Total
141 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-23969 | 2025-06-06 | 5.3 Medium | ||
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in whassan KI Live Video Conferences allows Retrieve Embedded Sensitive Data. This issue affects KI Live Video Conferences: from n/a through 5.5.15. | ||||
| CVE-2025-49419 | 2025-06-06 | 5.5 Medium | ||
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in esigngenie Foxit eSign for WordPress allows Retrieve Embedded Sensitive Data. This issue affects Foxit eSign for WordPress: from n/a through 2.0.3. | ||||
| CVE-2025-24473 | 1 Fortinet | 1 Forticlient | 2025-06-04 | 4.8 Medium |
| A exposure of sensitive system information to an unauthorized control sphere in Fortinet FortiClientWindows versions 7.2.0 through 7.2.1 may allow an unauthorized remote attacker to view application information via navigation to a hosted webpage, if Windows is configured to accept incoming connections to port 8053 (non-default setup) | ||||
| CVE-2024-13916 | 2025-05-30 | N/A | ||
| An application "com.pri.applock", which is pre-loaded on Kruger&Matz smartphones, allows a user to encrypt any application using user-provided PIN code or by using biometric data. Exposed ”com.android.providers.settings.fingerprint.PriFpShareProvider“ content provider's public method query() allows any other malicious application, without any granted Android system permissions, to exfiltrate the PIN code. Vendor did not provide information about vulnerable versions. Only version (version name: 13, version code: 33) was tested and confirmed to have this vulnerability | ||||
| CVE-2023-5081 | 1 Lenovo | 8 Tab M8 Hd Tb8505f, Tab M8 Hd Tb8505f Firmware, Tab M8 Hd Tb8505fs and 5 more | 2025-05-30 | 3.3 Low |
| An information disclosure vulnerability was reported in the Lenovo Tab M8 HD that could allow a local application to gather a non-resettable device identifier. | ||||
| CVE-2025-46804 | 2025-05-28 | 3.3 Low | ||
| A minor information leak when running Screen with setuid-root privileges allows unprivileged users to deduce information about a path that would otherwise not be available. Affected are older Screen versions, as well as version 5.0.0. | ||||
| CVE-2025-2236 | 2025-05-28 | N/A | ||
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in OpenText Advanced Authentication allows Information Elicitation. The vulnerability could reveal sensitive information while managing and configuring of the external services. This issue affects Advanced Authentication versions before 6.5. | ||||
| CVE-2025-30170 | 2025-05-23 | 5.5 Medium | ||
| Exposure of file path, file size or file existence vulnerabilities in ASPECT provide attackers access to file system information if session administrator credentials become compromised. This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03. | ||||
| CVE-2025-39394 | 2025-05-21 | 5.3 Medium | ||
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Solid Plugins AnalyticsWP allows Retrieve Embedded Sensitive Data.This issue affects AnalyticsWP: from n/a through 2.1.2. | ||||
| CVE-2025-4364 | 2025-05-21 | N/A | ||
| The affected products could allow an unauthenticated attacker to access system information that could enable further access to sensitive files and obtain administrative credentials. | ||||
| CVE-2025-46421 | 1 Redhat | 5 Enterprise Linux, Rhel Aus, Rhel E4s and 2 more | 2025-05-21 | 6.8 Medium |
| A flaw was found in libsoup. When libsoup clients encounter an HTTP redirect, they mistakenly send the HTTP Authorization header to the new host that the redirection points to. This allows the new host to impersonate the user to the original host that issued the redirect. | ||||
| CVE-2025-23382 | 1 Dell | 1 Secure Connect Gateway | 2025-05-20 | 5.5 Medium |
| Dell Secure Connect Gateway (SCG) 5.0 Appliance - SRS, version(s) 5.26, contain(s) an Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Information exposure.c | ||||
| CVE-2025-32299 | 2025-05-19 | 4.3 Medium | ||
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Themovation QuickCal allows Retrieve Embedded Sensitive Data. This issue affects QuickCal: from n/a through 1.0.15. | ||||
| CVE-2025-31062 | 2025-05-19 | 4.3 Medium | ||
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in redqteam Wishlist allows Retrieve Embedded Sensitive Data. This issue affects Wishlist: from n/a through 2.1.0. | ||||
| CVE-2025-48024 | 2025-05-16 | 5 Medium | ||
| In BlueWave Checkmate before 2.1, an authenticated regular user can access sensitive application secrets via the /api/v1/settings endpoint. | ||||
| CVE-2025-22222 | 1 Vmware | 2 Aria Operations, Cloud Foundation | 2025-05-14 | 7.7 High |
| VMware Aria Operations contains an information disclosure vulnerability. A malicious user with non-administrative privileges may exploit this vulnerability to retrieve credentials for an outbound plugin if a valid service credential ID is known. | ||||
| CVE-2025-30011 | 2025-05-13 | 5.3 Medium | ||
| The Live Auction Cockpit in SAP Supplier Relationship Management (SRM) uses a deprecated java applet component within the affected SRM packages which allows an unauthenticated attacker to send an malicious request to the application, which could disclose the internal version details of the affected system. This vulnerability has low impact on confidentiality, with no effect on integrity and availability of the application. | ||||
| CVE-2025-46718 | 2025-05-12 | 3.3 Low | ||
| sudo-rs is a memory safe implementation of sudo and su written in Rust. Prior to version 0.2.6, users with limited sudo privileges (e.g. execution of a single command) can list sudo privileges of other users using the `-U` flag. This vulnerability allows users with limited sudo privileges to enumerate the sudoers file, revealing sensitive information about other users' permissions. Attackers can collect information that can be used to more targeted attacks. Systems where users either do not have sudo privileges or have the ability to run all commands as root through sudo (the default configuration on most systems) are not affected by this advisory. Version 0.2.6 fixes the vulnerability. | ||||
| CVE-2025-46717 | 2025-05-12 | 3.3 Low | ||
| sudo-rs is a memory safe implementation of sudo and su written in Rust. Prior to version 0.2.6, users with no (or very limited) sudo privileges can determine whether files exists in folders that they otherwise cannot access using `sudo --list <pathname>`. Users with local access to a machine can discover the existence/non-existence of certain files, revealing potentially sensitive information in the file names. This information can also be used in conjunction with other attacks. Version 0.2.6 fixes the vulnerability. | ||||
| CVE-2025-46747 | 2025-05-12 | 5.7 Medium | ||
| An authenticated user without user-management permissions could identify other user accounts. | ||||