Total
10390 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-26476 | 1 Xwiki | 1 Xwiki | 2025-03-05 | 7.5 High |
| XWiki Platform is a generic wiki platform. Starting in version 3.2-m3, users can deduce the content of the password fields by repeated call to `LiveTableResults` and `WikisLiveTableResultsMacros`. The issue can be fixed by upgrading to versions 14.7-rc-1, 13.4.4, or 13.10.9 and higher, or in version >= 3.2M3 by applying the patch manually on `LiveTableResults` and `WikisLiveTableResultsMacros`. | ||||
| CVE-2023-25536 | 1 Dell | 1 Powerscale Onefs | 2025-03-05 | 6.7 Medium |
| Dell PowerScale OneFS 9.4.0.x contains exposure of sensitive information to an unauthorized actor. A malicious authenticated local user could potentially exploit this vulnerability in certificate management, leading to a potential system takeover. | ||||
| CVE-2023-26108 | 1 Nestjs | 1 Nest | 2025-03-05 | 3.7 Low |
| Versions of the package @nestjs/core before 9.0.5 are vulnerable to Information Exposure via the StreamableFile pipe. Exploiting this vulnerability is possible when the client cancels a request while it is streaming a StreamableFile, the stream wrapped by the StreamableFile will be kept open. | ||||
| CVE-2014-125102 | 1 Bestwebsoft | 1 Relevant | 2025-03-05 | 4.3 Medium |
| A vulnerability classified as problematic was found in Bestwebsoft Relevant Plugin up to 1.0.7 on WordPress. Affected by this vulnerability is an unknown functionality of the component Thumbnail Handler. The manipulation leads to information disclosure. The attack can be launched remotely. Upgrading to version 1.0.8 is able to address this issue. The identifier of the patch is 860d1891025548cf0f5f97364c1f51a888f523c3. It is recommended to upgrade the affected component. The identifier VDB-230113 was assigned to this vulnerability. | ||||
| CVE-2023-29287 | 1 Adobe | 2 Commerce, Magento | 2025-03-05 | 5.3 Medium |
| Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Information Exposure vulnerability that could lead to a security feature bypass. An attacker could leverage this vulnerability to leak minor user data. Exploitation of this issue does not require user interaction.. | ||||
| CVE-2023-23327 | 1 Avantfax | 1 Avantfax | 2025-03-05 | 4.9 Medium |
| An Information Disclosure vulnerability exists in AvantFAX 3.3.7. Backups of the AvantFAX sent/received faxes, and database backups are stored using the current date as the filename and hosted on the web server without access controls. | ||||
| CVE-2024-58049 | 2025-03-04 | 5 Medium | ||
| Permission verification vulnerability in the media library module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2024-58047 | 2025-03-04 | 5 Medium | ||
| Permission verification vulnerability in the media library module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2025-21626 | 1 Glpi-project | 1 Glpi | 2025-03-04 | 5.8 Medium |
| GLPI is a free asset and IT management software package. Starting in version 0.71 and prior to version 10.0.18, an anonymous user can fetch sensitive information from the `status.php` endpoint. Version 10.0.18 contains a fix for the issue. Some workarounds are available. One may delete the `status.php` file, restrict its access, or remove any sensitive values from the `name` field of the active LDAP directories, mail servers authentication providers and mail receivers. | ||||
| CVE-2023-30540 | 1 Nextcloud | 1 Talk | 2025-03-03 | 3.5 Low |
| Nextcloud Talk is a chat, video & audio call extension for Nextcloud. In affected versions a user that was added later to a conversation can use this information to get access to data that was deleted before they were added to the conversation. This issue has been patched in version 15.0.5 and it is recommended that users upgrad to 15.0.5. There are no known workarounds for this issue. | ||||
| CVE-2024-5354 | 1 Anji-plus | 1 Aj-report | 2025-03-01 | 4.3 Medium |
| A vulnerability classified as problematic was found in anji-plus AJ-Report up to 1.4.1. This vulnerability affects unknown code of the file /reportShare/detailByCode. The manipulation of the argument shareToken leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-266266 is the identifier assigned to this vulnerability. | ||||
| CVE-2023-24923 | 1 Microsoft | 1 Onedrive | 2025-02-28 | 5.5 Medium |
| Microsoft OneDrive for Android Information Disclosure Vulnerability | ||||
| CVE-2023-24882 | 1 Microsoft | 1 Onedrive | 2025-02-28 | 5.5 Medium |
| Microsoft OneDrive for Android Information Disclosure Vulnerability | ||||
| CVE-2023-38158 | 1 Microsoft | 1 Edge Chromium | 2025-02-28 | 3.1 Low |
| Microsoft Edge (Chromium-based) Information Disclosure Vulnerability | ||||
| CVE-2023-36894 | 1 Microsoft | 1 Sharepoint Server | 2025-02-28 | 6.5 Medium |
| Microsoft SharePoint Server Information Disclosure Vulnerability | ||||
| CVE-2022-30184 | 4 Apple, Fedoraproject, Microsoft and 1 more | 9 Macos, Fedora, .net and 6 more | 2025-02-28 | 5.5 Medium |
| .NET and Visual Studio Information Disclosure Vulnerability | ||||
| CVE-2021-31173 | 1 Microsoft | 2 Sharepoint Foundation, Sharepoint Server | 2025-02-28 | 5.3 Medium |
| Microsoft SharePoint Server Information Disclosure Vulnerability | ||||
| CVE-2023-33165 | 1 Microsoft | 1 Sharepoint Server | 2025-02-28 | 4.3 Medium |
| Microsoft SharePoint Server Security Feature Bypass Vulnerability | ||||
| CVE-2023-27904 | 2 Jenkins, Redhat | 3 Jenkins, Ocp Tools, Openshift | 2025-02-28 | 5.3 Medium |
| Jenkins 2.393 and earlier, LTS 2.375.3 and earlier prints an error stack trace on agent-related pages when agent connections are broken, potentially revealing information about Jenkins configuration that is otherwise inaccessible to attackers. | ||||
| CVE-2025-1606 | 1 Mayurik | 1 Best Employee Management System | 2025-02-28 | 4.3 Medium |
| A vulnerability classified as problematic was found in SourceCodester Best Employee Management System 1.0. This vulnerability affects unknown code of the file /admin/backup/backups.php. The manipulation leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||