Export limit exceeded: 22063 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 12227 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 351665 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 10455 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10455 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-43018 | 1 Hp | 39 Hp, Laserjet Mfp M428, Laserjet Mfp M429 and 36 more | 2026-02-24 | 5.3 Medium |
| Certain HP LaserJet Pro printers may be vulnerable to information disclosure when a non-authenticated user queries a device’s local address book. | ||||
| CVE-2025-15141 | 1 Halo | 1 Halo | 2026-02-24 | 3.1 Low |
| A vulnerability was determined in Halo up to 2.21.10. This issue affects some unknown processing of the file /actuator of the component Configuration Handler. Executing a manipulation can lead to information disclosure. The attack may be performed from remote. This attack is characterized by high complexity. The exploitability is assessed as difficult. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-12616 | 1 Phpgurukul | 1 News Portal | 2026-02-24 | 3.7 Low |
| A vulnerability was detected in PHPGurukul News Portal 1.0. The impacted element is an unknown function of the file /onps/settings.py. Performing a manipulation results in insertion of sensitive information into debugging code. It is possible to initiate the attack remotely. The attack's complexity is rated as high. The exploitability is regarded as difficult. The exploit is now public and may be used. | ||||
| CVE-2025-14286 | 1 Tenda | 2 Ac9, Ac9 Firmware | 2026-02-24 | 5.3 Medium |
| A vulnerability was determined in Tenda AC9 15.03.05.14_multi. Affected by this vulnerability is an unknown functionality of the file /cgi-bin/DownloadCfg.jpg of the component Configuration File Handler. This manipulation causes information disclosure. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized. | ||||
| CVE-2020-35611 | 1 Joomla | 1 Joomla\! | 2026-02-24 | 7.5 High |
| An issue was discovered in Joomla! 2.5.0 through 3.9.22. The globlal configuration page does not remove secrets from the HTML output, disclosing the current values. | ||||
| CVE-2020-8908 | 5 Google, Netapp, Oracle and 2 more | 20 Guava, Active Iq Unified Manager, Commerce Guided Search and 17 more | 2026-02-23 | 3.3 Low |
| A temp directory creation vulnerability exists in all versions of Guava, allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava API com.google.common.io.Files.createTempDir(). By default, on unix-like systems, the created directory is world-readable (readable by an attacker with access to the system). The method in question has been marked @Deprecated in versions 30.0 and later and should not be used. For Android developers, we recommend choosing a temporary directory API provided by Android, such as context.getCacheDir(). For other Java developers, we recommend migrating to the Java 7 API java.nio.file.Files.createTempDirectory() which explicitly configures permissions of 700, or configuring the Java runtime's java.io.tmpdir system property to point to a location whose permissions are appropriately configured. | ||||
| CVE-2020-1510 | 1 Microsoft | 6 Windows 10, Windows 10 1507, Windows 10 1607 and 3 more | 2026-02-23 | 5.5 Medium |
| An information disclosure vulnerability exists when the win32k component improperly provides kernel information. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The security update addresses the vulnerability by correcting how win32k handles objects in memory. | ||||
| CVE-2020-16937 | 1 Microsoft | 10 .net, .net Framework, Windows 10 and 7 more | 2026-02-23 | 4.7 Medium |
| <p>An information disclosure vulnerability exists when the .NET Framework improperly handles objects in memory. An attacker who successfully exploited the vulnerability could disclose contents of an affected system's memory.</p> <p>To exploit the vulnerability, an authenticated attacker would need to run a specially crafted application.</p> <p>The update addresses the vulnerability by correcting how the .NET Framework handles objects in memory.</p> | ||||
| CVE-2025-65017 | 1 Decidim | 1 Decidim | 2026-02-23 | 6.5 Medium |
| Decidim is a participatory democracy framework. In versions from 0.30.0 to before 0.30.4 and from 0.31.0.rc1 to before 0.31.0, the private data exports can lead to data leaks in case the UUID generation, causing collisions for the generated UUIDs. This issue has been patched in versions 0.30.4 and 0.31.0. | ||||
| CVE-2025-70829 | 1 Running-elephant | 1 Datart | 2026-02-23 | 5.7 Medium |
| An information exposure vulnerability in Datart v1.0.0-rc.3 allows authenticated attackers to access sensitive data via a custom H2 JDBC connection string. | ||||
| CVE-2022-4862 | 1 M-files | 1 M-files Server | 2026-02-23 | 5 Medium |
| Rendering of HTML provided by another authenticated user is possible in browser on M-Files Web before 22.12.12140.3. This allows the content to steal user sensitive information. This issue affects M-Files New Web: before 22.12.12140.3. | ||||
| CVE-2022-1911 | 1 M-files | 1 M-files Server | 2026-02-23 | 5.3 Medium |
| Error in parser function in M-Files Server versions before 22.6.11534.1 and before 22.6.11505.0 allowed unauthenticated access to some information of the underlying operating system. | ||||
| CVE-2022-3284 | 1 M-files | 1 M-files Server | 2026-02-23 | 6.5 Medium |
| Download key for a file in a vault was passed in an insecure way that could easily be logged in M-Files New Web in M-Files before 22.11.12011.0. This issue affects M-Files New Web: before 22.11.12011.0. | ||||
| CVE-2025-59260 | 1 Microsoft | 8 Server, Windows Server, Windows Server 2016 and 5 more | 2026-02-22 | 5.5 Medium |
| Exposure of sensitive information to an unauthorized actor in Microsoft Failover Cluster Virtual Driver allows an authorized attacker to disclose information locally. | ||||
| CVE-2025-59209 | 1 Microsoft | 27 Windows, Windows 10, Windows 10 1507 and 24 more | 2026-02-22 | 5.5 Medium |
| Exposure of sensitive information to an unauthorized actor in Windows Push Notification Core allows an authorized attacker to disclose information locally. | ||||
| CVE-2025-59188 | 1 Microsoft | 9 Windows Server, Windows Server 2012, Windows Server 2012 R2 and 6 more | 2026-02-22 | 5.5 Medium |
| Exposure of sensitive information to an unauthorized actor in Windows Failover Cluster allows an authorized attacker to disclose information locally. | ||||
| CVE-2025-59184 | 1 Microsoft | 7 Windows Server, Windows Server 2016, Windows Server 2019 and 4 more | 2026-02-22 | 5.5 Medium |
| Exposure of sensitive information to an unauthorized actor in Windows High Availability Services allows an authorized attacker to disclose information locally. | ||||
| CVE-2025-58739 | 1 Microsoft | 30 Windows, Windows 10, Windows 10 1507 and 27 more | 2026-02-22 | 6.5 Medium |
| Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network. | ||||
| CVE-2025-55699 | 1 Microsoft | 25 Windows, Windows 10, Windows 10 1507 and 22 more | 2026-02-22 | 5.5 Medium |
| Exposure of sensitive information to an unauthorized actor in Windows Kernel allows an authorized attacker to disclose information locally. | ||||
| CVE-2025-55683 | 1 Microsoft | 8 Windows, Windows Server, Windows Server 2016 and 5 more | 2026-02-22 | 5.5 Medium |
| Exposure of sensitive information to an unauthorized actor in Windows Kernel allows an authorized attacker to disclose information locally. | ||||