Total
8963 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-30269 | 1 Dataease | 1 Dataease | 2025-02-12 | 5.3 Medium |
| DataEase, an open source data visualization and analysis tool, has a database configuration information exposure vulnerability prior to version 2.5.0. Visiting the `/de2api/engine/getEngine;.js` path via a browser reveals that the platform's database configuration is returned. The vulnerability has been fixed in v2.5.0. No known workarounds are available aside from upgrading. | ||||
| CVE-2024-5550 | 1 H2o | 1 H2o | 2025-02-12 | 5.3 Medium |
| In h2oai/h2o-3 version 3.40.0.4, an exposure of sensitive information vulnerability exists due to an arbitrary system path lookup feature. This vulnerability allows any remote user to view full paths in the entire file system where h2o-3 is hosted. Specifically, the issue resides in the Typeahead API call, which when requested with a typeahead lookup of '/', exposes the root filesystem including directories such as /home, /usr, /bin, among others. This vulnerability could allow attackers to explore the entire filesystem, and when combined with a Local File Inclusion (LFI) vulnerability, could make exploitation of the server trivial. | ||||
| CVE-2024-12142 | 2025-02-12 | 8.6 High | ||
| CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists that could cause information disclosure of restricted web page, modification of web page and denial of service when specific web pages are modified and restricted functions are invoked. | ||||
| CVE-2023-2025 | 1 Johnsoncontrols | 1 Openblue Enterprise Manager Data Collector | 2025-02-12 | 5 Medium |
| OpenBlue Enterprise Manager Data Collector versions prior to 3.2.5.75 may expose sensitive information to an unauthorized user under certain circumstances. | ||||
| CVE-2022-48430 | 1 Jetbrains | 1 Intellij Idea | 2025-02-12 | 5.5 Medium |
| In JetBrains IntelliJ IDEA before 2023.1 file content could be disclosed via an external stylesheet path in Markdown preview. | ||||
| CVE-2024-13600 | 2025-02-12 | 7.5 High | ||
| The Majestic Support – The Leading-Edge Help Desk & Customer Support Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.5 via the 'majesticsupportdata' directory. This makes it possible for unauthenticated attackers to extract sensitive data stored insecurely in the /wp-content/uploads/majesticsupportdata directory which can contain file attachments included in support tickets. | ||||
| CVE-2024-52966 | 1 Fortinet | 1 Fortianalyzer | 2025-02-12 | 2.2 Low |
| An exposure of sensitive information to an unauthorized actor in Fortinet FortiAnalyzer 6.4.0 through 7.6.0 allows attacker to cause information disclosure via filter manipulation. | ||||
| CVE-2024-32037 | 2025-02-12 | 0 Low | ||
| GeoNetwork is a catalog application to manage spatially referenced resources. In versions prior to 4.2.10 and 4.4.5, the search end-point response headers contain information about Elasticsearch software in use. This information is valuable from a security point of view because it allows software used by the server to be easily identified. GeoNetwork 4.4.5 and 4.2.10 fix this issue. No known workarounds are available. | ||||
| CVE-2024-23563 | 2025-02-12 | 3.9 Low | ||
| HCL Connections Docs is vulnerable to a sensitive information disclosure which could allow a user to obtain sensitive information they are not entitled to, caused by improper handling of request data. | ||||
| CVE-2024-5813 | 1 Beyondtrust | 1 Beyondinsight Password Safe | 2025-02-11 | 5.9 Medium |
| A medium severity vulnerability in BIPS has been identified where an authenticated attacker with high privileges can access the SSH private keys via an information leak in the server response. | ||||
| CVE-2023-28732 | 1 Acymailing | 1 Acymailing | 2025-02-11 | 6.5 Medium |
| Missing access control in AnyMailing Joomla Plugin allows to list and access files containing sensitive information from the plugin itself and access to system files via path traversal, when being granted access to the campaign's creation on front-office. This issue affects AnyMailing Joomla Plugin in versions below 8.3.0. | ||||
| CVE-2024-38761 | 2 Dylanjames, Zephyr-one | 2 Zephyr Project Manager, Zephyr Project Manager | 2025-02-11 | 7.5 High |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Dylan James Zephyr Project Manager.This issue affects Zephyr Project Manager: from n/a through 3.3.99. | ||||
| CVE-2025-24408 | 2025-02-11 | 6.5 Medium | ||
| Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Information Exposure vulnerability that could result in privilege escalation. A low-privileged attacker could gain unauthorized access to sensitive information. Exploitation of this issue does not require user interaction. | ||||
| CVE-2023-24881 | 1 Microsoft | 1 Teams | 2025-02-11 | 6.5 Medium |
| Microsoft Teams Information Disclosure Vulnerability | ||||
| CVE-2019-25210 | 2 Helm, Redhat | 3 Helm, Advanced Cluster Security, Openshift | 2025-02-11 | 6.5 Medium |
| An issue was discovered in Cloud Native Computing Foundation (CNCF) Helm through 3.13.3. It displays values of secrets when the --dry-run flag is used. This is a security concern in some use cases, such as a --dry-run call by a CI/CD tool. NOTE: the vendor's position is that this behavior was introduced intentionally, and cannot be removed without breaking backwards compatibility (some users may be relying on these values). Also, it is not the Helm Project's responsibility if a user decides to use --dry-run within a CI/CD environment whose output is visible to unauthorized persons. | ||||
| CVE-2024-46437 | 2025-02-10 | 6.5 Medium | ||
| A sensitive information disclosure vulnerability in the Tenda W18E V16.01.0.8(1625) web management portal allows an unauthenticated remote attacker to retrieve sensitive configuration information, including WiFi SSID, WiFi password, and base64-encoded administrator credentials, by sending a specially crafted HTTP POST request to the getQuickCfgWifiAndLogin function, bypassing authentication checks. | ||||
| CVE-2023-1710 | 1 Gitlab | 1 Gitlab | 2025-02-10 | 5.3 Medium |
| A sensitive information disclosure vulnerability in GitLab affecting all versions from 15.0 prior to 15.8.5, 15.9 prior to 15.9.4 and 15.10 prior to 15.10.1 allows an attacker to view the count of internal notes for a given issue. | ||||
| CVE-2023-0838 | 1 Gitlab | 1 Gitlab | 2025-02-10 | 5.5 Medium |
| An issue has been discovered in GitLab affecting versions starting from 15.1 before 15.8.5, 15.9 before 15.9.4, and 15.10 before 15.10.1. A maintainer could modify a webhook URL to leak masked webhook secrets by adding a new parameter to the url. This addresses an incomplete fix for CVE-2022-4342. | ||||
| CVE-2013-7331 | 1 Microsoft | 10 Internet Explorer, Windows 7, Windows 8 and 7 more | 2025-02-10 | 6.5 Medium |
| The Microsoft.XMLDOM ActiveX control in Microsoft Windows 8.1 and earlier allows remote attackers to determine the existence of local pathnames, UNC share pathnames, intranet hostnames, and intranet IP addresses by examining error codes, as demonstrated by a res:// URL, and exploited in the wild in February 2014. | ||||
| CVE-2024-3716 | 1 Redhat | 1 Satellite | 2025-02-08 | 6.2 Medium |
| A flaw was found in foreman-installer when puppet-candlepin is invoked cpdb with the --password parameter. This issue leaks the password in the process list and allows an attacker to take advantage and obtain the password. | ||||