Total
9730 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-11760 | 2025-10-25 | 5.3 Medium | ||
| The eRoom – Webinar & Meeting Plugin for Zoom, Google Meet, Microsoft Teams plugin for WordPress is vulnerable to exposure of sensitive information in all versions up to, and including, 1.5.6. This is due to the plugin exposing Zoom SDK secret keys in client-side JavaScript within the meeting view template. This makes it possible for unauthenticated attackers to extract the sdk_secret value, which should remain server-side, compromising the security of the Zoom integration and allowing attackers to generate valid JWT signatures for unauthorized meeting access. | ||||
| CVE-2025-59260 | 1 Microsoft | 7 Server, Windows Server, Windows Server 2016 and 4 more | 2025-10-24 | 5.5 Medium |
| Exposure of sensitive information to an unauthorized actor in Microsoft Failover Cluster Virtual Driver allows an authorized attacker to disclose information locally. | ||||
| CVE-2025-59214 | 1 Microsoft | 20 Windows, Windows 10, Windows 10 1507 and 17 more | 2025-10-24 | 6.5 Medium |
| Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network. | ||||
| CVE-2025-59209 | 1 Microsoft | 19 Windows, Windows 10, Windows 10 1507 and 16 more | 2025-10-24 | 5.5 Medium |
| Exposure of sensitive information to an unauthorized actor in Windows Push Notification Core allows an authorized attacker to disclose information locally. | ||||
| CVE-2025-59188 | 1 Microsoft | 6 Windows Server, Windows Server 2012, Windows Server 2016 and 3 more | 2025-10-24 | 5.5 Medium |
| Exposure of sensitive information to an unauthorized actor in Windows Failover Cluster allows an authorized attacker to disclose information locally. | ||||
| CVE-2025-59184 | 1 Microsoft | 6 Windows Server, Windows Server 2016, Windows Server 2019 and 3 more | 2025-10-24 | 5.5 Medium |
| Exposure of sensitive information to an unauthorized actor in Windows High Availability Services allows an authorized attacker to disclose information locally. | ||||
| CVE-2025-58739 | 1 Microsoft | 10 Windows, Windows 10, Windows 11 and 7 more | 2025-10-24 | 6.5 Medium |
| Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network. | ||||
| CVE-2025-55699 | 1 Microsoft | 8 Windows, Windows 10, Windows 11 and 5 more | 2025-10-24 | 5.5 Medium |
| Exposure of sensitive information to an unauthorized actor in Windows Kernel allows an authorized attacker to disclose information locally. | ||||
| CVE-2025-55683 | 1 Microsoft | 6 Windows, Windows Server, Windows Server 2016 and 3 more | 2025-10-24 | 5.5 Medium |
| Exposure of sensitive information to an unauthorized actor in Windows Kernel allows an authorized attacker to disclose information locally. | ||||
| CVE-2025-55679 | 1 Microsoft | 11 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 8 more | 2025-10-24 | 5.1 Medium |
| Improper input validation in Windows Kernel allows an unauthorized attacker to disclose information locally. | ||||
| CVE-2025-59294 | 1 Microsoft | 18 Windows, Windows 10, Windows 10 1507 and 15 more | 2025-10-24 | 2.1 Low |
| Exposure of sensitive information to an unauthorized actor in Windows Taskbar Live allows an unauthorized attacker to disclose information with a physical attack. | ||||
| CVE-2025-59284 | 2025-10-24 | 3.3 Low | ||
| Exposure of sensitive information to an unauthorized actor in Windows NTLM allows an unauthorized attacker to perform spoofing locally. | ||||
| CVE-2025-59211 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-10-24 | 5.5 Medium |
| Exposure of sensitive information to an unauthorized actor in Windows Push Notification Core allows an authorized attacker to disclose information locally. | ||||
| CVE-2025-59186 | 2025-10-24 | 5.5 Medium | ||
| Exposure of sensitive information to an unauthorized actor in Windows Kernel allows an authorized attacker to disclose information locally. | ||||
| CVE-2025-55336 | 1 Microsoft | 7 Windows, Windows 10, Windows 11 and 4 more | 2025-10-24 | 5.5 Medium |
| Exposure of sensitive information to an unauthorized actor in Windows Cloud Files Mini Filter Driver allows an authorized attacker to disclose information locally. | ||||
| CVE-2025-52630 | 1 Hcltech | 1 Aion | 2025-10-24 | 3.7 Low |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in HCL AION.This issue affects AION: 2.0. | ||||
| CVE-2025-52634 | 1 Hcltech | 1 Aion | 2025-10-24 | 3.7 Low |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in HCL AION This issue affects HCL AION: 2.0. | ||||
| CVE-2025-59405 | 2 Flocksafety, Google | 6 Bravo Edge Ai Compute Device, Falcon, Flock Safety and 3 more | 2025-10-24 | 7.5 High |
| The Flock Safety Peripheral com.flocksafety.android.peripheral application 7.38.3 for Android (installed on Falcon and Sparrow License Plate Readers and Bravo Edge AI Compute Devices) contains a cleartext DataDog API key within in its codebase. Because application binaries can be trivially decompiled or inspected, attackers can recover the OAuth secret without special privileges. This secret is intended to remain confidential and should never be embedded directly in client-side software. | ||||
| CVE-2025-54966 | 1 Baesystems | 1 Socet Gxp | 2025-10-24 | 4.3 Medium |
| An issue was discovered in BAE SOCET GXP before 4.6.0.2. Some endpoints on the SOCET GXP Job Status Service may return sensitive information in certain situations, including local file paths and SOCET GXP version information. | ||||
| CVE-2025-11145 | 2025-10-24 | 7.5 High | ||
| Observable Discrepancy, Exposure of Sensitive Information to an Unauthorized Actor, Exposure of Private Personal Information to an Unauthorized Actor vulnerability in CBK Soft Software Hardware Electronic Computer Systems Industry and Trade Inc. EnVision allows Account Footprinting.This issue affects enVision: before 250566. | ||||