Total
18 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-8713 | 1 Postgresql | 1 Postgresql | 2025-08-15 | 3.1 Low |
| PostgreSQL optimizer statistics allow a user to read sampled data within a view that the user cannot access. Separately, statistics allow a user to read sampled data that a row security policy intended to hide. PostgreSQL maintains statistics for tables by sampling data available in columns; this data is consulted during the query planning process. Prior to this release, a user could craft a leaky operator that bypassed view access control lists (ACLs) and bypassed row security policies in partitioning or table inheritance hierarchies. Reachable statistics data notably included histograms and most-common-values lists. CVE-2017-7484 and CVE-2019-10130 intended to close this class of vulnerability, but this gap remained. Versions before PostgreSQL 17.6, 16.10, 15.14, 14.19, and 13.22 are affected. | ||||
| CVE-2025-26527 | 1 Moodle | 1 Moodle | 2025-08-08 | 5.3 Medium |
| Tags not expected to be visible to a user could still be discovered by them via the tag search page or in the tags block. | ||||
| CVE-2025-47324 | 1 Qualcomm | 1 Snapdragon | 2025-08-06 | 7.5 High |
| Information disclosure while accessing and modifying the PIB file of a remote device via powerline. | ||||
| CVE-2025-0330 | 1 Litellm | 1 Litellm | 2025-08-01 | N/A |
| In berriai/litellm version v1.52.1, an issue in proxy_server.py causes the leakage of Langfuse API keys when an error occurs while parsing team settings. This vulnerability exposes sensitive information, including langfuse_secret and langfuse_public_key, which can provide full access to the Langfuse project storing all requests. | ||||
| CVE-2024-9447 | 1 Superagi | 1 Superagi | 2025-07-29 | N/A |
| An information disclosure vulnerability exists in the latest version of transformeroptimus/superagi. The `/get/organisation/` endpoint does not verify the user's organization, allowing any authenticated user to retrieve sensitive configuration details, including API keys, of any organization. This could lead to unauthorized access to services and significant data breaches or financial loss. | ||||
| CVE-2023-50458 | 1 Dradisframework | 1 Dradis | 2025-07-13 | 3.5 Low |
| In Dradis before 4.11.0, the Output Console shows a job queue that may contain information about other users' jobs. | ||||
| CVE-2024-49395 | 3 Mutt, Neomutt, Redhat | 3 Mutt, Neomutt, Enterprise Linux | 2025-07-05 | 5.3 Medium |
| In mutt and neomutt, PGP encryption does not use the --hidden-recipient mode which may leak the Bcc email header field by inferring from the recipients info. | ||||
| CVE-2025-48941 | 1 Mybb | 1 Mybb | 2025-07-02 | 5.3 Medium |
| MyBB is free and open source forum software. Prior to version 1.8.39, the search component does not validate permissions correctly, which allows attackers to determine the existence of hidden (draft, unapproved, or soft-deleted) threads containing specified text in the title. The visibility state (`mybb_threads.visible` integer column) of threads is not validated in internal search queries, whose result is used to output a general success or failure of the search. While MyBB validates permissions when displaying the final search results, a search operation that internally produces at least one result outputs a redirect response (as a HTTP redirect, or a success message page with delayed redirect, depending on configuration). On the other hand, a search operation that internally produces no results outputs a corresponding message in the response without a redirect. This allows a user to determine whether threads matching title search parameters exist, including draft threads (`visible` with a value of `-2`), soft-deleted threads (`visible` with a value of `-1`), and unapproved threads (`visible` with a value of `0`); in addition to displaying generally visible threads (`visible` with a value of `1`). This vulnerability does not affect other layers of permissions. In order to exploit the vulnerability, the user must have access to the search functionality, and general access to forums containing the thread(s). The vulnerability does not expose the message content of posts. MyBB 1.8.39 resolves this issue. | ||||
| CVE-2024-9099 | 1 Lunary | 1 Lunary | 2025-04-10 | 8.1 High |
| In lunary-ai/lunary version v1.4.29, the GET /projects API endpoint exposes both public and private API keys for all projects to users with minimal permissions, such as Viewers or Prompt Editors. This vulnerability allows unauthorized users to retrieve sensitive credentials, which can be used to perform actions on behalf of the project, access private data, and delete resources. The private API keys are exposed in the developer tools when the endpoint is called from the frontend. | ||||
| CVE-2025-1921 | 1 Google | 1 Chrome | 2025-04-01 | 6.5 Medium |
| Inappropriate implementation in Media Stream in Google Chrome prior to 134.0.6998.35 allowed a remote attacker to obtain information about a peripheral via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2023-1974 | 1 Answer | 1 Answer | 2025-02-07 | 6.5 Medium |
| Exposure of Sensitive Information Through Metadata in GitHub repository answerdev/answer prior to 1.0.8. | ||||
| CVE-2024-10324 | 1 Rometheme | 1 Romethemekit For Elementor | 2025-02-04 | 4.3 Medium |
| The RomethemeKit For Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.5.2 via the register_controls function in widgets/offcanvas-rometheme.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft template data. | ||||
| CVE-2024-53291 | 1 Dell | 1 Nativeedge Orchestrator | 2025-01-29 | 7.5 High |
| Dell NativeEdge, version(s) 2.1.0.0, contain(s) an Exposure of Sensitive Information Through Metadata vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure. | ||||
| CVE-2024-47517 | 2025-01-13 | 6.8 Medium | ||
| Expired and unusable administrator authentication tokens can be revealed by units that have timed out from ETM access | ||||
| CVE-2024-5213 | 1 Mintplexlabs | 1 Anythingllm | 2024-11-21 | 6.5 Medium |
| In mintplex-labs/anything-llm versions up to and including 1.5.3, an issue was discovered where the password hash of a user is returned in the response after login (`POST /api/request-token`) and after account creations (`POST /api/admin/users/new`). This exposure occurs because the entire User object, including the bcrypt password hash, is included in the response sent to the frontend. This practice could potentially lead to sensitive information exposure despite the use of bcrypt, a strong hashing algorithm. It is recommended not to expose any clues about passwords to the frontend. | ||||
| CVE-2023-32488 | 1 Dell | 1 Powerscale Onefs | 2024-11-21 | 5.3 Medium |
| Dell PowerScale OneFS, 8.2.x-9.5.0.x, contains an information disclosure vulnerability in NFS. A low privileged attacker could potentially exploit this vulnerability, leading to information disclosure. | ||||
| CVE-2021-4159 | 3 Debian, Linux, Redhat | 3 Debian Linux, Linux Kernel, Enterprise Linux | 2024-11-21 | 4.4 Medium |
| A vulnerability was found in the Linux kernel's EBPF verifier when handling internal data structures. Internal memory locations could be returned to userspace. A local attacker with the permissions to insert eBPF code to the kernel can use this to leak internal kernel memory details defeating some of the exploit mitigations in place for the kernel. | ||||
| CVE-2024-8910 | 1 Hasthemes | 1 Ht Mega | 2024-10-03 | 4.3 Medium |
| The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.5 via the render function in includes/widgets/htmega_accordion.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft template data. | ||||
Page 1 of 1.