Search Results (366 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-5893 2026-04-15 9.8 Critical
Smart Parking Management System from Honding Technology has an Exposure of Sensitive Information vulnerability, allowing unauthenticated remote attackers to access a specific page and obtain plaintext administrator credentials.
CVE-2025-59447 1 Yosmart 1 Yolink Smart Hub 2026-04-15 2.2 Low
The YoSmart YoLink Smart Hub device 0382 exposes a UART debug interface. An attacker with direct physical access can leverage this interface to read a boot log, which includes network access credentials.
CVE-2025-62735 2 Joelhardi, Wordpress 2 User Spam Remover, Wordpress 2026-04-15 5.3 Medium
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Joel User Spam Remover user-spam-remover allows Retrieve Embedded Sensitive Data.This issue affects User Spam Remover: from n/a through <= 1.1.
CVE-2025-62737 1 Wordpress 1 Wordpress 2026-04-15 5.3 Medium
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in opicron Image Cleanup image-cleanup allows Retrieve Embedded Sensitive Data.This issue affects Image Cleanup: from n/a through <= 1.9.2.
CVE-2025-6561 2026-04-15 9.8 Critical
Certain hybrid DVR models ((HBF-09KD and HBF-16NK)) from Hunt Electronic have an Exposure of Sensitive Information vulnerability, allowing unauthenticated remote attackers to directly access a system configuration file and obtain plaintext administrator credentials.
CVE-2025-66056 2 Uncannyowl, Wordpress 2 Uncanny Automator, Wordpress 2026-04-15 4.3 Medium
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Uncanny Owl Uncanny Automator uncanny-automator allows Retrieve Embedded Sensitive Data.This issue affects Uncanny Automator: from n/a through < 6.10.0.
CVE-2025-67470 2 Essentialplugin, Wordpress 2 Portfolio And Projects, Wordpress 2026-04-15 4.3 Medium
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Essential Plugin Portfolio and Projects portfolio-and-projects allows Retrieve Embedded Sensitive Data.This issue affects Portfolio and Projects: from n/a through <= 1.5.5.
CVE-2025-67954 1 Wordpress 1 Wordpress 2026-04-15 6.5 Medium
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Dimitri Grassi Salon booking system salon-booking-system allows Retrieve Embedded Sensitive Data.This issue affects Salon booking system: from n/a through <= 10.30.3.
CVE-2024-1809 1 Analytify 1 Analytify - Google Analytics Dashboard 2026-04-08 5.4 Medium
The Analytify – Google Analytics Dashboard For WordPress (GA4 analytics made easy) plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on AJAX functions in combination with nonce leakage in all versions up to, and including, 5.2.3. This makes it possible for authenticated attackers, with subscriber access and higher, to obtain certain sensitive information related to plugin settings.
CVE-2020-36926 1 Smartertools 2 Smartermail, Smartertrack 2026-04-07 7.5 High
SmarterTrack 7922 contains an information disclosure vulnerability in the Chat Management search form that reveals agent identification details. Attackers can access the vulnerable /Management/Chat/frmChatSearch.aspx endpoint to retrieve agents' first and last names along with their unique identifiers.
CVE-2025-36373 1 Ibm 4 Datapower Gateway, Datapower Gateway 1050, Datapower Gateway 1060 and 1 more 2026-04-07 4.1 Medium
IBM DataPower Gateway 10.6CD 10.6.1.0 through 10.6.5.0 and IBM DataPower Gateway 10.5.0 10.5.0.0 through 10.5.0.20 and IBM DataPower Gateway 10.6.0 10.6.0.0 through 10.6.0.8 IBM DataPower Gateway could disclose sensitive system information from other domains to an administrative user.
CVE-2026-20691 1 Apple 7 Ios And Ipados, Ipados, Iphone Os and 4 more 2026-04-02 4.3 Medium
An authorization issue was addressed with improved state management. This issue is fixed in Safari 26.4, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, visionOS 26.4, watchOS 26.4. A maliciously crafted webpage may be able to fingerprint the user.
CVE-2025-64258 2 Wordpress, Wpwebelite 2 Wordpress, Follow My Blog Post 2026-04-01 7.5 High
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in wpweb Follow My Blog Post follow-my-blog-post allows Retrieve Embedded Sensitive Data.This issue affects Follow My Blog Post: from n/a through <= 2.3.9.
CVE-2025-13651 2 Microcom, Microcom360 2 Zeusweb, Zeusweb 2026-03-26 7.5 High
Exposure of Sensitive System Information to an Unauthorized Actor vulnerability in Microcom ZeusWeb allows Web Application Fingerprinting of sensitive data. This issue affects ZeusWeb: 6.1.31.
CVE-2026-0231 1 Palo Alto Networks 1 Cortex Xdr Broker Vm 2026-03-20 N/A
An information disclosure vulnerability in Palo Alto Networks Cortex XDR® Broker VM allows an authenticated user to obtain and modify sensitive information by triggering live terminal session via Cortex UI and modifying any configuration setting.  The attacker must have network access to the Broker VM to exploit this issue.
CVE-2025-41763 2 Mbs, Mbs-solutions 7 Ubr-01 Mk Ii, Ubr-02, Ubr-lon and 4 more 2026-03-11 6.5 Medium
A low‑privileged remote attacker can directly interact with the wwwdnload.cgi endpoint to download any resource available to administrators, including system backups and certificate request files.
CVE-2025-47378 1 Qualcomm 149 Cologne, Cologne Firmware, Fastconnect 6700 and 146 more 2026-03-05 7.1 High
Cryptographic Issue when a shared VM reference allows HLOS to boot loader and access cert chain.
CVE-2025-34171 1 Icewhale 1 Casaos 2026-03-05 5.3 Medium
CasaOS versions up to and including 0.4.15 expose multiple unauthenticated endpoints that allow remote attackers to retrieve sensitive configuration files and system debug information. The /v1/users/image endpoint can be abused with a user-controlled path parameter to access files under /var/lib/casaos/1/, which reveals installed applications and configuration details. Additionally, /v1/sys/debug discloses host operating system, kernel, hardware, and storage information. The endpoints also return distinct error messages, enabling file existence enumeration of arbitrary paths on the underlying host filesystem. This information disclosure can be used for reconnaissance and to facilitate targeted follow-up attacks against services deployed on the host.
CVE-2025-13616 1 Ibm 1 Datastage On Cloud Pak For Data 2026-03-04 6.5 Medium
IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 returns sensitive information in an HTTP response that could be used in further attacks against the system.
CVE-2025-13691 1 Ibm 1 Datastage On Cloud Pak For Data 2026-02-26 8.1 High
IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 returns sensitive information in an HTTP response that could be used to impersonate other users in the system.