Total
9880 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-2228 | 1 Cyberchimps | 1 Responsive Addons For Elementor | 2025-08-09 | 5.7 Medium |
| The Responsive Addons for Elementor – Free Elementor Addons Plugin and Elementor Templates plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.6.8 the 'register_user' function. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data including usernames and passwords of any users who register via the Edit Login | Registration Form widget, as long as that user opens the email notification for successful registration. | ||||
| CVE-2025-2252 | 1 Awesomemotive | 1 Easy Digital Downloads | 2025-08-08 | 5.3 Medium |
| The Easy Digital Downloads – eCommerce Payments and Subscriptions made easy plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.3.6.1 via the edd_ajax_get_download_title() function. This makes it possible for unauthenticated attackers to extract private post titles of downloads. The impact here is minimal. | ||||
| CVE-2025-52372 | 1 Hmailserver | 1 Hmailserver | 2025-08-08 | 5.1 Medium |
| An issue in hMailServer v.5.8.6 allows a local attacker to obtain sensitive information via the hmailserver/installation/hMailServerInnoExtension.iss and hMailServer.ini components. | ||||
| CVE-2024-20457 | 1 Cisco | 1 Unified Communications Manager Im And Presence Service | 2025-08-07 | 6.5 Medium |
| A vulnerability in the logging component of Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an authenticated, remote attacker to view sensitive information in clear text on an affected system. This vulnerability is due to the storage of unencrypted credentials in certain logs. An attacker could exploit this vulnerability by accessing the logs on an affected system and obtaining credentials that they may not normally have access to. A successful exploit could allow the attacker to access sensitive information from the device. | ||||
| CVE-2025-46388 | 2025-08-06 | 4.3 Medium | ||
| CWE-200 Exposure of Sensitive Information to an Unauthorized Actor | ||||
| CVE-2025-45620 | 1 Averusa | 2 Ptc310uv2, Ptc310uv2 Firmware | 2025-08-06 | 8.1 High |
| An issue in Aver PTC310UV2 v.0.1.0000.59 allows a remote attacker to obtain sensitive information via a crafted request | ||||
| CVE-2025-31491 | 1 Agpt | 1 Autogpt Platform | 2025-08-05 | 8.6 High |
| AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Prior to 0.6.1, AutoGPT allows of leakage of cross-domain cookies and protected headers in requests redirect. AutoGPT uses a wrapper around the requests python library, located in autogpt_platform/backend/backend/util/request.py. In this wrapper, redirects are specifically NOT followed for the first request. If the wrapper is used with allow_redirects set to True (which is the default), any redirect is not followed by the initial request, but rather re-requested by the wrapper using the new location. However, there is a fundamental flaw in manually re-requesting the new location: it does not account for security-sensitive headers which should not be sent cross-origin, such as the Authorization and Proxy-Authorization header, and cookies. For example in autogpt_platform/backend/backend/blocks/github/_api.py, an Authorization header is set when retrieving data from the GitHub API. However, if GitHub suffers from an open redirect vulnerability (such as the made-up example of https://api.github.com/repos/{owner}/{repo}/issues/comments/{comment_id}/../../../../../redirect/?url=https://joshua.hu/), and the script can be coerced into visiting it with the Authorization header, the GitHub credentials in the Authorization header will be leaked. This allows leaking auth headers and private cookies. This vulnerability is fixed in 0.6.1. | ||||
| CVE-2025-23290 | 1 Nvidia | 2 Gpu Display Driver, Virtual Gpu Manager | 2025-08-04 | 2.5 Low |
| NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager, where a guest could get global GPU metrics which may be influenced by work in other VMs. A successful exploit of this vulnerability might lead to information disclosure. | ||||
| CVE-2025-54586 | 1 Finos | 2 Git-proxy, Gitproxy | 2025-08-01 | 7.1 High |
| GitProxy is an application that stands between developers and a Git remote endpoint. In versions 1.19.1 and below, attackers can inject extra commits into the pack sent to GitHub, commits that aren’t pointed to by any branch. Although these “hidden” commits never show up in the repository’s visible history, GitHub still serves them at their direct commit URLs. This lets an attacker exfiltrate sensitive data without ever leaving a trace in the branch view. We rate this a High‑impact vulnerability because it completely compromises repository confidentiality. This is fixed in version 1.19.2. | ||||
| CVE-2025-20325 | 1 Splunk | 3 Splunk, Splunk Cloud Platform, Splunk Enterprise | 2025-08-01 | 3.1 Low |
