Total
159 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-11598 | 2026-02-03 | N/A | N/A | ||
| In mObywatel iOS application an unauthorized user can use the App Switcher to view the account owner's personal information in the minimized app window, even after the login session has ended (reopening the app would require the user to log in). The data exposed depends on the last application view displayed before the application was minimized This issue was fixed in version 4.71.0 | |||||
| CVE-2025-59843 | 1 Flagforge | 1 Flagforge | 2026-01-29 | N/A | 5.3 MEDIUM |
| Flag Forge is a Capture The Flag (CTF) platform. From versions 2.0.0 to before 2.3.2, the public endpoint /api/user/[username] returns user email addresses in its JSON response. The fix, intended for release in 2.3.1 but only available starting in version 2.3.2, removes email addresses from public API responses while keeping the endpoint publicly accessible. Users should upgrade to version 2.3.2 or later to eliminate exposure. There are no workarounds for this vulnerability. | |||||
| CVE-2025-3950 | 1 Gitlab | 1 Gitlab | 2026-01-21 | N/A | 3.5 LOW |
| GitLab has remediated an issue in GitLab CE/EE affecting all versions from 10.3 before 18.5.5, 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed a user to leak certain information by referencing specially crafted images that bypass asset proxy protection. | |||||
| CVE-2025-1030 | 1 Utarit | 1 Soliclub | 2026-01-16 | N/A | 7.5 HIGH |
| Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Utarit Informatics Services Inc. SoliClub allows Query System for Information.This issue affects SoliClub: from 5.2.4 before 5.3.7. | |||||
| CVE-2026-20834 | 1 Microsoft | 14 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 11 more | 2026-01-15 | N/A | 4.6 MEDIUM |
| Absolute path traversal in Windows Shell allows an unauthorized attacker to perform spoofing with a physical attack. | |||||
| CVE-2025-14317 | 2026-01-14 | N/A | N/A | ||
| In Crazy Bubble Tea mobile application authenticated attacker can obtain personal information about other users by enumerating a `loyaltyGuestId` parameter. Server does not verify the permissions required to obtain the data. This issue was fixed in version 915 (Android) and 7.4.1 (iOS). | |||||
| CVE-2024-29888 | 1 Saleor | 1 Saleor | 2026-01-08 | N/A | 4.2 MEDIUM |
| Saleor is an e-commerce platform that serves high-volume companies. When using `Pickup: Local stock only` click-and-collect as a delivery method in specific conditions the customer could overwrite the warehouse address with its own, which exposes its address as click-and-collect address. This issue has been patched in versions: `3.14.61`, `3.15.37`, `3.16.34`, `3.17.32`, `3.18.28`, `3.19.15`. | |||||
| CVE-2025-65857 | 1 Xiongmaitech | 2 Xm530v200 X6-weq 8m, Xm530v200 X6-weq 8m Firmware | 2026-01-05 | N/A | 7.5 HIGH |
| An issue was discovered in Xiongmai XM530 IP cameras on firmware V5.00.R02.000807D8.10010.346624.S.ONVIF 21.06. The GetStreamUri exposes RTSP URIs containing hardcoded credentials enabling direct unauthorized video stream access. | |||||
| CVE-2025-68945 | 1 Gitea | 1 Gitea | 2025-12-31 | N/A | 5.8 MEDIUM |
| In Gitea before 1.21.2, an anonymous user can visit a private user's project. | |||||
| CVE-2025-34441 | 1 Wwbn | 1 Avideo | 2025-12-19 | N/A | 7.5 HIGH |
| AVideo versions prior to 20.1 expose sensitive user information through an unauthenticated public API endpoint. Responses include emails, usernames, administrative status, and last login times, enabling user enumeration and privacy violations. | |||||
| CVE-2025-13008 | 2025-12-19 | N/A | N/A | ||
| An information disclosure vulnerability in M-Files Server before versions 25.12.15491.7, 25.8 LTS SR3, 25.2 LTS SR3 and 24.8 LTS SR5 allows an authenticated attacker using M-Files Web to capture session tokens of other active users. | |||||
| CVE-2025-10450 | 2025-12-18 | N/A | N/A | ||
| Exposure of Private Personal Information to an Unauthorized Actor vulnerability in RTI Connext Professional (Core Libraries) allows Sniffing Network Traffic.This issue affects Connext Professional: from 7.4.0 before 7.*, from 7.2.0 before 7.3.1. | |||||
| CVE-2025-43500 | 1 Apple | 4 Ipados, Iphone Os, Visionos and 1 more | 2025-12-17 | N/A | 7.5 HIGH |
| A privacy issue was addressed with improved handling of user preferences. This issue is fixed in iOS 26.1 and iPadOS 26.1, watchOS 26.1, macOS Tahoe 26.1, visionOS 26.1. An app may be able to access sensitive user data. | |||||
| CVE-2025-43496 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2025-12-17 | N/A | 7.5 HIGH |
| The issue was addressed by adding additional logic. This issue is fixed in watchOS 26.1, macOS Tahoe 26.1, iOS 26.1 and iPadOS 26.1, iOS 18.7.2 and iPadOS 18.7.2, macOS Sequoia 15.7.2, visionOS 26.1. Remote content may be loaded even when the 'Load Remote Images' setting is turned off. | |||||
| CVE-2025-43469 | 1 Apple | 1 Macos | 2025-12-17 | N/A | 5.5 MEDIUM |
| A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.7.2, macOS Tahoe 26.1, macOS Sonoma 14.8.2. An app may be able to access sensitive user data. | |||||
| CVE-2025-43439 | 1 Apple | 2 Ipados, Iphone Os | 2025-12-17 | N/A | 5.5 MEDIUM |
| A privacy issue was addressed by removing sensitive data. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, visionOS 26.1. An app may be able to fingerprint the user. | |||||
| CVE-2025-43409 | 1 Apple | 1 Macos | 2025-12-17 | N/A | 5.5 MEDIUM |
| A permissions issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sequoia 15.7.2, macOS Tahoe 26.1. An app may be able to access sensitive user data. | |||||
| CVE-2025-43405 | 1 Apple | 1 Macos | 2025-12-17 | N/A | 7.5 HIGH |
| A permissions issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sequoia 15.7.2, macOS Tahoe 26.1, macOS Sonoma 14.8.2. An app may be able to access user-sensitive data. | |||||
| CVE-2025-43399 | 1 Apple | 1 Macos | 2025-12-17 | N/A | 7.5 HIGH |
| This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, macOS Sequoia 15.7.2, macOS Tahoe 26.1. An app may be able to access protected user data. | |||||
| CVE-2025-43389 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2025-12-17 | N/A | 5.5 MEDIUM |
| A privacy issue was addressed by removing the vulnerable code. This issue is fixed in macOS Tahoe 26.1, iOS 26.1 and iPadOS 26.1, iOS 18.7.2 and iPadOS 18.7.2, macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, visionOS 26.1. An app may be able to access sensitive user data. | |||||