Export limit exceeded: 10734 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10734 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-38300 | 1 Orbic | 1 Maui | 2026-04-15 | 6.2 Medium |
| A certain software build for the Orbic Maui device (Orbic/RC545L/RC545L:10/ORB545L_V1.4.2_BVZPP/230106:user/release-keys) leaks the IMEI and the ICCID to system properties that can be accessed by any local app on the device without any permissions or special privileges. Google restricted third-party apps from directly obtaining non-resettable device identifiers in Android 10 and higher, but in this instance they are leaked by a high-privilege process and can be obtained indirectly. This malicious app reads from the "persist.sys.verizon_test_plan_imei" system property to indirectly obtain the IMEI and reads the "persist.sys.verizon_test_plan_iccid" system property to obtain the ICCID. | ||||
| CVE-2025-37165 | 1 Hpe | 1 Aruba Instant On | 2026-04-15 | 7.5 High |
| A vulnerability in the router mode configuration of HPE Instant On Access Points exposed certain network configuration details to unintended interfaces. A malicious actor could gain knowledge of internal network configuration details through inspecting impacted packets. | ||||
| CVE-2023-38302 | 2026-04-15 | 4.3 Medium | ||
| A certain software build for the Sharp Rouvo V device (SHARP/VZW_STTM21VAPP/STTM21VAPP:12/SP1A.210812.016/1KN0_0_530:user/release-keys) leaks the Wi-Fi MAC address and the Bluetooth MAC address to system properties that can be accessed by any local app on the device without any permissions or special privileges. Google restricted third-party apps from directly obtaining non-resettable device identifiers in Android 10 and higher, but in this instance they are leaked by a high-privilege process and can be obtained indirectly. This malicious app reads from the "ro.boot.wifi_mac" system property to indirectly obtain the Wi-Fi MAC address and reads the "ro.boot.bt_mac" system property to obtain the Bluetooth MAC address. | ||||
| CVE-2024-13567 | 2026-04-15 | 7.5 High | ||
| The Awesome Support – WordPress HelpDesk & Support Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.3.1 via the 'awesome-support' directory. This makes it possible for unauthenticated attackers to extract sensitive data stored insecurely in the /wp-content/uploads/awesome-support directory which can contain file attachments included in support tickets. The vulnerability was partially patched in version 6.3.1. | ||||
| CVE-2024-47779 | 2026-04-15 | N/A | ||
| Element is a Matrix web client built using the Matrix React SDK. Element Web versions 1.11.70 through 1.11.80 contain a vulnerability which can, under specially crafted conditions, lead to the access token becoming exposed to third parties. At least one vector has been identified internally, involving malicious widgets, but other vectors may exist. Note that despite superficial similarity to CVE-2024-47771, this is an entirely separate vulnerability, caused by a separate piece of code included only in Element Web. Element Web and Element Desktop share most but not all, of their code and this vulnerability exists in the part of the code base which is not shared between the projects. Users are strongly advised to upgrade to version 1.11.81 to remediate the issue. As a workaround, avoid granting permissions to untrusted widgets. | ||||
| CVE-2024-7413 | 1 Coffee2code | 1 Obfuscate Email | 2026-04-15 | 5.3 Medium |
| The Obfuscate Email plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.8.1. This is due to the plugin allowing direct access to the bootstrap.php file which has display_errors on. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website. | ||||
| CVE-2020-36850 | 1 Sitecore | 2 Sitecore, Sitecore.net | 2026-04-15 | N/A |
| An information disclosure vulnerability exits in Sitecore JSS React Sample Application 11.0.0 - 14.0.1 that may cause page content intended for one user to be shown to another user. | ||||
| CVE-2025-47855 | 1 Fortinet | 2 Fortifone, Fortinet | 2026-04-15 | 9.3 Critical |
| An exposure of sensitive information to an unauthorized actor [CWE-200] vulnerability in Fortinet FortiFone 7.0.0 through 7.0.1, FortiFone 3.0.13 through 3.0.23 allows an unauthenticated attacker to obtain the device configuration via crafted HTTP or HTTPS requests. | ||||