| In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7, and 9.1.10, and Splunk Cloud Platform versions below 9.3.2411.103, 9.3.2408.113, and 9.2.2406.119, the software potentially exposes the search head cluster [splunk.secret](https://help.splunk.com/en/splunk-enterprise/administer/manage-users-and-security/9.4/install-splunk-enterprise-securely/deploy-secure-passwords-across-multiple-servers) key. This exposure could happen if you have a Search Head cluster and you configure the Splunk Enterprise `SHCConfig` log channel at the DEBUG logging level in the clustered deployment. <br><br>The vulnerability would require either local access to the log files or administrative access to internal indexes, which by default only the admin role receives. Review roles and capabilities on your instance and restrict internal index access to administrator-level roles. <br><br>See [Define roles on the Splunk platform with capabilities](https://docs.splunk.com/Documentation/Splunk/latest/Security/Rolesandcapabilities), [Deploy a search head cluster](https://help.splunk.com/en/splunk-enterprise/administer/distributed-search/9.4/deploy-search-head-clustering/deploy-a-search-head-cluster), [Deploy secure passwords across multiple servers](https://help.splunk.com/en/splunk-enterprise/administer/manage-users-and-security/9.4/install-splunk-enterprise-securely/deploy-secure-passwords-across-multiple-servers) and [Set a security key for the search head cluster](https://help.splunk.com/splunk-enterprise/administer/distributed-search/9.4/configure-search-head-clustering/set-a-security-key-for-the-search-head-cluster#id_2c54937a_736c_47b5_9485_67e9e390acfa__Set_a_security_key_for_the_search_head_cluster) for more information. | ||||
| CVE-2025-27784 | 1 Applio | 1 Applio | 2025-08-01 | 7.5 High |
| Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are vulnerable to arbitrary file read in train.py's `export_pth` function. This issue may lead to reading arbitrary files on the Applio server. It can also be used in conjunction with blind server-side request forgery to read files from servers on the internal network that the Applio server has access to. As of time of publication, no known patches are available. | ||||
| CVE-2025-27785 | 1 Applio | 1 Applio | 2025-08-01 | 7.5 High |
| Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are vulnerable to arbitrary file read in train.py's `export_index` function. This issue may lead to reading arbitrary files on the Applio server. It can also be used in conjunction with blind server-side request forgery to read files from servers on the internal network that the Applio server has access to. As of time of publication, no known patches are available. | ||||
| CVE-2025-30214 | 1 Frappe | 1 Frappe | 2025-08-01 | 7.5 High |
| Frappe is a full-stack web application framework. Prior to versions 14.89.0 and 15.51.0, making crafted requests could lead to information disclosure that could further lead to account takeover. Versions 14.89.0 and 15.51.0 fix the issue. There's no workaround to fix this without upgrading. | ||||
| CVE-2025-20129 | 1 Cisco | 2 Socialminer, Unified Contact Center Express | 2025-08-01 | 4.3 Medium |
| A vulnerability in the web-based chat interface of Cisco Customer Collaboration Platform (CCP), formerly Cisco SocialMiner, could allow an unauthenticated, remote attacker to persuade users to disclose sensitive data. This vulnerability is due to improper sanitization of HTTP requests that are sent to the web-based chat interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to the chat interface of a targeted user on a vulnerable server. A successful exploit could allow the attacker to redirect chat traffic to a server that is under their control, resulting in sensitive information being redirected to the attacker. | ||||
| CVE-2025-43018 | 1 Hp | 5 Hp, Laserjet Mfp M428, Laserjet Mfp M429 and 2 more | 2025-07-31 | N/A |
| Certain HP LaserJet Pro printers may be vulnerable to information disclosure when a non-authenticated user queries a device’s local address book. | ||||
| CVE-2024-20396 | 1 Cisco | 2 Webex App, Webex Teams | 2025-07-31 | 5.3 Medium |
| A vulnerability in the protocol handlers of Cisco Webex App could allow an unauthenticated, remote attacker to gain access to sensitive information. This vulnerability exists because the affected application does not safely handle file protocol handlers. An attacker could exploit this vulnerability by persuading a user to follow a link that is designed to cause the application to send requests. If the attacker can observe transmitted traffic in a privileged network position, a successful exploit could allow the attacker to capture sensitive information, including credential information, from the requests. | ||||
| CVE-2020-36850 | 1 Sitecore | 1 Sitecore | 2025-07-31 | N/A |
| An information disclosure vulnerability exits in Sitecore JSS React Sample Application 11.0.0 - 14.0.1 that may cause page content intended for one user to be shown to another user. | ||||
| CVE-2025-3508 | 1 Hp | 4 Designjet T1700, Designjet Z6, Designjet Z9 and 1 more | 2025-07-31 | N/A |
| Certain HP DesignJet products may be vulnerable to information disclosure though printer's web interface allowing unauthenticated users to view sensitive print job information. | ||||
| CVE-2024-28442 | 1 Yealink | 2 Vp59, Vp59 Firmware | 2025-07-30 | 7.5 High |
| Directory Traversal vulnerability in Yealink VP59 v.91.15.0.118 allows a physically proximate attacker to obtain sensitive information via terms of use function in the company portal component. | ||||
| CVE-2020-36848 | 1 Boldgrid | 1 Total Upkeep | 2025-07-29 | 7.5 High |
| The Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.14.9 via the env-info.php and restore-info.json files. This makes it possible for unauthenticated attackers to find the location of back-up files and subsequently download them. | ||||