N/A | N/A | ||
| Tibbo AggreGate Network Manager < 6.40.05 exposes sensitive system information through an unauthenticated endpoint at /cwmp/happyaxis.jsp. The page discloses Java system properties, server path details, and version information to unauthorized users, resulting in information disclosure that could aid further compromise. | |||||
| CVE-2025-30011 | 1 Sap | 1 Supplier Relationship Management | 2025-10-23 | N/A | 5.3 MEDIUM |
| The Live Auction Cockpit in SAP Supplier Relationship Management (SRM) uses a deprecated java applet component within the affected SRM packages which allows an unauthenticated attacker to send an malicious request to the application, which could disclose the internal version details of the affected system. This vulnerability has low impact on confidentiality, with no effect on integrity and availability of the application. | |||||
| CVE-2025-59575 | 2025-10-23 | N/A | 5.0 MEDIUM | ||
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Stylemix MasterStudy LMS masterstudy-lms-learning-management-system allows Retrieve Embedded Sensitive Data.This issue affects MasterStudy LMS: from n/a through <= 3.6.20. | |||||
| CVE-2025-52752 | 2025-10-23 | N/A | 6.5 MEDIUM | ||
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in ThemeAtelier IDonatePro idonate-pro allows Retrieve Embedded Sensitive Data.This issue affects IDonatePro: from n/a through <= 2.1.9. | |||||
| CVE-2025-47699 | 2025-10-23 | N/A | 9.9 CRITICAL | ||
| Exposure of Sensitive System Information to an Unauthorized Control Sphere (CWE-497) in the Gallagher Morpho integration could allow an authenticated operator with limited site permissions to make critical changes to local Morpho devices. This issue affects Command Centre Server: 9.30 prior to vEL9.30.2482 (MR2), 9.20 prior to vEL9.20.2819 (MR4), 9.10 prior to vEL9.10.3672 (MR7), 9.00 prior to vEL9.00.3831 (MR8), all versions of 8.90 and prior. | |||||
| CVE-2025-4614 | 1 Paloaltonetworks | 1 Pan-os | 2025-10-22 | N/A | 2.7 LOW |
| An information disclosure vulnerability in Palo Alto Networks PAN-OS® software enables an authenticated administrator to view session tokens of users authenticated to the firewall web UI. This may allow impersonation of users whose session tokens are leaked. The security risk posed by this issue is significantly minimized when CLI access is restricted to a limited group of administrators. Cloud NGFW and Prisma® Access are not affected by this vulnerability. | |||||
| CVE-2021-31955 | 1 Microsoft | 8 Windows 10 1809, Windows 10 1909, Windows 10 2004 and 5 more | 2025-10-22 | 2.1 LOW | 5.5 MEDIUM |
| Windows Kernel Information Disclosure Vulnerability | |||||
| CVE-2025-11151 | 2025-10-21 | N/A | 8.2 HIGH | ||
| Exposure of Sensitive Information to an Unauthorized Actor, Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Beyaz Bilgisayar Software Design Industry and Trade Ltd. Co. CityPLus allows Detect Unpublicized Web Pages.This issue affects CityPLus: before V24.29500.1.0. | |||||
| CVE-2025-52616 | 1 Hcltech | 1 Unica | 2025-10-21 | N/A | 5.3 MEDIUM |
| HCL Unica 12.1.10 can expose sensitive system information. An attacker could use this information to form an attack plan by leveraging known vulnerabilities in the application. | |||||
| CVE-2025-2598 | 1 Amazon | 1 Aws Cloud Development Kit | 2025-10-14 | N/A | 5.5 MEDIUM |
| When the AWS Cloud Development Kit (AWS CDK) Command Line Interface (AWS CDK CLI) is used with a credential plugin which returns an expiration property with the retrieved AWS credentials, the credentials are printed to the console output. To mitigate this issue, users should upgrade to version 2.178.2 or later and ensure any forked or derivative code is patched to incorporate the new fixes. | |||||
| CVE-2025-0278 | 1 Hcltech | 1 Traveler | 2025-10-10 | N/A | 4.3 MEDIUM |
| HCL Traveler is affected by an internal path disclosure in a Windows application when the application inadvertently reveals internal file paths, in error messages, debug logs, or responses to user requests. | |||||
| CVE-2025-59447 | 2025-10-08 | N/A | 2.2 LOW | ||
| The YoSmart YoLink Smart Hub device 0382 exposes a UART debug interface. An attacker with direct physical access can leverage this interface to read a boot log, which includes network access credentials. | |||||
| CVE-2025-44823 | 2025-10-08 | N/A | 9.9 CRITICAL | ||
| Nagios Log Server before 2024R1.3.2 allows authenticated users to retrieve cleartext administrative API keys via a /nagioslogserver/index.php/api/system/get_users call. This is GL:NLS#475. | |||||
| CVE-2024-45549 | 1 Qualcomm | 320 Ar8035, Ar8035 Firmware, Fastconnect 6700 and 317 more | 2025-10-06 | N/A | 7.7 HIGH |
| Information disclosure while creating MQ channels. | |||||
| CVE-2025-58585 | 2025-10-06 | N/A | 5.3 MEDIUM | ||
| Multiple endpoints with sensitive information do not require authentication, making the application susceptible to information gathering. | |||||
| CVE-2025-58579 | 2025-10-06 | N/A | 5.3 MEDIUM | ||
| Due to a lack of authentication, it is possible for an unauthenticated user to request data from this endpoint, making the application vulnerable for user enumeration. | |||||
| CVE-2025-58583 | 2025-10-06 | N/A | 5.3 MEDIUM | ||
| The application provides access to a login protected H2 database for caching purposes. The username is prefilled. | |||||
| CVE-2025-27149 | 1 Zulip | 1 Zulip Server | 2025-09-27 | N/A | 2.7 LOW |
| Zulip server provides an open-source team chat that helps teams stay productive and focused. Prior to 10.0, the data export to organization administrators feature in Zulip leaks private data. The collection of user-agent types identifying specific integrations or HTTP libraries (E.g., ZulipGitlabWebhook, okhttp, or PycURL) that have been used to access any organization on the server was incorrectly included in all three export types, regardless of if they were used to access the exported organization or not. The "public data" and "with consent" exports metadata including the titles of some topics in private channels which the administrator otherwise did not have access to, and none of the users consented to exporting and metadata for which users were in a group DM together. This vulnerability is fixed in 10.0. | |||||
| CVE-2025-60119 | 2025-09-26 | N/A | 5.3 MEDIUM | ||
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in CoSchedule CoSchedule allows Retrieve Embedded Sensitive Data. This issue affects CoSchedule: from n/a through 3.3.10. | |||||