Total
9306 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-38167 | 2 Microsoft, Redhat | 3 .net, Visual Studio 2022, Enterprise Linux | 2025-05-02 | 6.5 Medium |
| .NET and Visual Studio Information Disclosure Vulnerability | ||||
| CVE-2024-38200 | 1 Microsoft | 3 365 Apps, Office, Office Long Term Servicing Channel | 2025-05-02 | 6.5 Medium |
| Microsoft Office Spoofing Vulnerability | ||||
| CVE-2022-37930 | 1 Hpe | 18 Hf20, Hf20 Firmware, Hf20c and 15 more | 2025-05-02 | 6.7 Medium |
| A security vulnerability has been identified in HPE Nimble Storage Hybrid Flash Arrays and HPE Nimble Storage Secondary Flash Arrays which could potentially allow local disclosure of sensitive information. | ||||
| CVE-2022-37909 | 1 Arubanetworks | 2 Arubaos, Sd-wan | 2025-05-02 | 5.3 Medium |
| Aruba has identified certain configurations of ArubaOS that can lead to sensitive information disclosure from the configured ESSIDs. The scenarios in which disclosure of potentially sensitive information can occur are complex, and depend on factors beyond the control of attackers. | ||||
| CVE-2022-38654 | 1 Hcltech | 1 Domino | 2025-05-02 | 5.5 Medium |
| HCL Domino is susceptible to an information disclosure vulnerability. In some scenarios, local calls made on the server to search the Domino directory will ignore xACL read restrictions. An authenticated attacker could leverage this vulnerability to access attributes from a user's person record. | ||||
| CVE-2025-46332 | 2025-05-02 | 6.5 Medium | ||
| Flags SDK is an open-source feature flags toolkit for Next.js and SvelteKit. Impacted versions include flags from 3.2.0 and prior and @vercel/flags from 3.1.1 and prior as certain circumstances allows a bad actor with detailed knowledge of the vulnerability to list all flags returned by the flags discovery endpoint (.well-known/vercel/flags). This vulnerability allows for information disclosure, where a bad actor could gain access to a list of all feature flags exposed through the flags discovery endpoint, including the flag names, flag descriptions, available options and their labels (e.g. true, false), and default flag values. This issue has been patched in flags@4.0.0, users of flags and @vercel/flags should also migrate to flags@4.0.0. | ||||
| CVE-2022-39018 | 1 M-files | 1 Hubshare | 2025-05-02 | 8.2 High |
| Broken access controls on PDFtron data in M-Files Hubshare before 3.3.11.3 allows unauthenticated attackers to access restricted PDF files via a known URL. | ||||
| CVE-2025-2880 | 2025-05-02 | 5.3 Medium | ||
| The Yame | Link In Bio plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 0.9.0 through the publicly accessible phpinfo.php script. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in the exposed file. | ||||
| CVE-2025-4085 | 2025-05-02 | 7.1 High | ||
| An attacker with control over a content process could potentially leverage the privileged UITour actor to leak sensitive information or escalate privileges. This vulnerability affects Firefox < 138 and Thunderbird < 138. | ||||
| CVE-2025-46552 | 2025-05-02 | N/A | ||
| KHC-INVITATION-AUTOMATION is a GitHub automation script that automatically invites followers of a bot account to join your organization. In some commits on version 1.2, a vulnerability was identified where user data, including email addresses and Discord usernames, were exposed in API responses without proper access controls. This allowed unauthorized users to access sensitive user information by directly calling specific endpoints. This issue has been patched in a later commit on version 1.2. | ||||
| CVE-2023-46669 | 2025-05-02 | 6.2 Medium | ||
| Exposure of sensitive information to local unauthorized actors in Elastic Agent and Elastic Security Endpoint can lead to loss of confidentiality and impersonation of Endpoint to the Elastic Stack. This issue was identified by Elastic engineers and Elastic has no indication that it is known or has been exploited by malicious actors. | ||||
| CVE-2024-11994 | 2025-05-02 | 5.7 Medium | ||
| APM server logs could contain parts of the document body from a partially failed bulk index request. Depending on the nature of the document, this could disclose sensitive information in APM Server error logs. | ||||
| CVE-2024-42019 | 1 Veeam | 1 One | 2025-05-01 | 8.0 High |
| A vulnerability that allows an attacker to access the NTLM hash of the Veeam Reporter Service service account. This attack requires user interaction and data collected from Veeam Backup & Replication. | ||||
| CVE-2024-34004 | 1 Moodle | 1 Moodle | 2025-05-01 | 6.5 Medium |
| In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user with both access to restore wiki modules and direct access to the web server outside of the Moodle webroot could execute a local file include. | ||||
| CVE-2024-34005 | 1 Moodle | 1 Moodle | 2025-05-01 | 6.5 Medium |
| In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user with both access to restore database activity modules and direct access to the web server outside of the Moodle webroot could execute a local file include. | ||||
| CVE-2024-34003 | 1 Moodle | 1 Moodle | 2025-05-01 | 5.9 Medium |
| In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user with both access to restore workshop modules and direct access to the web server outside of the Moodle webroot could execute a local file include. | ||||
| CVE-2024-34002 | 1 Moodle | 1 Moodle | 2025-05-01 | 6.5 Medium |
| In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user with both access to restore feedback modules and direct access to the web server outside of the Moodle webroot could execute a local file include. | ||||
| CVE-2022-30556 | 4 Apache, Fedoraproject, Netapp and 1 more | 5 Http Server, Fedora, Clustered Data Ontap and 2 more | 2025-05-01 | 7.5 High |
| Apache HTTP Server 2.4.53 and earlier may return lengths to applications calling r:wsread() that point past the end of the storage allocated for the buffer. | ||||
| CVE-2024-32754 | 2025-05-01 | 3.1 Low | ||
| Under certain circumstances, when the controller is in factory reset mode waiting for initial setup, it will broadcast its MAC address, serial number, and firmware version. Once configured, the controller will no longer broadcast this information. | ||||
| CVE-2024-3596 | 5 Broadcom, Freeradius, Ietf and 2 more | 12 Brocade Sannav, Fabric Operating System, Freeradius and 9 more | 2025-05-01 | 9 Critical |
| RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature. | ||||