Total
196 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-6390 | 1 Broadcom | 1 Brocade Sannav | 2025-08-27 | 4.4 Medium |
| Brocade SANnav before SANnav 2.4.0a logs passwords and pbe keys in the Brocade SANnav server audit logs after installation and under specific conditions. These audit logs are the local server VM’s audit logs and are not controlled by SANnav. These logs are only visible to the server admin of the host server and are not visible to the SANnav admin or any SANnav user. | ||||
| CVE-2024-6388 | 1 Canonical | 1 Ubuntu Advantage Desktop Daemon | 2025-08-27 | 5.9 Medium |
| Marco Trevisan discovered that the Ubuntu Advantage Desktop Daemon, before version 1.12, leaks the Pro token to unprivileged users by passing the token as an argument in plaintext. | ||||
| CVE-2025-8700 | 2 Apple, Invoiceninja | 2 Macos, Invoice Ninja | 2025-08-27 | N/A |
| Invoice Ninja's configuration on macOS, specifically the presence of entitlement "com.apple.security.get-task-allow", allows local attackers with unprivileged access (e.g. via a malicious application) to attach a debugger, read or modify the process memory, inject code in the application's context despite being signed with Hardened Runtime and bypass Transparency, Consent, and Control (TCC). Acquired resource access is limited to previously granted permissions by the user. Access to other resources beyond granted permissions requires user interaction with a system prompt asking for permission. According to Apple documentation, when a non-root user runs an app with the debugging tool entitlement, the system presents an authorization dialog asking for a system administrator's credentials. Since there is no prompt when the target process has "get-task-allow" entitlement, the presence of this entitlement was decided to be treated as a vulnerability because it removes one step needed to perform an attack. This issue was fixed in version 5.0.175 | ||||
| CVE-2025-8597 | 2 Apple, Macvim | 2 Macos, Macvim | 2025-08-27 | N/A |
| MacVim's configuration on macOS, specifically the presence of entitlement "com.apple.security.get-task-allow", allows local attackers with unprivileged access (e.g. via a malicious application) to attach a debugger, read or modify the process memory, inject code in the application's context despite being signed with Hardened Runtime and bypass Transparency, Consent, and Control (TCC). Acquired resource access is limited to previously granted permissions by the user. Access to other resources beyond granted permissions requires user interaction with a system prompt asking for permission. According to Apple documentation, when a non-root user runs an app with the debugging tool entitlement, the system presents an authorization dialog asking for a system administrator's credentials. Since there is no prompt when the target process has "get-task-allow" entitlement, the presence of this entitlement was decided to be treated as a vulnerability because it removes one step needed to perform an attack. This issue was fixed in build r181.2 | ||||
| CVE-2025-1144 | 2025-08-26 | 9.8 Critical | ||
| School Affairs System from Quanxun has an Exposure of Sensitive Information, allowing unauthenticated attackers to view specific pages and obtain database information as well as plaintext administrator credentials. | ||||
| CVE-2025-3506 | 1 Checkmk | 1 Checkmk | 2025-08-25 | 5.3 Medium |
| Files to be deployed with agents are accessible without authentication in Checkmk 2.1.0, Checkmk 2.2.0, Checkmk 2.3.0 and <Checkmk 2.4.0b6 allows attacker to access files that could contain secrets. | ||||
| CVE-2025-27369 | 3 Ibm, Linux, Microsoft | 3 Openpages With Watson, Linux Kernel, Windows | 2025-08-24 | 4.3 Medium |
| IBM OpenPages with Watson 8.3 and 9.0 is vulnerable to information disclosure of sensitive information due to a weaker than expected security for certain REST end points used for the administration of OpenPages. An authenticated user is able to obtain certain information about system configuration and internal state which is only intended for administrators of the system. | ||||
| CVE-2025-2670 | 1 Ibm | 2 Openpages, Openpages With Watson | 2025-08-24 | 4.3 Medium |
| IBM OpenPages 9.0 is vulnerable to information disclosure of sensitive information due to a weaker than expected security for certain REST end points related to workflow feature of OpenPages. An authenticated user is able to obtain certain information about Workflow related configuration and internal state. | ||||
