Total
322 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-1809 | 1 Analytify | 1 Analytify - Google Analytics Dashboard | 2026-04-08 | 5.4 Medium |
| The Analytify – Google Analytics Dashboard For WordPress (GA4 analytics made easy) plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on AJAX functions in combination with nonce leakage in all versions up to, and including, 5.2.3. This makes it possible for authenticated attackers, with subscriber access and higher, to obtain certain sensitive information related to plugin settings. | ||||
| CVE-2020-36926 | 1 Smartertools | 2 Smartermail, Smartertrack | 2026-04-07 | 7.5 High |
| SmarterTrack 7922 contains an information disclosure vulnerability in the Chat Management search form that reveals agent identification details. Attackers can access the vulnerable /Management/Chat/frmChatSearch.aspx endpoint to retrieve agents' first and last names along with their unique identifiers. | ||||
| CVE-2025-36373 | 1 Ibm | 4 Datapower Gateway, Datapower Gateway 1050, Datapower Gateway 1060 and 1 more | 2026-04-07 | 4.1 Medium |
| IBM DataPower Gateway 10.6CD 10.6.1.0 through 10.6.5.0 and IBM DataPower Gateway 10.5.0 10.5.0.0 through 10.5.0.20 and IBM DataPower Gateway 10.6.0 10.6.0.0 through 10.6.0.8 IBM DataPower Gateway could disclose sensitive system information from other domains to an administrative user. | ||||
| CVE-2026-20691 | 1 Apple | 7 Ios And Ipados, Ipados, Iphone Os and 4 more | 2026-04-02 | 4.3 Medium |
| An authorization issue was addressed with improved state management. This issue is fixed in Safari 26.4, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, visionOS 26.4, watchOS 26.4. A maliciously crafted webpage may be able to fingerprint the user. | ||||
| CVE-2025-43471 | 1 Apple | 2 Macos, Macos Tahoe | 2026-04-02 | 5.5 Medium |
| The issue was addressed with improved checks. This issue is fixed in macOS Tahoe 26.1. An app may be able to access sensitive user data. | ||||
| CVE-2026-32405 | 2 Wordpress, Xtemos | 2 Wordpress, Woodmart | 2026-04-01 | 5.3 Medium |
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in xtemos WoodMart woodmart allows Retrieve Embedded Sensitive Data.This issue affects WoodMart: from n/a through <= 8.3.9. | ||||
| CVE-2026-32372 | 2 Radiustheme, Wordpress | 2 Shopbuilder – Elementor Woocommerce Builder Addons, Wordpress | 2026-04-01 | 5.3 Medium |
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in RadiusTheme ShopBuilder – Elementor WooCommerce Builder Addons shopbuilder allows Retrieve Embedded Sensitive Data.This issue affects ShopBuilder – Elementor WooCommerce Builder Addons: from n/a through <= 3.2.4. | ||||
| CVE-2025-64258 | 2 Wordpress, Wpwebelite | 2 Wordpress, Follow My Blog Post | 2026-04-01 | 7.5 High |
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in wpweb Follow My Blog Post follow-my-blog-post allows Retrieve Embedded Sensitive Data.This issue affects Follow My Blog Post: from n/a through <= 2.3.9. | ||||
| CVE-2025-13651 | 2 Microcom, Microcom360 | 2 Zeusweb, Zeusweb | 2026-03-26 | 7.5 High |
| Exposure of Sensitive System Information to an Unauthorized Actor vulnerability in Microcom ZeusWeb allows Web Application Fingerprinting of sensitive data. This issue affects ZeusWeb: 6.1.31. | ||||
| CVE-2026-32237 | 2 Backstage, Linuxfoundation | 2 Plugin-scaffolder-backend, Backstage | 2026-03-23 | 4.4 Medium |
| Backstage is an open framework for building developer portals. Prior to 3.1.5, authenticated users with permission to execute scaffolder dry-runs can gain access to server-configured environment secrets through the dry-run API response. Secrets are properly redacted in log output but not in all parts of the response payload. Deployments that have configured scaffolder.defaultEnvironment.secrets are affected. This is patched in @backstage/plugin-scaffolder-backend version 3.1.5. | ||||