| CVE-2024-5202 | 2026-04-15 | 7.7 High | ||
| Arbitrary File Read in OpenText Dimensions RM allows authenticated users to read files stored on the server via webservices | ||||
| CVE-2025-46382 | 2026-04-15 | 5.3 Medium | ||
| CWE-200 Exposure of Sensitive Information to an Unauthorized Actor | ||||
| CVE-2024-55272 | 2026-04-15 | 7.5 High | ||
| An issue in Brainasoft Braina v2.8 allows a remote attacker to obtain sensitive information via the chat window function. | ||||
| CVE-2025-54468 | 2 Rancher, Suse | 2 Rancher, Rancher | 2026-04-15 | 4.7 Medium |
| A vulnerability has been identified within Rancher Manager whereby `Impersonate-Extra-*` headers are being sent to an external entity, for example `amazonaws.com`, via the `/meta/proxy` Rancher endpoint. These headers may contain identifiable and/or sensitive information e.g. email addresses. | ||||
| CVE-2024-5230 | 2026-04-15 | 5.3 Medium | ||
| A vulnerability has been found in EnvaySoft FleetCart up to 4.1.1 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation of the argument razorpayKeyId leads to information disclosure. The attack can be launched remotely. It is recommended to upgrade the affected component. The identifier VDB-265981 was assigned to this vulnerability. | ||||
| CVE-2024-7416 | 1 Coffee2code | 1 Reveal Template Wordpress | 2026-04-15 | 5.3 Medium |
| The Reveal Template plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.7. This is due to the plugin allowing direct access to the bootstrap.php file which has display_errors on. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website. | ||||
| CVE-2025-20290 | 1 Cisco | 8 Nexus, Nexus 3000, Nexus 9000 and 5 more | 2026-04-15 | 5.5 Medium |
| A vulnerability in the logging feature of Cisco NX-OS Software for Cisco Nexus 3000 Series Switches, Cisco Nexus 9000 Series Switches in standalone NX-OS mode, Cisco UCS 6400 Fabric Interconnects, Cisco UCS 6500 Series Fabric Interconnects, and Cisco UCS 9108 100G Fabric Interconnects could allow an authenticated, local attacker access to sensitive information. This vulnerability is due to improper logging of sensitive information. An attacker could exploit this vulnerability by accessing log files on the file system where they are stored. A successful exploit could allow the attacker to access sensitive information, such as stored credentials. | ||||
| CVE-2024-47915 | 1 Vaemendis | 1 Vaemendis Ubooquity | 2026-04-15 | 7.5 High |
| VaeMendis - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor | ||||
| CVE-2025-29316 | 2026-04-15 | 6.2 Medium | ||
| An issue in DataPatrol Screenshot watermark, printing watermark agent v.3.5.2.0 allows a physically proximate attacker to obtain sensitive information. NOTE: the Supplier disputes the Print Job Watermark Bypass claim because the watermark is added by hooking into the OS printing mechanism, and thus is not supposed to be visible when previewing a "generated printout" on screen. The Supplier disputes the Screenshot Watermark Bypass claim because the product's documentation explains the step of setting Developer Tools to Disallowed through AD Group Policy. | ||||
| CVE-2025-34130 | 1 Tvt | 1 Dvr Firmware | 2026-04-15 | N/A |
| An unauthenticated arbitrary file read exists in LILIN Digital Video Recorder (DVR) devices prior to firmware version 2.0b60_20200207 via the /z/zbin/net_html.cgi endpoint. This vulnerability allows attackers to read sensitive configuration files, such as /zconf/service.xml, which can then be used to facilitate further attacks including command injection. The vulnerability has been exploited in the wild in conjunction with other issues by botnets like FBot and Moobot. | ||||
| CVE-2024-8097 | 1 Payara Platform | 1 Payara Server | 2026-04-15 | 4.2 Medium |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Payara Platform Payara Server (Logging modules) allows Sensitive credentials posted in plain-text on the server log.This issue affects Payara Server: from 6.0.0 before 6.18.0, from 6.2022.1 before 6.2024.9, from 5.20.0 before 5.67.0, from 5.2020.2 before 5.2022.5, from 4.1.2.191.0 before 4.1.2.191.50. | ||||
| CVE-2024-48125 | 2026-04-15 | 7.5 High | ||
| An issue in the AsDB service of HI-SCAN 6040i Hitrax HX-03-19-I allows attackers to enumerate user credentials via crafted GIOP protocol requests. | ||||