Total
248 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-62955 | 1 Wordpress | 1 Wordpress | 2025-12-22 | 4.3 Medium |
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in HappyDevs TempTool allows Retrieve Embedded Sensitive Data.This issue affects TempTool: from n/a through 1.3.1. | ||||
| CVE-2025-11545 | 2025-12-22 | N/A | ||
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Sharp Display Solutions projectors allows a attacker may improperly access the HTTP server and execute arbitrary actions. | ||||
| CVE-2025-64272 | 2 Getresponse, Wordpress | 2 Getresponse, Wordpress | 2025-12-21 | 6.5 Medium |
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in GetResponse Email marketing for WordPress by GetResponse Official getresponse-official allows Retrieve Embedded Sensitive Data.This issue affects Email marketing for WordPress by GetResponse Official: from n/a through <= 1.5.3. | ||||
| CVE-2025-49914 | 2 Motopress, Wordpress | 2 Restaurant Menu, Wordpress | 2025-12-21 | 6.5 Medium |
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in jetmonsters Restaurant Menu by MotoPress mp-restaurant-menu allows Retrieve Embedded Sensitive Data.This issue affects Restaurant Menu by MotoPress: from n/a through <= 2.4.7. | ||||
| CVE-2025-34442 | 1 Wwbn | 1 Avideo | 2025-12-19 | 7.5 High |
| AVideo versions prior to 20.1 disclose absolute filesystem paths via multiple public API endpoints. Returned metadata includes full server paths to media files, revealing underlying filesystem structure and facilitating more effective attack chains. | ||||
| CVE-2024-58320 | 1 Kentico | 1 Xperience | 2025-12-19 | 5.3 Medium |
| An information disclosure vulnerability in Kentico Xperience allows public users to access sensitive administration interface hostname details during authentication. Attackers can retrieve confidential hostname configuration information through a public endpoint, potentially exposing internal network details. | ||||
| CVE-2019-25228 | 1 Kentico | 1 Xperience | 2025-12-19 | 5.3 Medium |
| An information disclosure vulnerability in Kentico Xperience allows attackers to leak virtual context URLs via the HTTP Referer header when users interact with third-party domains. Sensitive virtual context information can be exposed to external domains through page builder interactions and link/image loading. | ||||
| CVE-2019-25230 | 1 Kentico | 1 Xperience | 2025-12-19 | 4.3 Medium |
| An information disclosure vulnerability in Kentico Xperience allows authenticated users to view sensitive system objects through the live site widget properties dialog. Attackers can exploit this vulnerability to access unauthorized system information without proper access controls. | ||||
| CVE-2025-64258 | 1 Wordpress | 1 Wordpress | 2025-12-19 | 7.5 High |
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in wpweb Follow My Blog Post follow-my-blog-post allows Retrieve Embedded Sensitive Data.This issue affects Follow My Blog Post: from n/a through <= 2.3.9. | ||||
| CVE-2025-64270 | 2 Masteriyo, Wordpress | 2 Masteriyo, Wordpress | 2025-12-19 | 6.5 Medium |
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in masteriyo Masteriyo - LMS learning-management-system allows Retrieve Embedded Sensitive Data.This issue affects Masteriyo - LMS: from n/a through <= 2.0.3. | ||||
| CVE-2025-67546 | 2 Wedevs, Wordpress | 2 Wp Erp, Wordpress | 2025-12-19 | 6.5 Medium |
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in weDevs WP ERP erp allows Retrieve Embedded Sensitive Data.This issue affects WP ERP: from n/a through <= 1.16.6. | ||||
| CVE-2025-36162 | 1 Ibm | 2 Devops Deploy, Urbancode Deploy | 2025-12-18 | 4.3 Medium |
| IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) 8.1 before 8.1.2.2 could allow an authenticated user to obtain sensitive information about configuration on the system. | ||||
| CVE-2025-47319 | 1 Qualcomm | 1 Snapdragon | 2025-12-18 | 6.7 Medium |
| Information disclosure while exposing internal TA-to-TA communication APIs to HLOS | ||||
| CVE-2025-67636 | 1 Jenkins | 1 Jenkins | 2025-12-17 | 4.3 Medium |
| A missing permission check in Jenkins 2.540 and earlier, LTS 2.528.2 and earlier allows attackers with View/Read permission to view encrypted password values in views. | ||||
| CVE-2025-43471 | 1 Apple | 2 Macos, Macos Tahoe | 2025-12-16 | 5.5 Medium |
| The issue was addressed with improved checks. This issue is fixed in macOS Tahoe 26.1. An app may be able to access sensitive user data. | ||||
| CVE-2025-43406 | 1 Apple | 1 Macos | 2025-12-16 | 5.5 Medium |
| A logic issue was addressed with improved restrictions. This issue is fixed in macOS Tahoe 26.1. An app may be able to access sensitive user data. | ||||
| CVE-2025-67948 | 2 Sendpulse, Wordpress | 2 Sendpulse Email Marketing Newsletter, Wordpress | 2025-12-16 | 4.3 Medium |
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in SendPulse SendPulse Email Marketing Newsletter sendpulse-email-marketing-newsletter allows Retrieve Embedded Sensitive Data.This issue affects SendPulse Email Marketing Newsletter: from n/a through <= 2.2.1. | ||||
| CVE-2025-14712 | 1 Jhenggao | 1 Student Learning Assessment And Support System | 2025-12-15 | 7.5 High |
| Student Learning Assessment and Support System developed by JHENG GAO has a Exposure of Sensitive Information vulnerability, allowing unauthenticated remote attackers to view a specific page and obtain test accounts and password. | ||||
| CVE-2025-58015 | 2 Ays-pro, Wordpress | 2 Quiz Maker, Wordpress | 2025-12-12 | 5.3 Medium |
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Ays Pro Quiz Maker allows Retrieve Embedded Sensitive Data. This issue affects Quiz Maker: from n/a through 6.7.0.61. | ||||
| CVE-2025-55183 | 2 Facebook, Vercel | 5 React, React-server-dom-parcel, React-server-dom-turbopack and 2 more | 2025-12-12 | 5.3 Medium |
| An information leak vulnerability exists in specific configurations of React Server Components versions 19.0.0, 19.0.1 19.1.0, 19.1.1, 19.1.2, 19.2.0 and 19.2.1, including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. A specifically crafted HTTP request sent to a vulnerable Server Function may unsafely return the source code of any Server Function. Exploitation requires the existence of a Server Function which explicitly or implicitly exposes a stringified argument. | ||||