Total
121 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-1212 | 1 Gitlab | 1 Gitlab | 2025-02-12 | 4.3 Medium |
| An information disclosure vulnerability in GitLab CE/EE affecting all versions from 8.3 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2 allows an attacker to send a crafted request to a backend server to reveal sensitive information. | ||||
| CVE-2025-1144 | 2025-02-11 | 9.8 Critical | ||
| School Affairs System from Quanxun has an Exposure of Sensitive Information, allowing unauthenticated attackers to view specific pages and obtain database information as well as plaintext administrator credentials. | ||||
| CVE-2024-8550 | 2025-02-11 | N/A | ||
| A Local File Inclusion (LFI) vulnerability exists in the /load-workflow endpoint of modelscope/agentscope version v0.0.4. This vulnerability allows an attacker to read arbitrary files from the server, including sensitive files such as API keys, by manipulating the filename parameter. The issue arises due to improper sanitization of user input passed to the os.path.join function, which can be exploited to access files outside the intended directory. | ||||
| CVE-2023-0005 | 1 Paloaltonetworks | 1 Pan-os | 2025-02-10 | 4.1 Medium |
| A vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to expose the plaintext values of secrets stored in the device configuration and encrypted API keys. | ||||
| CVE-2024-36554 | 2025-02-10 | 9.8 Critical | ||
| Forever KidsWatch Call Me KW-50 R36_YDR_A3PW_GM7S_V1.0_2019_07_15_16.19.24_cob_h and Forever KidsWatch Call Me KW-60 R36CW_YDE_S4_A29_2_V1.0_2023.05.24_22.49.44_cob_b allow a malicious user to gain information about the device by sending an SMS to the device which returns sensitive information. | ||||
| CVE-2024-37526 | 1 Ibm | 1 Data Virtualization On Cloud Pak For Data | 2025-01-28 | 6.5 Medium |
| IBM Watson Query on Cloud Pak for Data (IBM Data Virtualization 1.8, 2.0, 2.1, 2.2, and 3.0.0) could allow an authenticated user to obtain sensitive information from objects published using Watson Query due to an improper data protection mechanism. | ||||
| CVE-2024-37070 | 1 Ibm | 1 Concert | 2025-01-26 | 4.3 Medium |
| IBM Concert Software 1.0.0, 1.0.1, 1.0.2, and 1.0.2.1 could allow an authenticated user to obtain sensitive information that could aid in further attacks against the system. | ||||
| CVE-2024-53683 | 2025-01-21 | 4.4 Medium | ||
| A valid set of credentials in a .js file and a static token for communication were obtained from the decompiled IPA. An attacker could use the information to disrupt normal use of the application by changing the translation files and thus weaken the integrity of normal use. | ||||
| CVE-2025-0055 | 2025-01-14 | 6 Medium | ||
| SAP GUI for Windows stores user input on the client PC to improve usability. Under very specific circumstances an attacker with administrative privileges or access to the victim�s user directory on the Operating System level would be able to read this data. Depending on the user input provided in transactions, the disclosed data could range from non-critical data to highly sensitive data, causing high impact on confidentiality of the application. | ||||
| CVE-2025-0056 | 2025-01-14 | 6 Medium | ||
| SAP GUI for Java saves user input on the client PC to improve usability. An attacker with administrative privileges or access to the victim�s user directory on the Operating System level would be able to read this data. Depending on the user input provided in transactions, the disclosed data could range from non-critical data to highly sensitive data, causing high impact on confidentiality of the application. | ||||
| CVE-2025-0059 | 2025-01-14 | 6 Medium | ||
| Applications based on SAP GUI for HTML in SAP NetWeaver Application Server ABAP store user input in the local browser storage to improve usability. An attacker with administrative privileges or access to the victim�s user directory on the Operating System level would be able to read this data. Depending on the user input provided in transactions, the disclosed data could range from non-critical data to highly sensitive data, causing high impact on confidentiality of the application. | ||||
| CVE-2025-0061 | 2025-01-14 | 8.7 High | ||
| SAP BusinessObjects Business Intelligence Platform allows an unauthenticated attacker to perform session hijacking over the network without any user interaction, due to an information disclosure vulnerability. Attacker can access and modify all the data of the application. | ||||
| CVE-2023-32550 | 1 Canonical | 1 Landscape | 2025-01-07 | 9.3 Critical |
| Landscape's server-status page exposed sensitive system information. This data leak included GET requests which contain information to attack and leak further information from the Landscape API. | ||||
| CVE-2024-45640 | 1 Ibm | 1 Security Qradar Edr | 2025-01-07 | 5.3 Medium |
| IBM Security ReaQta 3.12 returns sensitive information in an HTTP response that could be used in further attacks against the system. | ||||
| CVE-2024-52367 | 1 Ibm | 1 Concert | 2025-01-07 | 5.3 Medium |
| IBM Concert Software 1.0.0, 1.0.1, 1.0.2, 1.0.2.1, and 1.0.3 could disclose sensitive system information to an unauthorized actor that could be used in further attacks against the system. | ||||
| CVE-2023-0342 | 1 Mongodb | 1 Ops Manager Server | 2025-01-06 | 3.1 Low |
| MongoDB Ops Manager Diagnostics Archive may not redact sensitive PEM key file password app settings. Archives do not include the PEM files themselves. This issue affects MongoDB Ops Manager v5.0 prior to 5.0.21 and MongoDB Ops Manager v6.0 prior to 6.0.12 | ||||
| CVE-2024-12993 | 2024-12-30 | N/A | ||
| Infinix devices contain a pre-loaded "com.rlk.weathers" application, that exposes an unsecured content provider. An attacker can communicate with the provider and reveal the user’s location without any privileges. After multiple attempts to contact the vendor we did not receive any answer. We suppose this issue affects all Infinix Mobile devices. | ||||
| CVE-2024-52321 | 2024-12-24 | N/A | ||
| Multiple SHARP routers contain an improper authentication vulnerability in the configuration backup function. The product's backup files containing sensitive information may be retrieved by a remote unauthenticated attacker. | ||||
| CVE-2024-25634 | 1 Alf | 1 Alf | 2024-12-18 | 7.2 High |
| alf.io is an open source ticket reservation system. Prior to version 2.0-Mr-2402, an attacker can access data from other organizers. The attacker can use a specially crafted request to receive the e-mail log sent by other events. Version 2.0-M4-2402 fixes this issue. | ||||
| CVE-2024-54279 | 2024-12-16 | 7.5 High | ||
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPNERD WP-NERD Toolkit.This issue affects WP-NERD Toolkit: from n/a through 1.1. | ||||