Total
209 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-62524 | 1 Thm | 1 Pilos | 2025-11-04 | 5.3 Medium |
| PILOS (Platform for Interactive Live-Online Seminars) is a frontend for BigBlueButton. PILOS before 4.8.0 exposes the PHP version via the X-Powered-By header, enabling attackers to fingerprint the server and assess potential exploits. This information disclosure vulnerability originates from PHP’s base image. Additionally, the PHP version can also be inferred through the PILOS version displayed in the footer and by examining the source code available on GitHub. This information disclosure vulnerability has been patched in PILOS in v4.8.0. | ||||
| CVE-2024-8382 | 2 Mozilla, Redhat | 9 Firefox, Firefox Esr, Thunderbird and 6 more | 2025-11-04 | 8.8 High |
| Internal browser event interfaces were exposed to web content when privileged EventHandler listener callbacks ran for those events. Web content that tried to use those interfaces would not be able to use them with elevated privileges, but their presence would indicate certain browser features had been used, such as when a user opened the Dev Tools console. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, Firefox ESR < 115.15, Thunderbird < 128.2, and Thunderbird < 115.15. | ||||
| CVE-2025-34283 | 1 Nagios | 1 Xi | 2025-11-04 | N/A |
| Nagios XI versions prior to 2024R1.4.2 revealed API keys to users who were not authorized for API access when using Neptune themes. An authenticated user without API privileges could view another user's or their own API key value. | ||||
| CVE-2024-13995 | 1 Nagios | 1 Xi | 2025-11-04 | N/A |
| Nagios XI versions prior to 2024R1.1.2 may (confirmed in 2024R1.1 and 2024R1.1.1) disclose sensitive user account information (including API keys and hashed passwords) to authenticated users who should not have access to that data. Exposure of API keys or password hashes could lead to account compromise, abuse of API privileges, or offline cracking attempts. | ||||
| CVE-2024-13999 | 1 Nagios | 1 Xi | 2025-11-04 | N/A |
| Nagios XI versions prior to 2024R1.1.3, under certain circumstances, disclose the server's Active Directory (AD) or LDAP authentication token to an authenticated user. Exposure of the server’s AD/LDAP token could allow domain-wide authentication misuse, escalation of privileges, or further compromise of network-integrated systems. | ||||
| CVE-2024-13998 | 2025-11-04 | N/A | ||
| Nagios XI versions prior to 2024R1.1.3, under certain circumstances, disclose sensitive user account information (including API keys and hashed passwords) to authenticated users who should not have access to that data. Exposure of API keys or password hashes could lead to account compromise, abuse of API privileges, or offline cracking attempts. CVE-2024-13995 addresses a similar vulnerability with a potentially incomplete fix for the underlying problem in earlier versions. | ||||
| CVE-2025-11710 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2025-11-03 | 9.8 Critical |
| A compromised web process using malicious IPC messages could have caused the privileged browser process to reveal blocks of its memory to the compromised process. This vulnerability affects Firefox < 144, Firefox ESR < 115.29, Firefox ESR < 140.4, Thunderbird < 144, and Thunderbird < 140.4. | ||||
| CVE-2025-54459 | 1 Vertikal Systems | 1 Hospital Manager Backend Services | 2025-10-30 | 7.5 High |
| Prior to September 19, 2025, the Hospital Manager Backend Services exposed the ASP.NET tracing endpoint /trace.axd without authentication, allowing a remote attacker to obtain live request traces and sensitive information such as request metadata, session identifiers, authorization headers, server variables, and internal file paths. | ||||
| CVE-2021-31955 | 1 Microsoft | 11 Windows 10 1809, Windows 10 1909, Windows 10 2004 and 8 more | 2025-10-30 | 5.5 Medium |
| Windows Kernel Information Disclosure Vulnerability | ||||
| CVE-2025-43024 | 1 Hp | 1 Thinpro | 2025-10-30 | N/A |
| A GUI dialog of an application allows to view what files are in the file system without proper authorization. | ||||
