Total
9895 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-27604 | 1 Xwiki | 1 Confluence Migrator | 2025-03-13 | 7.5 High |
| XWiki Confluence Migrator Pro helps admins to import confluence packages into their XWiki instance. The homepage of the application is public which enables a guest to download the package which might contain sensitive information. This vulnerability is fixed in 1.11.7. | ||||
| CVE-2024-54475 | 1 Apple | 1 Macos | 2025-03-13 | 3.3 Low |
| A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sonoma 14.7.2, macOS Sequoia 15.2, macOS Ventura 13.7.2. An app may be able to determine a user’s current location. | ||||
| CVE-2024-21205 | 1 Oracle | 2 Fusion Middleware, Service Bus | 2025-03-13 | 6.5 Medium |
| Vulnerability in the Oracle Service Bus product of Oracle Fusion Middleware (component: OSB Core Functionality). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Service Bus. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Service Bus accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). | ||||
| CVE-2024-10321 | 1 Themesgrove | 1 All-in-one Addons For Elementor | 2025-03-13 | 4.3 Medium |
| The All-in-One Addons for Elementor – WidgetKit plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.5.4 in elements/advanced-tab/template/view.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft template data. | ||||
| CVE-2025-1322 | 1 Plechevandrey | 1 Wp-recall | 2025-03-13 | 4.3 Medium |
| The WP-Recall – Registration, Profile, Commerce & More plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 16.26.10 via the 'feed' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for unauthenticated attackers to view data from password protected, private, or draft posts that they should not have access to. | ||||
| CVE-2023-0597 | 2 Linux, Redhat | 4 Linux Kernel, Enterprise Linux, Rhel Eus and 1 more | 2025-03-12 | 5.5 Medium |
| A flaw possibility of memory leak in the Linux kernel cpu_entry_area mapping of X86 CPU data to memory was found in the way user can guess location of exception stack(s) or other important data. A local user could use this flaw to get access to some important data with expected location in memory. | ||||
| CVE-2022-43930 | 2 Ibm, Microsoft | 2 Db2, Windows | 2025-03-12 | 6.2 Medium |
| IBM Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 is vulnerable to an Information Disclosure as sensitive information may be included in a log file. IBM X-Force ID: 241677. | ||||
| CVE-2022-41734 | 1 Ibm | 2 Maximo Application Suite, Maximo Asset Management | 2025-03-12 | 5.3 Medium |
| IBM Maximo Asset Management 7.6.1.2 and 7.6.1.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 237587. | ||||
| CVE-2022-34351 | 2 Ibm, Linux | 2 Qradar Security Information And Event Manager, Linux Kernel | 2025-03-12 | 5.9 Medium |
| IBM QRadar SIEM 7.4 and 7.5 is vulnerable to information exposure allowing a non-tenant user with a specific domain security profile assigned to see some data from other domains. IBM X-Force ID: 230402. | ||||
| CVE-2023-0901 | 1 Pixelfed | 1 Pixelfed | 2025-03-12 | 5.3 Medium |
| Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository pixelfed/pixelfed prior to 0.11.4. | ||||
| CVE-2024-13638 | 2025-03-12 | 5.9 Medium | ||
| The Order Attachments for WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.5.1 via the 'uploads' directory. This makes it possible for unauthenticated attackers to extract sensitive data stored insecurely in the /wp-content/uploads directory which can contain file attachments added to orders. | ||||
| CVE-2025-22961 | 2025-03-12 | 8 High | ||
| A critical information disclosure vulnerability exists in the web-based management interface of GatesAir Maxiva UAXT, VAXT transmitters due to Incorrect Access Control (CWE-284). Unauthenticated attackers can directly access sensitive database backup files (snapshot_users.db) via publicly exposed URLs (/logs/devcfg/snapshot/ and /logs/devcfg/user/). Exploiting this vulnerability allows retrieval of sensitive user data, including login credentials, potentially leading to full system compromise. | ||||
| CVE-2023-0994 | 1 Rosariosis | 1 Rosariosis | 2025-03-12 | 7.5 High |
| Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository francoisjacquet/rosariosis prior to 10.8.2. | ||||
| CVE-2022-32896 | 1 Apple | 1 Macos | 2025-03-12 | 5.5 Medium |
| This issue was addressed by enabling hardened runtime. This issue is fixed in macOS Monterey 12.6, macOS Big Sur 11.7. A user may be able to view sensitive user information. | ||||
| CVE-2022-22668 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2025-03-12 | 5.5 Medium |
| A logic issue was addressed with improved restrictions. This issue is fixed in iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3. A malicious application may be able to leak sensitive user information. | ||||
| CVE-2022-48319 | 1 Checkmk | 1 Checkmk | 2025-03-12 | 6.5 Medium |
| Sensitive host secret disclosed in cmk-update-agent.log file in Tribe29's Checkmk <= 2.1.0p13, Checkmk <= 2.0.0p29, and all versions of Checkmk 1.6.0 (EOL) allows an attacker to gain access to the host secret through the unprotected agent updater log file. | ||||
| CVE-2020-9846 | 1 Apple | 1 Macos | 2025-03-11 | 5.3 Medium |
| A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.0.1. A malicious application may be able to access local users' Apple IDs. | ||||
| CVE-2021-46841 | 1 Apple | 1 Music | 2025-03-11 | 5.9 Medium |
| This issue was addressed by using HTTPS when sending information over the network. This issue is fixed in Apple Music 3.5.0 for Android. An attacker in a privileged network position can track a user's activity. | ||||
| CVE-2022-32855 | 1 Apple | 2 Ipados, Iphone Os | 2025-03-11 | 5.5 Medium |
| A logic issue was addressed with improved state management. This issue is fixed in iOS 15.6 and iPadOS 15.6. A user may be able to view restricted content from the lock screen. | ||||
| CVE-2022-32836 | 1 Apple | 1 Music | 2025-03-11 | 7.5 High |
| This issue was addressed with improved state management. This issue is fixed in Apple Music 3.9.10 for Android. An app may be able to access user-sensitive data. | ||||