Export limit exceeded: 23230 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 364155 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 10734 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10734 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-15065 | 2026-04-15 | 6.3 Medium | ||
| Exposure of Sensitive Information to an Unauthorized Actor, Missing Encryption of Sensitive Data, Files or Directories Accessible to External Parties vulnerability in Kings Information & Network Co. KESS Enterprise on Windows allows Privilege Escalation, Modify Existing Service, Modify Shared File.This issue affects KESS Enterprise: before *.25.9.19.exe | ||||
| CVE-2024-45250 | 2026-04-15 | 4.3 Medium | ||
| ZKteco – CWE 200 Exposure of Sensitive Information to an Unauthorized Actor | ||||
| CVE-2024-48824 | 1 Automatic Systems | 1 Maintenance Slimlane | 2026-04-15 | 7.5 High |
| An issue in Automatic Systems Maintenance SlimLane 29565_d74ecce0c1081d50546db573a499941b10799fb7 allows a remote attacker to obtain sensitive information via the Racine & FileName parameters in the download-file.php component. | ||||
| CVE-2025-10952 | 1 Geyang | 1 Ml-logger | 2026-04-15 | 5.3 Medium |
| A security flaw has been discovered in geyang ml-logger up to acf255bade5be6ad88d90735c8367b28cbe3a743. Affected by this issue is the function stream_handler of the file ml_logger/server.py of the component File Handler. Performing manipulation of the argument key results in information disclosure. The attack can be initiated remotely. The exploit has been released to the public and may be exploited. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. | ||||
| CVE-2025-57838 | 1 Honor | 1 Magicos | 2026-04-15 | 4 Medium |
| Some Honor products are affected by information leak vulnerability, successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2024-3160 | 2026-04-15 | 5.3 Medium | ||
| ** DISPUTED ** A vulnerability, which was classified as problematic, was found in Intelbras MHDX 1004, MHDX 1008, MHDX 1016, MHDX 5016, HDCVI 1008 and HDCVI 1016 up to 20240401. This affects an unknown part of the file /cap.js of the component HTTP GET Request Handler. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The identifier VDB-258933 was assigned to this vulnerability. NOTE: The vendor explains that they do not classify the information shown as sensitive and therefore there is no vulnerability which is about to harm the user. | ||||
| CVE-2025-46820 | 2026-04-15 | 7.1 High | ||
| phpgt/Dom provides access to modern DOM APIs. Versions of phpgt/Dom prior to 4.1.8 expose the GITHUB_TOKEN in the Dom workflow run artifact. The ci.yml workflow file uses actions/upload-artifact@v4 to upload the build artifact. This artifact is a zip of the current directory, which includes the automatically generated .git/config file containing the run's GITHUB_TOKEN. Seeing as the artifact can be downloaded prior to the end of the workflow, there is a few seconds where an attacker can extract the token from the artifact and use it with the GitHub API to push malicious code or rewrite release commits in your repository. Any downstream user of the repository may be affected, but the token should only be valid for the duration of the workflow run, limiting the time during which exploitation could occur. Version 4.1.8 fixes the issue. | ||||
| CVE-2024-4583 | 2026-04-15 | 5.3 Medium | ||
| A vulnerability classified as problematic was found in Faraday GM8181 and GM828x up to 20240429. Affected by this vulnerability is an unknown functionality of the component Request Handler. The manipulation leads to information disclosure. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. The identifier VDB-263305 was assigned to this vulnerability. | ||||
| CVE-2024-11280 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 5.3 Medium |
| The PPWP – Password Protect Pages plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.9.5 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as administrator. | ||||
| CVE-2024-6560 | 2026-04-15 | 5.3 Medium | ||
| The Addonify – Quick View For WooCommerce plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.2.16. This is due the plugin utilizing mobiledetect without preventing direct access to the files. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website. | ||||
| CVE-2024-6506 | 2026-04-15 | 8.2 High | ||
| Information exposure vulnerability in the MRW plugin, in its 5.4.3 version, affecting the "mrw_log" functionality. This vulnerability could allow a remote attacker to obtain other customers' order information and access sensitive information such as name and phone number. This vulnerability also allows an attacker to create or overwrite shipping labels. | ||||
| CVE-2024-48125 | 2026-04-15 | 7.5 High | ||
| An issue in the AsDB service of HI-SCAN 6040i Hitrax HX-03-19-I allows attackers to enumerate user credentials via crafted GIOP protocol requests. | ||||
| CVE-2024-48789 | 1 Inatronic | 1 Drivedeck | 2026-04-15 | 7.5 High |
| An issue in INATRONIC com.inatronic.drivedeck.home 2.6.23 allows a remote attacker to obtain sensitve information via the firmware update process. | ||||
| CVE-2025-60344 | 1 Dlink | 3 Dsr-150, Dsr-150n, Dsr-250n | 2026-04-15 | 8.6 High |
| A path traversal (directory traversal) vulnerability in D-Link DSR series routers allows unauthenticated remote attackers to manipulate input parameters used for file or directory path resolution (e.g., via sequences such as “../”). Successful exploitation may allow access to files outside of the intended directory, potentially exposing sensitive system or configuration files. The issue results from insufficient validation or sanitization of user-supplied input. Affected Products include: DSR-150, DSR-150N, and DSR-250N v1.09B32_WW. | ||||
| CVE-2025-8738 | 1 Microservices-platform Project | 1 Microservices-platform | 2026-04-15 | 5.3 Medium |
| A vulnerability has been found in zlt2000 microservices-platform up to 6.0.0 and classified as problematic. This vulnerability affects unknown code of the file /actuator of the component Spring Actuator Interface. The manipulation leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-41701 | 2026-04-15 | 5.3 Medium | ||
| AccuPOS - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor | ||||
| CVE-2025-14553 | 3 Apple, Google, Tp-link | 4 Ios, Android, Tapo and 1 more | 2026-04-15 | N/A |
| Exposure of password hashes through an unauthenticated API response in TP-Link Tapo app on iOS and Android for Tapo cameras, allowing attackers to brute force the password in the local network. Issue can be mitigated through mobile application updates. Device firmware remains unchanged. | ||||
| CVE-2025-36759 | 1 Solax | 1 Solax Cloud | 2026-04-15 | N/A |
| Through the provision of user names, SolaX Cloud will suggest (similar) user accounts and thereby leak sensitive information such as user email addresses and phone numbers. | ||||
| CVE-2024-30263 | 1 Xwikisas | 1 Macro Pdfviewer | 2026-04-15 | 7.7 High |
| macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla pdf.js. Users with edit rights can access restricted PDF attachments using the PDF Viewer macro, just by passing the attachment URL as the value of the ``file`` parameter. Users with view rights can access restricted PDF attachments if they are shown on public pages where the PDF Viewer macro is called using the attachment URL instead of its reference. This vulnerability has been patched in version 2.5.1. | ||||
| CVE-2024-24313 | 1 Vaales Technologies | 1 V Qrs | 2026-04-15 | 7.5 High |
| An issue in Vaales Technologies V_QRS v.2024-01-17 allows a remote attacker to obtain sensitive information via the Models/FormModel.php and QRModel.php component. | ||||