Total
9534 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-47059 | 1 Acquia | 1 Mautic | 2025-02-27 | N/A | 4.3 MEDIUM |
| When logging in with the correct username and incorrect weak password, the user receives the notification, that their password is too weak. However when an incorrect username is provided alongside with a weak password, the application responds with ’Invalid credentials’ notification. This difference could be used to perform username enumeration. | |||||
| CVE-2020-36835 | 1 Wpvivid | 1 Migration\, Backup\, Staging | 2025-02-27 | N/A | 4.9 MEDIUM |
| The Migration, Backup, Staging – WPvivid plugin for WordPress is vulnerable to sensitive information disclosure of a WordPress site's database due to missing capability checks on the wp_ajax_wpvivid_add_remote AJAX action that allows low-level authenticated attackers to send back-ups to a remote location of their choice for review. This affects versions up to, and including 0.9.35. | |||||
| CVE-2024-25903 | 1 Najeebmedia | 1 Frontend File Manager | 2025-02-27 | N/A | 5.3 MEDIUM |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in N-Media Frontend File Manager.This issue affects Frontend File Manager: from n/a through 22.7. | |||||
| CVE-2024-25933 | 1 Peprodev | 1 Peprodev Ultimate Invoice | 2025-02-27 | N/A | 5.3 MEDIUM |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Pepro Dev. Group PeproDev Ultimate Invoice.This issue affects PeproDev Ultimate Invoice: from n/a through 1.9.7. | |||||
| CVE-2024-25114 | 1 Collabora | 1 Online | 2025-02-27 | N/A | 2.6 LOW |
| Collabora Online is a collaborative online office suite based on LibreOffice technology. Each document in Collabora Online is opened by a separate "Kit" instance in a different "jail" with a unique directory "jailID" name. For security reasons, this directory name is randomly generated and should not be given out to the client. In affected versions of Collabora Online it is possible to use the CELL() function, with the "filename" argument, in the spreadsheet component to get a path which includes this JailID. The impact of this vulnerability in its own is low because it requires to be chained with another vulnerability. Users should upgrade to Collabora Online 23.05.9; Collabora Online 22.05.22; Collabora Online 21.11.10 or higher. There are no known workarounds for this vulnerability. | |||||
| CVE-2024-1435 | 1 Tainacan | 1 Tainacan | 2025-02-27 | N/A | 5.3 MEDIUM |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Tainacan.Org Tainacan.This issue affects Tainacan: from n/a through 0.20.6. | |||||
| CVE-2024-28120 | 1 Codeium | 1 Codeium | 2025-02-26 | N/A | 6.5 MEDIUM |
| codeium-chrome is an open source code completion plugin for the chrome web browser. The service worker of the codeium-chrome extension doesn't check the sender when receiving an external message. This allows an attacker to host a website that will steal the user's Codeium api-key, and thus impersonate the user on the backend autocomplete server. This issue has not been addressed. Users are advised to monitor the usage of their API key. | |||||
| CVE-2022-45634 | 1 Megaeis | 1 Dbd\+ | 2025-02-26 | N/A | 4.3 MEDIUM |
| An issue discovered in MEGAFEIS, BOFEI DBD+ Application for IOS & Android v1.4.4 allows authenticated attacker to gain access to sensitive account information | |||||
| CVE-2024-24765 | 1 Icewhale | 1 Casaos | 2025-02-26 | N/A | 7.5 HIGH |
| CasaOS-UserService provides user management functionalities to CasaOS. Prior to version 0.4.7, path filtering of the URL for user avatar image files was not strict, making it possible to get any file on the system. This could allow an unauthorized actor to access, for example, the CasaOS user database, and possibly obtain system root privileges. Version 0.4.7 fixes this issue. | |||||
| CVE-2024-1302 | 1 Badgermeter | 1 Monitool | 2025-02-26 | N/A | 7.3 HIGH |
| Information exposure vulnerability in Badger Meter Monitool affecting versions up to 4.6.3 and earlier. A local attacker could change the application's file parameter to a log file obtaining all sensitive information such as database credentials. | |||||
| CVE-2024-12434 | 2025-02-26 | N/A | 5.3 MEDIUM | ||
| The SureMembers plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.10.6 via the REST API. This makes it possible for unauthenticated attackers to extract sensitive data including restricted content. | |||||
| CVE-2025-0318 | 1 Ultimatemember | 1 Ultimate Member | 2025-02-25 | N/A | 5.3 MEDIUM |
| The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.9.1 through different error messages in the responses. This makes it possible for unauthenticated attackers to exfiltrate data from wp_usermeta table. | |||||
| CVE-2024-13641 | 1 Wpswings | 1 Return Refund And Exchange For Woocommerce | 2025-02-25 | N/A | 5.9 MEDIUM |
| The Return Refund and Exchange For WooCommerce – Return Management System, RMA Exchange, Wallet And Cancel Order Features plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.4.5 via the 'attachment' directory. This makes it possible for unauthenticated attackers to extract sensitive data stored insecurely in the /wp-content/attachment directory which can contain file attachments for order refunds. | |||||
| CVE-2021-3923 | 3 Fedoraproject, Linux, Redhat | 3 Fedora, Linux Kernel, Enterprise Linux | 2025-02-24 | N/A | 2.3 LOW |
| A flaw was found in the Linux kernel's implementation of RDMA over infiniband. An attacker with a privileged local account can leak kernel stack information when issuing commands to the /dev/infiniband/rdma_cm device node. While this access is unlikely to leak sensitive user information, it can be further used to defeat existing kernel protection mechanisms. | |||||
| CVE-2022-48348 | 1 Huawei | 2 Emui, Harmonyos | 2025-02-24 | N/A | 9.1 CRITICAL |
| The MediaProvider module has a vulnerability of unauthorized data read. Successful exploitation of this vulnerability may affect confidentiality and integrity. | |||||
| CVE-2023-1075 | 1 Linux | 1 Linux Kernel | 2025-02-24 | N/A | 3.3 LOW |
| A flaw was found in the Linux Kernel. The tls_is_tx_ready() incorrectly checks for list emptiness, potentially accessing a type confused entry to the list_head, leaking the last byte of the confused field that overlaps with rec->tx_ready. | |||||
| CVE-2024-13525 | 1 Wpfactory | 1 Customer Email Verification For Woocommerce | 2025-02-24 | N/A | 6.5 MEDIUM |
| The Customer Email Verification for WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.9.4 via Shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data including emails as well as hashed passwords of any user. | |||||
| CVE-2024-13600 | 1 Majesticsupport | 1 Majestic Support | 2025-02-24 | N/A | 7.5 HIGH |
| The Majestic Support – The Leading-Edge Help Desk & Customer Support Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.5 via the 'majesticsupportdata' directory. This makes it possible for unauthenticated attackers to extract sensitive data stored insecurely in the /wp-content/uploads/majesticsupportdata directory which can contain file attachments included in support tickets. | |||||
| CVE-2025-1595 | 2025-02-23 | 5.0 MEDIUM | 5.3 MEDIUM | ||
| A vulnerability has been found in Anhui Xufan Information Technology EasyCVR up to 2.7.0 and classified as problematic. This vulnerability affects unknown code of the file /api/v1/getbaseconfig. The manipulation leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-57716 | 2025-02-21 | N/A | 7.5 HIGH | ||
| An issue in trenoncourt AutoQueryable v.1.7.0 allows a remote attacker to obtain sensitive information via the Unselectable function. | |||||