| CVE-2025-57888 | 2 Nootheme, Wordpress | 2 Jobmonster, Wordpress | 2025-08-23 | 5.3 Medium |
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in NooTheme Jobmonster allows Retrieve Embedded Sensitive Data. This issue affects Jobmonster: from n/a through 4.8.0. | ||||
| CVE-2025-48355 | 1 Wordpress | 1 Wordpress | 2025-08-22 | 5.3 Medium |
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in ProveSource LTD ProveSource Social Proof allows Retrieve Embedded Sensitive Data.This issue affects ProveSource Social Proof: from n/a through 3.0.5. | ||||
| CVE-2025-27721 | 2025-08-22 | 7.5 High | ||
| Unauthorized users can access INFINITT PACS System Manager without proper authorization, which could lead to unauthorized access to system resources. | ||||
| CVE-2024-37526 | 1 Ibm | 2 Data Virtualization On Cloud Pak For Data, Watson Query With Cloud Pak For Data | 2025-08-18 | 6.5 Medium |
| IBM Watson Query on Cloud Pak for Data (IBM Data Virtualization 1.8, 2.0, 2.1, 2.2, and 3.0.0) could allow an authenticated user to obtain sensitive information from objects published using Watson Query due to an improper data protection mechanism. | ||||
| CVE-2024-41781 | 1 Ibm | 10 Power9 System Firmware, Power System E950, Power System E980 and 7 more | 2025-08-15 | 5.1 Medium |
| IBM PowerVM Platform KeyStore (IBM PowerVM Hypervisor FW950.00 through FW950.90, FW1030.00 through FW1030.60, FW1050.00 through FW1050.20, and FW1060.00 through FW1060.10 functionality can be compromised if an attacker gains service access to the HMC. An attacker that gains service access to the HMC can locate and through a series of service procedures decrypt data contained in the Platform KeyStore. | ||||
| CVE-2022-43852 | 3 Ibm, Linux, Microsoft | 3 Aspera Console, Linux Kernel, Windows | 2025-08-15 | 5.3 Medium |
| IBM Aspera Console 3.4.0 through 3.4.4 could disclose sensitive information in HTTP headers that could be used in further attacks against the system. | ||||
| CVE-2025-54736 | 2 Nordicmade, Wordpress | 2 Savoy, Wordpress | 2025-08-15 | 5.3 Medium |
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in NordicMade Savoy allows Retrieve Embedded Sensitive Data. This issue affects Savoy: from n/a through 3.0.8. | ||||
| CVE-2025-5416 | 1 Redhat | 2 Build Keycloak, Keycloak | 2025-08-13 | 2.7 Low |
| A vulnerability has been identified in Keycloak that could lead to unauthorized information disclosure. While it requires an already authenticated user, the /admin/serverinfo endpoint can inadvertently provide sensitive environment information. | ||||
| CVE-2024-31887 | 1 Ibm | 2 Security Verify Privilege, Security Verify Privilege On-premises | 2025-08-13 | 7.5 High |
| IBM Security Verify Privilege 11.6.25 could allow an unauthenticated actor to obtain sensitive information from the SOAP API. IBM X-Force ID: 287651. | ||||
| CVE-2025-1212 | 1 Gitlab | 1 Gitlab | 2025-08-06 | 4.3 Medium |
| An information disclosure vulnerability in GitLab CE/EE affecting all versions from 8.3 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2 allows an attacker to send a crafted request to a backend server to reveal sensitive information. | ||||
| CVE-2025-23287 | 1 Nvidia | 1 Gpu Display Driver | 2025-08-05 | 3.3 Low |
| NVIDIA GPU Display Driver for Windows contains a vulnerability where an attacker may access sensitive system-level information. A successful exploit of this vulnerability may lead to Information disclosure. | ||||
| CVE-2025-54422 | 2 Sandboxie, Sandboxie-plus | 2 Sandboxie, Sandboxie | 2025-08-04 | 5.5 Medium |
| Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. In versions 1.16.1 and below, a critical security vulnerability exists in password handling mechanisms. During encrypted sandbox creation, user passwords are transmitted via shared memory, exposing them to potential interception. The vulnerability is particularly severe during password modification operations, where both old and new passwords are passed as plaintext command-line arguments to the Imbox process without any encryption or obfuscation. This implementation flaw allows any process within the user session, including unprivileged processes, to retrieve these sensitive credentials by reading the command-line arguments, thereby bypassing standard privilege requirements and creating a significant security risk. This is fixed in version 1.16.2. | ||||