Total
9561 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-54786 | 2 Salesagility, Suitecrm | 2 Suitecrm, Suitecrm | 2025-08-07 | 5.3 Medium |
| SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. In versions 7.14.6 and 8.8.0, the broken authentication in the legacy iCal service allows unauthenticated access to meeting data. An unauthenticated actor can view any user's meeting (calendar event) data given their username, related functionality allows user enumeration. This is fixed in versions 7.14.7 and 8.8.1. | ||||
| CVE-2024-20457 | 1 Cisco | 1 Unified Communications Manager Im And Presence Service | 2025-08-07 | 6.5 Medium |
| A vulnerability in the logging component of Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an authenticated, remote attacker to view sensitive information in clear text on an affected system. This vulnerability is due to the storage of unencrypted credentials in certain logs. An attacker could exploit this vulnerability by accessing the logs on an affected system and obtaining credentials that they may not normally have access to. A successful exploit could allow the attacker to access sensitive information from the device. | ||||
| CVE-2024-4540 | 1 Redhat | 3 Build Keycloak, Red Hat Single Sign On, Rhosemc | 2025-08-07 | 7.5 High |
| A flaw was found in Keycloak in OAuth 2.0 Pushed Authorization Requests (PAR). Client-provided parameters were found to be included in plain text in the KC_RESTART cookie returned by the authorization server's HTTP response to a `request_uri` authorization request, possibly leading to an information disclosure vulnerability. | ||||
| CVE-2023-28708 | 2 Apache, Redhat | 3 Tomcat, Enterprise Linux, Jboss Enterprise Web Server | 2025-08-07 | 4.3 Medium |
| When using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https, session cookies created by Apache Tomcat 11.0.0-M1 to 11.0.0.-M2, 10.1.0-M1 to 10.1.5, 9.0.0-M1 to 9.0.71 and 8.5.0 to 8.5.85 did not include the secure attribute. This could result in the user agent transmitting the session cookie over an insecure channel. Older, EOL versions may also be affected. | ||||
| CVE-2025-38746 | 1 Dell | 1 Supportassist Os Recovery | 2025-08-07 | 3.5 Low |
| Dell SupportAssist OS Recovery, versions prior to 5.5.14.0, contains an Exposure of Sensitive Information to an Unauthorized Actor vulnerability. An unauthenticated attacker with physical access could potentially exploit this vulnerability, leading to Information Disclosure. | ||||
| CVE-2025-46659 | 2025-08-06 | 7.5 High | ||
| An issue was discovered in ExonautWeb in 4C Strategies Exonaut 21.6. Information disclosure can occur via an external HTTPS request. | ||||
| CVE-2025-50738 | 1 Usememos | 1 Memos | 2025-08-06 | 9.8 Critical |
| The Memos application, up to version v0.24.3, allows for the embedding of markdown images with arbitrary URLs. When a user views a memo containing such an image, their browser automatically fetches the image URL without explicit user consent or interaction beyond viewing the memo. This can be exploited by an attacker to disclose the viewing user's IP address, browser User-Agent string, and potentially other request-specific information to the attacker-controlled server, leading to information disclosure and user tracking. | ||||
| CVE-2025-54615 | 1 Huawei | 1 Harmonyos | 2025-08-06 | 6.2 Medium |
| Vulnerability of insufficient information protection in the media library module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2025-8620 | 2 Givew, Wordpress | 2 Donation Plugin And Fundraising Platform, Wordpress | 2025-08-06 | 5.3 Medium |
| The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 4.6.0. This makes it possible for unauthenticated attackers to extract donor names, emails, and donor id. | ||||
| CVE-2025-46388 | 2025-08-06 | 4.3 Medium | ||
| CWE-200 Exposure of Sensitive Information to an Unauthorized Actor | ||||
| CVE-2025-51040 | 2025-08-06 | 7.5 High | ||
| Electrolink FM/DAB/TV Transmitter Web Management System Unauthorized access vulnerability via the /FrameSetCore.html endpoint in Electrolink 500W, 1kW, 2kW Medium DAB Transmitter Web v01.09, v01.08, v01.07, and Display v1.4, v1.2. | ||||
| CVE-2025-45620 | 1 Averusa | 2 Ptc310uv2, Ptc310uv2 Firmware | 2025-08-06 | 8.1 High |
| An issue in Aver PTC310UV2 v.0.1.0000.59 allows a remote attacker to obtain sensitive information via a crafted request | ||||
| CVE-2024-8612 | 1 Redhat | 2 Advanced Virtualization, Enterprise Linux | 2025-08-06 | 3.8 Low |
| A flaw was found in QEMU, in the virtio-scsi, virtio-blk, and virtio-crypto devices. The size for virtqueue_push as set in virtio_scsi_complete_req / virtio_blk_req_complete / virito_crypto_req_complete could be larger than the true size of the data which has been sent to guest. Once virtqueue_push() finally calls dma_memory_unmap to ummap the in_iov, it may call the address_space_write function to write back the data. Some uninitialized data may exist in the bounce.buffer, leading to an information leak. | ||||
| CVE-2025-8548 | 1 Atjiu | 1 Pybbs | 2025-08-05 | 3.7 Low |
| A vulnerability was found in atjiu pybbs up to 6.0.0 and classified as problematic. This issue affects the function sendEmailCode of the file src/main/java/co/yiiu/pybbs/controller/api/SettingsApiController.java of the component Registered Email Handler. The manipulation of the argument email leads to information exposure through error message. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The identifier of the patch is 234197c4f8fc7ce24bdcff5430cd42492f28936a. It is recommended to apply a patch to fix this issue. | ||||
| CVE-2025-6722 | 1 Wordpress | 1 Wordpress | 2025-08-05 | 5.3 Medium |
| The BitFire Security – Firewall, WAF, Bot/Spam Blocker, Login Security plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.5 via the bitfire_* directory that automatically gets created and stores potentially sensitive files without any access restrictions. This makes it possible for unauthenticated attackers to extract sensitive data from various files like config.ini, debug.log, and more when directory listing is enabled on the server. | ||||
| CVE-2025-49741 | 1 Microsoft | 1 Edge Chromium | 2025-08-05 | 7.4 High |
| No cwe for this issue in Microsoft Edge (Chromium-based) allows an unauthorized attacker to disclose information over a network. | ||||
| CVE-2025-49664 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-08-05 | 5.5 Medium |
| Exposure of sensitive information to an unauthorized actor in Windows User-Mode Driver Framework Host allows an authorized attacker to disclose information locally. | ||||
| CVE-2025-48808 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-08-05 | 5.5 Medium |
| Exposure of sensitive information to an unauthorized actor in Windows Kernel allows an authorized attacker to disclose information locally. | ||||
| CVE-2025-47980 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-08-05 | 6.2 Medium |
| Exposure of sensitive information to an unauthorized actor in Windows Imaging Component allows an unauthorized attacker to disclose information locally. | ||||
| CVE-2025-49671 | 1 Microsoft | 7 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 4 more | 2025-08-05 | 6.5 Medium |
| Exposure of sensitive information to an unauthorized actor in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. | ||||