Total
9534 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-1714 | 2025-03-07 | N/A | N/A | ||
| Lack of Rate Limiting in Sign-up workflow in Perforce Gliffy prior to version 4.14.0-7 on Gliffy online allows attacker to enumerate valid user emails and potentially DOS the server | |||||
| CVE-2024-12584 | 1 Wpxpro | 1 Xpro Addons For Elementor | 2025-03-06 | N/A | 4.3 MEDIUM |
| The 140+ Widgets | Xpro Addons For Elementor – FREE plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.6.2 via the 'duplicate' function. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract potentially sensitive data from draft, scheduled (future), private, and password protected posts. | |||||
| CVE-2024-13796 | 1 Pickplugins | 1 Post Grid | 2025-03-06 | N/A | 5.3 MEDIUM |
| The Post Grid and Gutenberg Blocks – ComboBlocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.3.6 via the /wp-json/post-grid/v2/get_users REST API This makes it possible for unauthenticated attackers to extract sensitive data including including emails and other user data. | |||||
| CVE-2024-53244 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2025-03-06 | N/A | 5.7 MEDIUM |
| In Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7 and Splunk Cloud Platform versions below 9.2.2406.107, 9.2.2403.109, and 9.1.2312.206, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles could run a saved search with a risky command using the permissions of a higher-privileged user to bypass the SPL safeguards for risky commands on “/en-US/app/search/report“ endpoint through “s“ parameter.<br>The vulnerability requires the attacker to phish the victim by tricking them into initiating a request within their browser. The authenticated user should not be able to exploit the vulnerability at will. | |||||
| CVE-2024-53245 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2025-03-06 | N/A | 3.1 LOW |
| In Splunk Enterprise versions below 9.3.0, 9.2.4, and 9.1.7 and Splunk Cloud Platform versions below 9.1.2312.206, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles, that has a username with the same name as a role with read access to dashboards, could see the dashboard name and the dashboard XML by cloning the dashboard. | |||||
| CVE-2024-39313 | 1 Toy-blog Project | 1 Toy-blog | 2025-03-06 | N/A | 6.5 MEDIUM |
| toy-blog is a headless content management system implementation. Starting in version 0.5.4 and prior to version 0.6.1, articles with private visibility can be read if the reader does not set credentials for the request. Users should upgrade to 0.6.1 or later to receive a patch. No known workarounds are available. | |||||
| CVE-2024-13638 | 1 Directsoftware | 1 Order Attachments For Woocommerce | 2025-03-06 | N/A | 5.9 MEDIUM |
| The Order Attachments for WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.5.1 via the 'uploads' directory. This makes it possible for unauthenticated attackers to extract sensitive data stored insecurely in the /wp-content/uploads directory which can contain file attachments added to orders. | |||||
| CVE-2024-36118 | 1 Metersphere | 1 Metersphere | 2025-03-06 | N/A | 3.5 LOW |
| MeterSphere is a test management and interface testing tool. In affected versions users without workspace permissions can view functional test cases of other workspaces beyond their authority. This issue has been addressed in version 2.10.15-lts. Users of MeterSphere are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-22847 | 1 Sraoss | 1 Pg Ivm | 2025-03-06 | N/A | 4.3 MEDIUM |
| Information disclosure vulnerability exists in pg_ivm versions prior to 1.5.1. An Incrementally Maintainable Materialized View (IMMV) created by pg_ivm may reflect rows with Row-Level Security that the owner of the IMMV should not have access to. As a result, information in tables protected by Row-Level Security may be retrieved by a user who is not authorized to access it. | |||||
| CVE-2024-10356 | 1 Quomodosoft | 1 Elementsready | 2025-03-06 | N/A | 4.3 MEDIUM |
| The ElementsReady Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.4.8 in inc/Widgets/accordion/output/content.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft template data. | |||||
| CVE-2023-38547 | 1 Veeam | 1 One | 2025-03-06 | N/A | 9.8 CRITICAL |
| A vulnerability in Veeam ONE allows an unauthenticated user to gain information about the SQL server connection Veeam ONE uses to access its configuration database. This may lead to remote code execution on the SQL server hosting the Veeam ONE configuration database. | |||||
| CVE-2023-32561 | 1 Ivanti | 1 Avalanche | 2025-03-06 | N/A | 7.5 HIGH |
| A previously generated artifact by an administrator could be accessed by an attacker. The contents of this artifact could lead to authentication bypass. Fixed in version 6.4.1. | |||||
| CVE-2023-1203 | 1 Devolutions | 1 Remote Desktop Manager | 2025-03-06 | N/A | 6.5 MEDIUM |
| Improper removal of sensitive data in the entry edit feature of Hub Business submodule in Devolutions Remote Desktop Manager PowerShell Module 2022.3.1.5 and earlier allows an authenticated user to access sensitive data on entries that were edited using the affected submodule. | |||||
| CVE-2023-49981 | 1 Oretnom23 | 1 School Fees Management System | 2025-03-05 | N/A | 7.5 HIGH |
| A directory listing vulnerability in School Fees Management System v1.0 allows attackers to list directories and sensitive files within the application without requiring authorization. | |||||
| CVE-2025-24408 | 1 Adobe | 3 Commerce, Commerce B2b, Magento | 2025-03-05 | N/A | 6.5 MEDIUM |
| Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Information Exposure vulnerability that could result in privilege escalation. A low-privileged attacker could gain unauthorized access to sensitive information. Exploitation of this issue does not require user interaction. | |||||
| CVE-2023-23327 | 1 Avantfax | 1 Avantfax | 2025-03-05 | N/A | 4.9 MEDIUM |
| An Information Disclosure vulnerability exists in AvantFAX 3.3.7. Backups of the AvantFAX sent/received faxes, and database backups are stored using the current date as the filename and hosted on the web server without access controls. | |||||
| CVE-2024-58049 | 1 Huawei | 1 Harmonyos | 2025-03-05 | N/A | 5.0 MEDIUM |
| Permission verification vulnerability in the media library module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2024-58047 | 1 Huawei | 1 Harmonyos | 2025-03-05 | N/A | 5.0 MEDIUM |
| Permission verification vulnerability in the media library module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2024-11153 | 2025-03-05 | N/A | 5.3 MEDIUM | ||
| The Content Control – The Ultimate Content Restriction Plugin! Restrict Content, Create Conditional Blocks & More plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.5.0 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as logged-in users. | |||||
| CVE-2024-56902 | 2025-03-04 | N/A | 7.5 HIGH | ||
| Information disclosure vulnerability in Geovision GV-ASManager web application with the version v6.1.0.0 or less, which discloses account information, including cleartext password. | |||||