Total
9783 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-2341 | 4 Debian, Fedoraproject, Oracle and 1 more | 10 Debian Linux, Fedora, Graalvm and 7 more | 2025-05-27 | 3.1 Low |
| Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u301, 8u291, 11.0.11, 16.0.1; Oracle GraalVM Enterprise Edition: 20.3.2 and 21.1.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N). | ||||
| CVE-2025-4904 | 1 Dlink | 2 Di-7003g, Di-7003g Firmware | 2025-05-27 | 5.3 Medium |
| A vulnerability has been found in D-Link DI-7003GV2 24.04.18D1 R(68125) and classified as problematic. This vulnerability affects the function sub_41F0FC of the file /H5/webgl.data. The manipulation leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2022-32849 | 1 Apple | 5 Ipados, Iphone Os, Mac Os X and 2 more | 2025-05-27 | 5.5 Medium |
| An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. An app may be able to access sensitive user information. | ||||
| CVE-2024-28339 | 1 Netgear | 6 Cbk40, Cbk40 Firmware, Cbk43 and 3 more | 2025-05-27 | 5.4 Medium |
| An information leak in the debuginfo.htm component of Netgear CBR40 2.5.0.28, Netgear CBK40 2.5.0.28, and Netgear CBK43 2.5.0.28 allows attackers to obtain sensitive information without any authentication required. | ||||
| CVE-2024-28340 | 1 Netgear | 6 Cbk40, Cbk40 Firmware, Cbk43 and 3 more | 2025-05-27 | 7.5 High |
| An information leak in the currentsetting.htm component of Netgear CBR40 2.5.0.28, Netgear CBK40 2.5.0.28, and Netgear CBK43 2.5.0.28 allows attackers to obtain sensitive information without any authentication required. | ||||
| CVE-2024-13568 | 1 Wpmanageninja | 1 Fluent Support | 2025-05-26 | 7.5 High |
| The Fluent Support – Helpdesk & Customer Support Ticket System plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.8.5 via the 'fluent-support' directory. This makes it possible for unauthenticated attackers to extract sensitive data stored insecurely in the /wp-content/uploads/fluent-support directory which can contain file attachments included in support tickets. | ||||
| CVE-2024-13611 | 1 Wordplus | 1 Better Messages | 2025-05-26 | 7.5 High |
| The Better Messages – Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.9 via the 'bp-better-messages' directory. This makes it possible for unauthenticated attackers to extract sensitive data stored insecurely in the /wp-content/uploads/bp-better-messages directory which can contain file attachments included in chat messages. | ||||
| CVE-2023-6727 | 1 Mattermost | 1 Mattermost Server | 2025-05-24 | 3.1 Low |
| Mattermost fails to perform correct authorization checks when creating a playbook action, allowing users without access to the playbook to create playbook actions. If the playbook action created is to post a message in a channel based on specific keywords in a post, some playbook information, like the name, can be leaked. | ||||
| CVE-2016-3674 | 4 Debian, Fedoraproject, Redhat and 1 more | 6 Debian Linux, Fedora, Jboss Bpms and 3 more | 2025-05-23 | 7.5 High |
| Multiple XML external entity (XXE) vulnerabilities in the (1) Dom4JDriver, (2) DomDriver, (3) JDomDriver, (4) JDom2Driver, (5) SjsxpDriver, (6) StandardStaxDriver, and (7) WstxDriver drivers in XStream before 1.4.9 allow remote attackers to read arbitrary files via a crafted XML document. | ||||
| CVE-2023-52126 | 1 Sumanbhattarai | 1 Send Users Email | 2025-05-23 | 5.3 Medium |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Suman Bhattarai Send Users Email.This issue affects Send Users Email: from n/a through 1.4.3. | ||||
| CVE-2023-52208 | 1 Constantcontact | 1 Constant Contact Forms | 2025-05-23 | 5.3 Medium |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Constant Contact Constant Contact Forms.This issue affects Constant Contact Forms: from n/a through 2.4.2. | ||||
| CVE-2022-35246 | 1 Rocket.chat | 1 Rocket.chat | 2025-05-22 | 4.3 Medium |
| A NoSQL-Injection information disclosure vulnerability vulnerability exists in Rocket.Chat <v5, <v4.8.2 and <v4.7.5 in the getS3FileUrl Meteor server method that can disclose arbitrary file upload URLs to users that should not be able to access. | ||||
| CVE-2022-35249 | 1 Rocket.chat | 1 Rocket.chat | 2025-05-22 | 4.3 Medium |
| A information disclosure vulnerability exists in Rocket.Chat <v5 where the getUserMentionsByChannel meteor server method discloses messages from private channels and direct messages regardless of the users access permission to the room. | ||||
| CVE-2022-32818 | 1 Apple | 1 Macos | 2025-05-22 | 5.5 Medium |
| The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.5. An app may be able to leak sensitive kernel state. | ||||
| CVE-2022-32228 | 1 Rocket.chat | 1 Rocket.chat | 2025-05-22 | 4.3 Medium |
| An information disclosure vulnerability exists in Rocket.Chat <v5, <v4.8.2 and <v4.7.5 since the getReadReceipts Meteor server method does not properly filter user inputs that are passed to MongoDB queries, allowing $regex queries to enumerate arbitrary Message IDs. | ||||
| CVE-2022-32218 | 1 Rocket.chat | 1 Rocket.chat | 2025-05-22 | 4.3 Medium |
| An information disclosure vulnerability exists in Rocket.Chat <v5, <v4.8.2 and <v4.7.5 due to the actionLinkHandler method was found to allow Message ID Enumeration with Regex MongoDB queries. | ||||
| CVE-2022-23952 | 1 Keylime | 1 Keylime | 2025-05-22 | 7.5 High |
| In Keylime before 6.3.0, current keylime installer installs the keylime.conf file, which can contain sensitive data, as world-readable. | ||||
| CVE-2022-40629 | 1 Tacitine | 4 En6200-prime Quad-100, En6200-prime Quad-100 Firmware, En6200-prime Quad-35 and 1 more | 2025-05-22 | 7.5 High |
| This vulnerability exists in Tacitine Firewall, all versions of EN6200-PRIME QUAD-35 and EN6200-PRIME QUAD-100 between 19.1.1 to 22.20.1 (inclusive), due to insecure design in the Tacitine Firewall web-based management interface. An unauthenticated remote attacker could exploit this vulnerability by sending a specially crafted http request on the targeted device. Successful exploitation of this vulnerability could allow an unauthenticated remote attacker to view sensitive information on the targeted device. | ||||
| CVE-2022-35247 | 1 Rocket.chat | 1 Rocket.chat | 2025-05-22 | 4.3 Medium |
| A information disclosure vulnerability exists in Rocket.chat <v5, <v4.8.2 and <v4.7.5 where the lack of ACL checks in the getRoomRoles Meteor method leak channel members with special roles to unauthorized clients. | ||||
| CVE-2022-32229 | 1 Rocket.chat | 1 Rocket.chat | 2025-05-22 | 4.3 Medium |
| A information disclosure vulnerability exists in Rockert.Chat <v5 due to /api/v1/chat.getThreadsList lack of sanitization of user inputs and can therefore leak private thread messages to unauthorized users via Mongo DB injection. | ||||