Export limit exceeded: 351382 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10442 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-22227 | 2026-04-15 | 6.1 Medium | ||
| In some specific scenarios with chained redirects, Reactor Netty HTTP client leaks credentials. In order for this to happen, the HTTP client must have been explicitly configured to follow redirects. | ||||
| CVE-2025-21620 | 2026-04-15 | 7.5 High | ||
| Deno is a JavaScript, TypeScript, and WebAssembly runtime with secure defaults. When you send a request with the Authorization header to one domain, and the response asks to redirect to a different domain, Deno'sfetch() redirect handling creates a follow-up redirect request that keeps the original Authorization header, leaking its content to that second domain. This vulnerability is fixed in 2.1.2. | ||||
| CVE-2025-7572 | 2026-04-15 | 5.3 Medium | ||
| A vulnerability classified as critical was found in LB-LINK BL-AC1900, BL-AC2100_AZ3, BL-AC3600, BL-AX1800, BL-AX5400P and BL-WR9000 up to 20250702. This vulnerability affects the function bs_GetHostInfo in the library libblinkapi.so of the file /cgi-bin/lighttpd.cgi. The manipulation leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-21615 | 2026-04-15 | 5.5 Medium | ||
| AAT (Another Activity Tracker) is a GPS-tracking application for tracking sportive activities, with emphasis on cycling. Versions lower than v1.26 of AAT are vulnerable to data exfiltration from malicious apps installed on the same device. | ||||
| CVE-2025-8915 | 1 Kiloview | 1 N30 | 2026-04-15 | N/A |
| Hardcoded TLS private key and certificate in firmware in Kiloview N30 2.02.246 allows malicious adversary to do a Mann-in-the-middle attack via the network | ||||
| CVE-2025-20624 | 2026-04-15 | 5.7 Medium | ||
| Exposure of sensitive information to an unauthorized actor for some Edge Orchestrator software for Intel(R) Tiber™ Edge Platform may allow an authenticated user to potentially enable information disclosure via adjacent access. | ||||
| CVE-2025-22866 | 1 Redhat | 7 Acm, Apache Camel Hawtio, Ceph Storage and 4 more | 2026-04-15 | 4 Medium |
| Due to the usage of a variable time instruction in the assembly implementation of an internal function, a small number of bits of secret scalars are leaked on the ppc64le architecture. Due to the way this function is used, we do not believe this leakage is enough to allow recovery of the private key when P-256 is used in any well known protocols. | ||||
| CVE-2025-65951 | 1 Mescuwa | 1 Entropy-derby | 2026-04-15 | 8.7 High |
| Inside Track / Entropy Derby is a research-grade horse-racing betting engine. Prior to commit 2d38d2f, the VDF-based timelock encryption system fails to enforce sequential delay against the betting operator. Bettors pre-compute the entire Wesolowski VDF and include vdfOutputHex in their encrypted bet ticket, allowing the house to decrypt immediately using fast proof verification instead of expensive VDF evaluation. This issue has been patched via commit 2d38d2f. | ||||
| CVE-2025-1868 | 2026-04-15 | 6.8 Medium | ||
| Vulnerability of unauthorized exposure of confidential information affecting Advanced IP Scanner and Advanced Port Scanner. It occurs when these applications initiate a network scan, inadvertently sending the NTLM hash of the user performing the scan. This vulnerability can be exploited by intercepting network traffic to a legitimate server or by setting up a fake server, in both local and remote scenarios. This exposure is relevant for both HTTP/HTTPS and SMB protocols. | ||||
| CVE-2025-46388 | 2026-04-15 | 4.3 Medium | ||
| CWE-200 Exposure of Sensitive Information to an Unauthorized Actor | ||||
| CVE-2025-8590 | 1 Akce | 1 Skspro | 2026-04-15 | 7.5 High |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in AKCE Software Technology R&D Industry and Trade Inc. SKSPro allows Directory Indexing.This issue affects SKSPro: through 07012026. | ||||
| CVE-2025-8886 | 1 Usta | 1 Aybs | 2026-04-15 | 6.7 Medium |
| Incorrect Permission Assignment for Critical Resource, Exposure of Sensitive Information to an Unauthorized Actor, Missing Authorization, Incorrect Authorization vulnerability in Usta Information Systems Inc. Aybs Interaktif allows Privilege Abuse, Authentication Bypass.This issue affects Aybs Interaktif: from 2024 through 28082025. | ||||
| CVE-2025-13804 | 1 Nutzam | 1 Nutzboot | 2026-04-15 | 4.3 Medium |
| A security flaw has been discovered in nutzam NutzBoot up to 2.6.0-SNAPSHOT. The impacted element is an unknown function of the file nutzboot-demo/nutzboot-demo-simple/nutzboot-demo-simple-web3j/src/main/java/io/nutz/demo/simple/module/EthModule.java of the component Ethereum Wallet Handler. Performing a manipulation results in information disclosure. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks. | ||||
| CVE-2025-8866 | 1 Yugabyte | 1 Yugabytedb | 2026-04-15 | 5.3 Medium |
| YugabyteDB Anywhere web server does not properly enforce authentication for the /metamaster/universe API endpoint. An unauthenticated attacker could exploit this flaw to obtain server networking configuration details, including private and public IP addresses and DNS records. | ||||
| CVE-2025-13653 | 1 Search-guard | 1 Search Guard | 2026-04-15 | 4.3 Medium |
| In Search Guard FLX versions from 3.1.0 up to 4.0.0 with enterprise modules being disabled, there exists an issue which allows authenticated users to use specially crafted requests to read documents from data streams without having the respective privileges. | ||||
| CVE-2025-9209 | 2 Magnigenie, Wordpress | 2 Restropress, Wordpress | 2026-04-15 | 9.8 Critical |
| The RestroPress – Online Food Ordering System plugin for WordPress is vulnerable to Authentication Bypass in versions 3.0.0 to 3.1.9.2. This is due to the plugin exposing user private tokens and API data via the /wp-json/wp/v2/users REST API endpoint. This makes it possible for unauthenticated attackers to forge JWT tokens for other users, including administrators, and authenticate as them. | ||||
| CVE-2025-12491 | 1 Senstar | 1 Symphony | 2026-04-15 | N/A |
| Senstar Symphony FetchStoredLicense Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Senstar Symphony. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of FetchStoredLicense method. The issue results from the exposure of sensitive information. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-26908. | ||||
| CVE-2025-20345 | 1 Duo | 1 Authentication Proxy | 2026-04-15 | 4.9 Medium |
| A vulnerability in the debug logging function of Cisco Duo Authentication Proxy could allow an authenticated, high-privileged, remote attacker to view sensitive information in a system log file. This vulnerability is due to insufficient masking of sensitive information before it is written to system log files. An attacker could exploit this vulnerability by accessing logs on an affected system. A successful exploit could allow the attacker to view sensitive information that should be restricted. | ||||
| CVE-2021-26279 | 2026-04-15 | 5.9 Medium | ||
| Some parameters of the weather module are improperly stored, leaking some sensitive information. | ||||
| CVE-2024-13911 | 2026-04-15 | 7.2 High | ||
| The Database Backup and check Tables Automated With Scheduler 2024 plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.35 via the /dashboard/backup.php file. This makes it possible for authenticated attackers, with Administrator-level access and above, to extract sensitive data including full database credentials. | ||||