| CVE-2026-0231 | 1 Palo Alto Networks | 1 Cortex Xdr Broker Vm | 2026-03-20 | N/A |
| An information disclosure vulnerability in Palo Alto Networks Cortex XDR® Broker VM allows an authenticated user to obtain and modify sensitive information by triggering live terminal session via Cortex UI and modifying any configuration setting. The attacker must have network access to the Broker VM to exploit this issue. | ||||
| CVE-2025-41763 | 2 Mbs, Mbs-solutions | 7 Ubr-01 Mk Ii, Ubr-02, Ubr-lon and 4 more | 2026-03-11 | 6.5 Medium |
| A low‑privileged remote attacker can directly interact with the wwwdnload.cgi endpoint to download any resource available to administrators, including system backups and certificate request files. | ||||
| CVE-2025-47378 | 1 Qualcomm | 149 Cologne, Cologne Firmware, Fastconnect 6700 and 146 more | 2026-03-05 | 7.1 High |
| Cryptographic Issue when a shared VM reference allows HLOS to boot loader and access cert chain. | ||||
| CVE-2025-34171 | 1 Icewhale | 1 Casaos | 2026-03-05 | 5.3 Medium |
| CasaOS versions up to and including 0.4.15 expose multiple unauthenticated endpoints that allow remote attackers to retrieve sensitive configuration files and system debug information. The /v1/users/image endpoint can be abused with a user-controlled path parameter to access files under /var/lib/casaos/1/, which reveals installed applications and configuration details. Additionally, /v1/sys/debug discloses host operating system, kernel, hardware, and storage information. The endpoints also return distinct error messages, enabling file existence enumeration of arbitrary paths on the underlying host filesystem. This information disclosure can be used for reconnaissance and to facilitate targeted follow-up attacks against services deployed on the host. | ||||
| CVE-2025-13616 | 1 Ibm | 1 Datastage On Cloud Pak For Data | 2026-03-04 | 6.5 Medium |
| IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 returns sensitive information in an HTTP response that could be used in further attacks against the system. | ||||
| CVE-2025-13691 | 1 Ibm | 1 Datastage On Cloud Pak For Data | 2026-02-26 | 8.1 High |
| IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 returns sensitive information in an HTTP response that could be used to impersonate other users in the system. | ||||
| CVE-2023-4237 | 1 Redhat | 3 Ansible Automation Platform, Ansible Automation Platform Cloud Billing, Ansible Collection | 2026-02-25 | 7.3 High |
| A flaw was found in the Ansible Automation Platform. When creating a new keypair, the ec2_key module prints out the private key directly to the standard output. This flaw allows an attacker to fetch those keys from the log files, compromising the system's confidentiality, integrity, and availability. | ||||
| CVE-2023-0342 | 1 Mongodb | 1 Ops Manager Server | 2026-02-25 | 3.1 Low |
| MongoDB Ops Manager Diagnostics Archive may not redact sensitive PEM key file password app settings. Archives do not include the PEM files themselves. This issue affects MongoDB Ops Manager v5.0 prior to 5.0.21 and MongoDB Ops Manager v6.0 prior to 6.0.12 | ||||
| CVE-2025-27550 | 1 Ibm | 1 Jazz Reporting Service | 2026-02-23 | 3.5 Low |
| IBM Jazz Reporting Service could allow an authenticated user on the host network to obtain sensitive information about other projects that reside on the server. | ||||
| CVE-2025-36238 | 1 Ibm | 1 Powervm Hypervisor | 2026-02-19 | 6 Medium |
| IBM PowerVM Hypervisor FW1110.00 through FW1110.03, FW1060.00 through FW1060.51, and FW950.00 through FW950.F0 could allow a local user with administration privileges to obtain sensitive information from a Virtual TPM through a series of PowerVM service procedures. | ||||