Total
192 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-46747 | 2025-05-12 | N/A | 5.7 MEDIUM | ||
| An authenticated user without user-management permissions could identify other user accounts. | |||||
| CVE-2025-3606 | 2025-04-29 | N/A | 7.5 HIGH | ||
| Vestel AC Charger version 3.75.0 contains a vulnerability that could enable an attacker to access files containing sensitive information, such as credentials which could be used to further compromise the device. | |||||
| CVE-2025-30686 | 1 Oracle | 1 Hospitality Simphony | 2025-04-21 | N/A | 7.6 HIGH |
| Vulnerability in the Oracle Hospitality Simphony product of Oracle Food and Beverage Applications (component: EMC). Supported versions that are affected are 19.1-19.7. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Simphony. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Simphony accessible data as well as unauthorized update, insert or delete access to some of Oracle Hospitality Simphony accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Hospitality Simphony. CVSS 3.1 Base Score 7.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L). | |||||
| CVE-2025-32792 | 2025-04-21 | N/A | N/A | ||
| SES safely executes third-party JavaScript 'strict' mode programs in compartments that have no excess authority in their global scope. Prior to version 1.12.0, web pages and web extensions using `ses` and the Compartment API to evaluate third-party code in an isolated execution environment that have also elsewhere used `const`, `let`, and `class` bindings in the top-level scope of a `<script>` tag will have inadvertently revealed these bindings in the lexical scope of third-party code. This issue has been patched in version 1.12.0. Workarounds for this issue involve either avoiding top-level `let`, `const`, or `class` bindings in `<script>` tags, or change these to `var` bindings to be reflected on `globalThis`. | |||||
| CVE-2025-39439 | 2025-04-17 | N/A | 5.3 MEDIUM | ||
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Markus Drubba wpLike2Get allows Retrieve Embedded Sensitive Data. This issue affects wpLike2Get: from n/a through 1.2.9. | |||||
| CVE-2025-39556 | 2025-04-16 | N/A | 5.3 MEDIUM | ||
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in mediavine Mediavine Control Panel allows Retrieve Embedded Sensitive Data. This issue affects Mediavine Control Panel: from n/a through 2.10.6. | |||||
| CVE-2025-39589 | 2025-04-16 | N/A | 4.3 MEDIUM | ||
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPDeveloper Essential Addons for Elementor allows Retrieve Embedded Sensitive Data. This issue affects Essential Addons for Elementor: from n/a through 6.1.9. | |||||
| CVE-2025-26730 | 2025-04-16 | N/A | 7.5 HIGH | ||
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in NotFound Macro Calculator with Admin Email Optin & Data. This issue affects Macro Calculator with Admin Email Optin & Data: from n/a through 1.0. | |||||
| CVE-2025-32228 | 2025-04-11 | N/A | 4.3 MEDIUM | ||
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WP Messiah Ai Image Alt Text Generator for WP. This issue affects Ai Image Alt Text Generator for WP: from n/a through 1.0.8. | |||||
| CVE-2025-27934 | 2025-04-09 | N/A | 7.5 HIGH | ||
| Information disclosure of authentication information in the specific service vulnerability exists in Wi-Fi AP UNIT 'AC-WPS-11ac series'. If exploited, a remote unauthenticated attacker may obtain the product authentication information. | |||||
| CVE-2025-31003 | 2025-04-09 | N/A | 2.7 LOW | ||
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Bogdan Bendziukov Squeeze allows Retrieve Embedded Sensitive Data. This issue affects Squeeze: from n/a through 1.6. | |||||
| CVE-2025-32026 | 2025-04-08 | N/A | 3.8 LOW | ||
| Element Web is a Matrix web client built using the Matrix React SDK. Element Web, starting from version 1.11.16 up to version 1.11.96, can be configured to load Element Call from an external URL. Under certain conditions, the external page is able to get access to the media encryption keys used for an Element Call call. Version 1.11.97 fixes the problem. | |||||
| CVE-2025-32164 | 2025-04-08 | N/A | 6.5 MEDIUM | ||
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in maennchen1.de m1.DownloadList. This issue affects m1.DownloadList: from n/a through 0.21. | |||||
| CVE-2025-32251 | 2025-04-07 | N/A | 5.3 MEDIUM | ||
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in J. Tyler Wiest Jetpack Feedback Exporter allows Retrieve Embedded Sensitive Data. This issue affects Jetpack Feedback Exporter: from n/a through 1.23. | |||||
| CVE-2025-32255 | 2025-04-07 | N/A | 5.3 MEDIUM | ||
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in ERA404 StaffList allows Retrieve Embedded Sensitive Data. This issue affects StaffList: from n/a through 3.2.6. | |||||
| CVE-2025-30802 | 2025-04-01 | N/A | 4.3 MEDIUM | ||
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPBean Our Team Members. This issue affects Our Team Members: from n/a through 2.2. | |||||
| CVE-2025-31832 | 2025-04-01 | N/A | 5.3 MEDIUM | ||
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Beee ACF City Selector allows Retrieve Embedded Sensitive Data. This issue affects ACF City Selector: from n/a through 1.16.0. | |||||
| CVE-2024-36070 | 2025-03-27 | N/A | 7.5 HIGH | ||
| tine before 2023.11.8, when an LDAP backend is used, allows anonymous remote attackers to obtain sensitive authentication information via setup.php because of getRegistryData in Setup/Frontend/Json.php. (An update is also available for the 2022.11 series.) | |||||
| CVE-2024-8313 | 2025-03-27 | N/A | N/A | ||
| An Exposure of Sensitive System Information to an Unauthorized Control Sphere and Initialization of a Resource with an Insecure Default vulnerability in the SNMP component of B&R APROL <4.4-00P5 may allow an unauthenticated adjacent-based attacker to read and alter configuration using SNMP. | |||||
| CVE-2024-0053 | 1 Google | 1 Android | 2025-03-27 | N/A | 3.3 LOW |
| In getCustomPrinterIcon of PrintManagerService.java, there is a possible way to view other user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||