Total
9534 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-1815 | 2025-03-04 | N/A | 5.3 MEDIUM | ||
| A security vulnerability was discovered in the local status page functionality of Cisco Meraki’s MX67 and MX68 security appliance models that may allow unauthenticated individuals to access and download logs containing sensitive, privileged device information. The vulnerability is due to improper access control to the files holding debugging and maintenance information, and is only exploitable when the local status page is enabled on the device. An attacker exploiting this vulnerability may obtain access to wireless pre-shared keys, Site-to-Site VPN key and other sensitive information. Under certain circumstances, this information may allow an attacker to obtain administrative-level access to the device. | |||||
| CVE-2025-21626 | 1 Glpi-project | 1 Glpi | 2025-03-04 | N/A | 5.8 MEDIUM |
| GLPI is a free asset and IT management software package. Starting in version 0.71 and prior to version 10.0.18, an anonymous user can fetch sensitive information from the `status.php` endpoint. Version 10.0.18 contains a fix for the issue. Some workarounds are available. One may delete the `status.php` file, restrict its access, or remove any sensitive values from the `name` field of the active LDAP directories, mail servers authentication providers and mail receivers. | |||||
| CVE-2025-1868 | 2025-03-03 | N/A | 6.8 MEDIUM | ||
| Vulnerability of unauthorized exposure of confidential information affecting Advanced IP Scanner and Advanced Port Scanner. It occurs when these applications initiate a network scan, inadvertently sending the NTLM hash of the user performing the scan. This vulnerability can be exploited by intercepting network traffic to a legitimate server or by setting up a fake server, in both local and remote scenarios. This exposure is relevant for both HTTP/HTTPS and SMB protocols. | |||||
| CVE-2024-13546 | 2025-03-01 | N/A | 4.3 MEDIUM | ||
| The GenerateBlocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.9.1 via the 'get_image_description' function. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data including the content of private, draft, and scheduled posts and pages. | |||||
| CVE-2024-13911 | 2025-03-01 | N/A | 7.2 HIGH | ||
| The Database Backup and check Tables Automated With Scheduler 2024 plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.35 via the /dashboard/backup.php file. This makes it possible for authenticated attackers, with Administrator-level access and above, to extract sensitive data including full database credentials. | |||||
| CVE-2024-6567 | 1 Shopfiles | 1 Ebook Store | 2025-03-01 | N/A | 5.3 MEDIUM |
| The Ebook Store plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 5.8001. This is due to the plugin utilizing fpdi-protection and not preventing direct access to test files that have display_errors set to true. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website. | |||||
| CVE-2024-7412 | 1 Coffee2code | 1 No Update Nag | 2025-03-01 | N/A | 5.3 MEDIUM |
| The No Update Nag plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.4.12. This is due to the plugin allowing direct access to the bootstrap.php file which has display_errors on. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website. | |||||
| CVE-2024-5354 | 1 Anji-plus | 1 Aj-report | 2025-03-01 | 4.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability classified as problematic was found in anji-plus AJ-Report up to 1.4.1. This vulnerability affects unknown code of the file /reportShare/detailByCode. The manipulation of the argument shareToken leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-266266 is the identifier assigned to this vulnerability. | |||||
| CVE-2024-12560 | 1 Bplugins | 1 Button Block | 2025-02-28 | N/A | 4.3 MEDIUM |
| The Button Block – Get fully customizable & multi-functional buttons plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.1.5 via the 'btn_block_duplicate_post' function. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract potentially sensitive data from draft, scheduled (future), private, and password protected posts. | |||||
| CVE-2023-24923 | 1 Microsoft | 1 Onedrive | 2025-02-28 | N/A | 5.5 MEDIUM |
| Microsoft OneDrive for Android Information Disclosure Vulnerability | |||||
| CVE-2023-24882 | 1 Microsoft | 1 Onedrive | 2025-02-28 | N/A | 5.5 MEDIUM |
| Microsoft OneDrive for Android Information Disclosure Vulnerability | |||||
| CVE-2023-38158 | 1 Microsoft | 1 Edge Chromium | 2025-02-28 | N/A | 3.1 LOW |
| Microsoft Edge (Chromium-based) Information Disclosure Vulnerability | |||||
| CVE-2023-36894 | 1 Microsoft | 1 Sharepoint Server | 2025-02-28 | N/A | 6.5 MEDIUM |
| Microsoft SharePoint Server Information Disclosure Vulnerability | |||||
| CVE-2022-30184 | 3 Apple, Fedoraproject, Microsoft | 7 Macos, Fedora, .net and 4 more | 2025-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
| .NET and Visual Studio Information Disclosure Vulnerability | |||||
| CVE-2021-31173 | 1 Microsoft | 2 Sharepoint Foundation, Sharepoint Server | 2025-02-28 | 4.0 MEDIUM | 5.3 MEDIUM |
| Microsoft SharePoint Server Information Disclosure Vulnerability | |||||
| CVE-2025-1606 | 1 Mayurik | 1 Best Employee Management System | 2025-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability classified as problematic was found in SourceCodester Best Employee Management System 1.0. This vulnerability affects unknown code of the file /admin/backup/backups.php. The manipulation leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2021-34125 | 2 Dronecode, Yuneec | 3 Px4 Drone Autopilot, Mantis Q, Mantis Q Firmware | 2025-02-28 | N/A | 7.5 HIGH |
| An issue discovered in Yuneec Mantis Q and PX4-Autopilot v 1.11.3 and below allow attacker to gain access to sensitive information via various nuttx commands. | |||||
| CVE-2025-25729 | 2025-02-28 | N/A | 7.5 HIGH | ||
| An information disclosure vulnerability in Bosscomm IF740 Firmware versions:11001.7078 & v11001.0000 and System versions: 6.25 & 6.00 allows attackers to obtain hardcoded cleartext credentials via the update or boot process. | |||||
| CVE-2025-1063 | 1 Radiustheme | 1 Classified Listing | 2025-02-28 | N/A | 5.3 MEDIUM |
| The Classified Listing – Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.0.4 via the rtcl_taxonomy_settings_export function. This makes it possible for unauthenticated attackers to extract sensitive data including API keys and tokens. | |||||
| CVE-2025-25333 | 2025-02-27 | N/A | 7.5 HIGH | ||
| An issue in IKEA CN iOS 4.13.0 allows attackers to access sensitive user information via supplying a crafted link. | |||||