Total
275 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-0494 | 2026-01-13 | N/A | 4.3 MEDIUM | ||
| Under certain conditions SAP Fiori App Intercompany Balance Reconciliation application allows an attacker to access information which would otherwise be restricted. This has low impact on confidentiality of the application, integrity and availability are not impacted. | |||||
| CVE-2026-0853 | 2026-01-13 | N/A | 5.3 MEDIUM | ||
| Certain NVR models developed by A-Plus Video Technologies has a Sensitive Data Exposure vulnerability, allowing unauthenticated remote attackers to access the debug page and obtain device status information. | |||||
| CVE-2025-24473 | 1 Fortinet | 1 Forticlient | 2026-01-08 | N/A | 3.7 LOW |
| A exposure of sensitive system information to an unauthorized control sphere vulnerability in Fortinet FortiClientWindows 7.2.0 through 7.2.1, FortiClientWindows 7.0.13 through 7.0.14 may allow an unauthorized remote attacker to view application information via navigation to a hosted webpage, if Windows is configured to accept incoming connections to port 8053 (non-default setup) | |||||
| CVE-2025-34171 | 2026-01-08 | N/A | N/A | ||
| CasaOS versions up to and including 0.4.15 expose multiple unauthenticated endpoints that allow remote attackers to retrieve sensitive configuration files and system debug information. The /v1/users/image endpoint can be abused with a user-controlled path parameter to access files under /var/lib/casaos/1/, which reveals installed applications and configuration details. Additionally, /v1/sys/debug discloses host operating system, kernel, hardware, and storage information. The endpoints also return distinct error messages, enabling file existence enumeration of arbitrary paths on the underlying host filesystem. This information disclosure can be used for reconnaissance and to facilitate targeted follow-up attacks against services deployed on the host. | |||||
| CVE-2025-31051 | 2026-01-08 | N/A | 5.3 MEDIUM | ||
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in EngoTheme Plant - Gardening & Houseplants WordPress Theme allows Retrieve Embedded Sensitive Data.This issue affects Plant - Gardening & Houseplants WordPress Theme: from n/a through 1.0.0. | |||||
| CVE-2026-22537 | 2026-01-08 | N/A | N/A | ||
| The lack of hardening of the system allows the user used to manage and maintain the charger to consult different files containing clear-text credentials or valuable information for an attacker. | |||||
| CVE-2025-9110 | 1 Qnap | 2 Qts, Quts Hero | 2026-01-06 | N/A | 7.5 HIGH |
| An exposure of sensitive system information to an unauthorized control sphere vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to read application data. We have already fixed the vulnerability in the following versions: QTS 5.2.8.3332 build 20251128 and later QuTS hero h5.2.8.3321 build 20251117 and later QuTS hero h5.3.1.3250 build 20250912 and later | |||||
| CVE-2025-68943 | 1 Gitea | 1 Gitea | 2025-12-31 | N/A | 5.3 MEDIUM |
| Gitea before 1.21.8 inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order. | |||||
| CVE-2025-36229 | 1 Ibm | 1 Aspera Faspex | 2025-12-29 | N/A | 3.1 LOW |
| IBM Aspera Faspex 5 5.0.0 through 5.0.14.1 could allow authenticated users to enumerate sensitive information of data due by enumerating package identifiers. | |||||
| CVE-2019-25228 | 1 Kentico | 1 Xperience | 2025-12-24 | N/A | 5.3 MEDIUM |
| An information disclosure vulnerability in Kentico Xperience allows attackers to leak virtual context URLs via the HTTP Referer header when users interact with third-party domains. Sensitive virtual context information can be exposed to external domains through page builder interactions and link/image loading. | |||||
| CVE-2019-25230 | 1 Kentico | 1 Xperience | 2025-12-24 | N/A | 4.3 MEDIUM |
| An information disclosure vulnerability in Kentico Xperience allows authenticated users to view sensitive system objects through the live site widget properties dialog. Attackers can exploit this vulnerability to access unauthorized system information without proper access controls. | |||||
| CVE-2024-58320 | 1 Kentico | 1 Xperience | 2025-12-24 | N/A | 5.3 MEDIUM |
| An information disclosure vulnerability in Kentico Xperience allows public users to access sensitive administration interface hostname details during authentication. Attackers can retrieve confidential hostname configuration information through a public endpoint, potentially exposing internal network details. | |||||
| CVE-2025-11545 | 2025-12-23 | N/A | N/A | ||
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Sharp Display Solutions projectors allows a attacker may improperly access the HTTP server and execute arbitrary actions. | |||||
| CVE-2025-34442 | 1 Wwbn | 1 Avideo | 2025-12-19 | N/A | 7.5 HIGH |
| AVideo versions prior to 20.1 disclose absolute filesystem paths via multiple public API endpoints. Returned metadata includes full server paths to media files, revealing underlying filesystem structure and facilitating more effective attack chains. | |||||
| CVE-2025-36162 | 1 Ibm | 1 Devops Deploy | 2025-12-18 | N/A | 4.3 MEDIUM |
| IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) 8.1 before 8.1.2.2 could allow an authenticated user to obtain sensitive information about configuration on the system. | |||||
| CVE-2025-43471 | 1 Apple | 1 Macos | 2025-12-16 | N/A | 5.5 MEDIUM |
| The issue was addressed with improved checks. This issue is fixed in macOS Tahoe 26.1. An app may be able to access sensitive user data. | |||||
| CVE-2025-43406 | 1 Apple | 1 Macos | 2025-12-16 | N/A | 5.5 MEDIUM |
| A logic issue was addressed with improved restrictions. This issue is fixed in macOS Tahoe 26.1. An app may be able to access sensitive user data. | |||||
| CVE-2025-14712 | 2025-12-15 | N/A | 7.5 HIGH | ||
| Student Learning Assessment and Support System developed by JHENG GAO has a Exposure of Sensitive Information vulnerability, allowing unauthenticated remote attackers to view a specific page and obtain test accounts and password. | |||||
| CVE-2025-58015 | 1 Ays-pro | 1 Quiz Maker | 2025-12-12 | N/A | 5.3 MEDIUM |
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Ays Pro Quiz Maker allows Retrieve Embedded Sensitive Data. This issue affects Quiz Maker: from n/a through 6.7.0.61. | |||||
| CVE-2025-36112 | 1 Ibm | 2 Sterling B2b Integrator, Sterling File Gateway | 2025-12-01 | N/A | 5.3 MEDIUM |
| IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7 and 6.2.0.0 through 6.2.0.5 and 6.2.1.1 could reveal sensitive server IP configuration information to an unauthorized user. | |||||