| CVE-2025-64228 | 2 Fantasticplugins, Wordpress | 2 Sumo Affiliates Pro, Wordpress | 2025-10-30 | 4.3 Medium |
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in FantasticPlugins SUMO Affiliates Pro affs allows Retrieve Embedded Sensitive Data.This issue affects SUMO Affiliates Pro: from n/a through <= 11.0.0. | ||||
| CVE-2025-62902 | 2 Themehunk, Wordpress | 2 Wp Popup Builder, Wordpress | 2025-10-28 | 7.5 High |
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in ThemeHunk WP Popup Builder wp-popup-builder allows Retrieve Embedded Sensitive Data.This issue affects WP Popup Builder: from n/a through <= 1.3.6. | ||||
| CVE-2025-47699 | 1 Gallagher | 1 Command Centre | 2025-10-27 | 9.9 Critical |
| Exposure of Sensitive System Information to an Unauthorized Control Sphere (CWE-497) in the Gallagher Morpho integration could allow an authenticated operator with limited site permissions to make critical changes to local Morpho devices. This issue affects Command Centre Server: 9.30 prior to vEL9.30.2482 (MR2), 9.20 prior to vEL9.20.2819 (MR4), 9.10 prior to vEL9.10.3672 (MR7), 9.00 prior to vEL9.00.3831 (MR8), all versions of 8.90 and prior. | ||||
| CVE-2025-34156 | 1 Tibbo | 1 Aggregate | 2025-10-27 | N/A |
| Tibbo AggreGate Network Manager < 6.40.05 exposes sensitive system information through an unauthenticated endpoint at /cwmp/happyaxis.jsp. The page discloses Java system properties, server path details, and version information to unauthorized users, resulting in information disclosure that could aid further compromise. | ||||
| CVE-2025-0061 | 2 Sap, Sap Se | 2 Businessobjects Business Intelligence Platform, Sap Business Objects Business Intgelligence Platform | 2025-10-24 | 8.7 High |
| SAP BusinessObjects Business Intelligence Platform allows an unauthenticated attacker to perform session hijacking over the network without any user interaction, due to an information disclosure vulnerability. Attacker can access and modify all the data of the application. | ||||
| CVE-2025-11151 | 1 Beyaz Bilgisayar | 1 Cityplus | 2025-10-24 | 8.2 High |
| Exposure of Sensitive Information to an Unauthorized Actor, Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Beyaz Bilgisayar Software Design Industry and Trade Ltd. Co. CityPLus allows Detect Unpublicized Web Pages.This issue affects CityPLus: before V24.29500.1.0. | ||||
| CVE-2025-30011 | 1 Sap | 1 Supplier Relationship Management | 2025-10-23 | 5.3 Medium |
| The Live Auction Cockpit in SAP Supplier Relationship Management (SRM) uses a deprecated java applet component within the affected SRM packages which allows an unauthenticated attacker to send an malicious request to the application, which could disclose the internal version details of the affected system. This vulnerability has low impact on confidentiality, with no effect on integrity and availability of the application. | ||||
| CVE-2025-59575 | 2 Stylemixthemes, Wordpress | 2 Masterstudy Lms, Wordpress | 2025-10-23 | 5 Medium |
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Stylemix MasterStudy LMS masterstudy-lms-learning-management-system allows Retrieve Embedded Sensitive Data.This issue affects MasterStudy LMS: from n/a through <= 3.6.20. | ||||
| CVE-2025-52752 | 2 Themeatelier, Wordpress | 2 Idonate, Wordpress | 2025-10-23 | 6.5 Medium |
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in ThemeAtelier IDonatePro idonate-pro allows Retrieve Embedded Sensitive Data.This issue affects IDonatePro: from n/a through <= 2.1.9. | ||||
| CVE-2025-4614 | 2 Palo Alto Networks, Paloaltonetworks | 2 Pan-os, Pan-os | 2025-10-22 | 2.7 Low |
| An information disclosure vulnerability in Palo Alto Networks PAN-OS® software enables an authenticated administrator to view session tokens of users authenticated to the firewall web UI. This may allow impersonation of users whose session tokens are leaked. The security risk posed by this issue is significantly minimized when CLI access is restricted to a limited group of administrators. Cloud NGFW and Prisma® Access are not affected by this vulnerability. | ||||