Total
10281 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2005-4849 | 1 Apache | 1 Derby | 2025-04-03 | N/A |
| Apache Derby before 10.1.2.1 exposes the (1) user and (2) password attributes in cleartext via (a) the RDBNAM parameter of the ACCSEC command and (b) the output of the DatabaseMetaData.getURL function, which allows context-dependent attackers to obtain sensitive information. | ||||
| CVE-2000-0649 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2025-04-03 | N/A |
| IIS 4.0 allows remote attackers to obtain the internal IP address of the server via an HTTP 1.0 request for a web page which is protected by basic authentication and has no realm defined. | ||||
| CVE-1999-0348 | 1 Microsoft | 1 Internet Information Server | 2025-04-03 | N/A |
| IIS ASP caching problem releases sensitive information when two virtual servers share the same physical directory. | ||||
| CVE-2002-2369 | 1 Perception | 1 Liteserve | 2025-04-03 | N/A |
| Perception LiteServe 2.0 allows remote attackers to read password protected files via a leading "/./" in a URL. | ||||
| CVE-2025-25975 | 1 Jonschlinkert | 1 Parse-git-config | 2025-04-02 | 7.5 High |
| An issue in parse-git-config v.3.0.0 allows an attacker to obtain sensitive information via the expandKeys function | ||||
| CVE-2022-4054 | 1 Gitlab | 1 Gitlab | 2025-04-02 | 5.5 Medium |
| An issue has been discovered in GitLab affecting all versions starting from 9.3 before 15.4.6, all versions starting from 15.5 before 15.5.5, all versions starting from 15.6 before 15.6.1. It was possible for a project maintainer to leak a webhook secret token by changing the webhook URL to an endpoint that allows them to capture request headers. | ||||
| CVE-2022-43959 | 1 Bitrix24 | 1 Bitrix24 | 2025-04-02 | 4.9 Medium |
| Insufficiently Protected Credentials in the AD/LDAP server settings in 1C-Bitrix Bitrix24 through 22.200.200 allow remote administrators to discover an AD/LDAP administrative password by reading the source code of /bitrix/admin/ldap_server_edit.php. | ||||
| CVE-2022-39167 | 1 Ibm | 1 Spectrum Virtualize | 2025-04-02 | 5.9 Medium |
| IBM Spectrum Virtualize 8.5, 8.4, 8.3, 8.2, and 7.8, under certain configurations, could disclose sensitive information to an attacker using man-in-the-middle techniques. IBM X-Force ID: 235408. | ||||
| CVE-2025-26001 | 1 Telesquare | 2 Tlr-2005ksh, Tlr-2005ksh Firmware | 2025-04-01 | 7.5 High |
| Telesquare TLR-2005KSH 1.1.4 is vulnerable to Information Disclosure via the parameter getUserNamePassword. | ||||
| CVE-2025-26009 | 1 Telesquare | 2 Tlr-2005ksh, Tlr-2005ksh Firmware | 2025-04-01 | 7.5 High |
| Telesquare TLR-2005KSH 1.1.4 has an Information Disclosure vulnerability when requesting systemutilit.cgi. | ||||
| CVE-2022-31711 | 1 Vmware | 1 Vrealize Log Insight | 2025-04-01 | 5.3 Medium |
| VMware vRealize Log Insight contains an Information Disclosure Vulnerability. A malicious actor can remotely collect sensitive session and application information without authentication. | ||||
| CVE-2025-29486 | 1 Libming | 1 Libming | 2025-04-01 | 6.5 Medium |
| libming v0.4.8 was discovered to contain a memory leak via the parseSWF_PLACEOBJECT3 function. | ||||
| CVE-2025-29488 | 1 Libming | 1 Libming | 2025-04-01 | 6.5 Medium |
| libming v0.4.8 was discovered to contain a memory leak via the parseSWF_INITACTION function. | ||||
| CVE-2025-29489 | 1 Libming | 1 Libming | 2025-04-01 | 6.5 Medium |
| libming v0.4.8 was discovered to contain a memory leak via the parseSWF_MORPHLINESTYLES function. | ||||
| CVE-2025-29497 | 1 Libming | 1 Libming | 2025-04-01 | 6.5 Medium |
| libming v0.4.8 was discovered to contain a memory leak via the parseSWF_MORPHFILLSTYLES function. | ||||
| CVE-2024-3505 | 1 Jfrog | 1 Artifactory | 2025-04-01 | 4.3 Medium |
| JFrog Artifactory Self-Hosted versions below 7.77.3, are vulnerable to sensitive information disclosure whereby a low-privileged authenticated user can read the proxy configuration. This does not affect JFrog cloud deployments. | ||||
| CVE-2023-22580 | 1 Sequelizejs | 1 Sequelize | 2025-04-01 | 5.3 Medium |
| Due to improper input filtering in the sequalize js library, can malicious queries lead to sensitive information disclosure. | ||||
| CVE-2024-46471 | 1 Codeastro | 1 Membership Management System | 2025-03-31 | 7.5 High |
| The Directory Listing in /uploads/ Folder in CodeAstro Membership Management System 1.0 exposes the structure and contents of directories, potentially revealing sensitive information. | ||||
| CVE-2021-39327 | 1 Ait-pro | 1 Bulletproof Security | 2025-03-31 | 5.3 Medium |
| The BulletProof Security WordPress plugin is vulnerable to sensitive information disclosure due to a file path disclosure in the publicly accessible ~/db_backup_log.txt file which grants attackers the full path of the site, in addition to the path of database backup files. This affects versions up to, and including, 5.1. | ||||
| CVE-2021-39089 | 2 Ibm, Linux | 2 Cloud Pak For Security, Linux Kernel | 2025-03-31 | 4.3 Medium |
| IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.6.0 could allow an authenticated user to obtain sensitive information from a specially crafted HTTP request. IBM X-Force ID: 216387. | ||||