Export limit exceeded: 10685 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10685 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-54009 | 2026-04-15 | 4 Medium | ||
| Remote authentication bypass vulnerability in HPE Alletra Storage MP B10000 in versions prior to version 10.4.5 could be remotely exploited to allow disclosure of information. | ||||
| CVE-2024-55272 | 2026-04-15 | 7.5 High | ||
| An issue in Brainasoft Braina v2.8 allows a remote attacker to obtain sensitive information via the chat window function. | ||||
| CVE-2025-62669 | 1 Mediawiki | 1 Mediawiki | 2026-04-15 | N/A |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in The Wikimedia Foundation Mediawiki - CentralAuth Extension allows Resource Leak Exposure.This issue affects Mediawiki - CentralAuth Extension: from master before 1.39. | ||||
| CVE-2024-12637 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 5.3 Medium |
| The Moving Users plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.05 via the export functionality. The JSON files are stored in predictable locations with guessable file names when exporting user data. This could allow unauthenticated attackers to extract sensitive user data, for instance, email addresses, hashed passwords, and IP addresses. | ||||
| CVE-2024-5096 | 2026-04-15 | 5.3 Medium | ||
| A vulnerability classified as problematic was found in Hipcam Device up to 20240511. This vulnerability affects unknown code of the file /log/wifi.mac of the component MAC Address Handler. The manipulation leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-265078 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-48799 | 2026-04-15 | 7.5 High | ||
| An issue in LOREX TECHNOLOGY INC com.lorexcorp.lorexping 1.4.22 allows a remote attacker to obtain sensitive information via the firmware update process. | ||||
| CVE-2025-23073 | 2026-04-15 | 3.5 Low | ||
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation Mediawiki - GlobalBlocking Extension allows Retrieve Embedded Sensitive Data. This issue briefly impacted the master branch of MediaWiki’s GlobalBlocking Extension. | ||||
| CVE-2025-23173 | 1 Versa | 1 Director | 2026-04-15 | 7.5 High |
| The Versa Director SD-WAN orchestration platform provides direct web-based access to uCPE virtual machines through the Director GUI. By default, the websockify service is exposed on port 6080 and accessible from the internet. This exposure introduces significant risk, as websockify has known weaknesses that can be exploited, potentially leading to remote code execution. Versa Networks is not aware of any reported instance where this vulnerability was exploited. Proof of concept for this vulnerability has been disclosed by third party security researchers. Workarounds or Mitigation: Restrict access to TCP port 6080 if uCPE console access is not necessary. Versa recommends that Director be upgraded to one of the remediated software versions. | ||||
| CVE-2024-48798 | 1 Hubble Connected | 1 Hubble Connected | 2026-04-15 | 7.5 High |
| An issue in Hubble Connected (com.hubbleconnected.vervelife) 2.00.81 allows a remote attacker to obtain sensitive information via the firmware update process. | ||||
| CVE-2024-48797 | 1 Pcs Engineering | 1 Preston Cinema | 2026-04-15 | 7.5 High |
| An issue in PCS Engineering Preston Cinema (com.prestoncinema.app) 0.2.0 allows a remote attacker to obtain sensitive information via the firmware update process. | ||||
| CVE-2024-48796 | 1 Eques | 1 Eques | 2026-04-15 | 7.5 High |
| An issue in EQUES com.eques.plug 1.0.1 allows a remote attacker to obtain sensitive information via the firmware update process. | ||||
| CVE-2024-48789 | 1 Inatronic | 1 Drivedeck | 2026-04-15 | 7.5 High |
| An issue in INATRONIC com.inatronic.drivedeck.home 2.6.23 allows a remote attacker to obtain sensitve information via the firmware update process. | ||||
| CVE-2024-4583 | 2026-04-15 | 5.3 Medium | ||
| A vulnerability classified as problematic was found in Faraday GM8181 and GM828x up to 20240429. Affected by this vulnerability is an unknown functionality of the component Request Handler. The manipulation leads to information disclosure. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. The identifier VDB-263305 was assigned to this vulnerability. | ||||
| CVE-2025-46382 | 2026-04-15 | 5.3 Medium | ||
| CWE-200 Exposure of Sensitive Information to an Unauthorized Actor | ||||
| CVE-2025-26167 | 2026-04-15 | 7.5 High | ||
| Buffalo LS520D 4.53 is vulnerable to Arbitrary file read, which allows unauthenticated attackers to access the NAS web UI and read arbitrary internal files. | ||||
| CVE-2025-26263 | 2026-04-15 | 5.1 Medium | ||
| GeoVision ASManager Windows desktop application with the version 6.1.2.0 or less (fixed in 6.2.0), is vulnerable to credentials disclosure due to improper memory handling in the ASManagerService.exe process. | ||||
| CVE-2025-40757 | 1 Siemens | 2 Apogee Pxc, Talon Tc | 2026-04-15 | 5.3 Medium |
| A vulnerability has been identified in APOGEE PXC Series (BACnet) (All versions), APOGEE PXC Series (P2 Ethernet) (All versions), TALON TC Series (BACnet) (All versions). Affected devices connected to the network allow unrestricted access to sensitive files, such as databases. This could allow an attacker to download encrypted .db file containing passwords. | ||||
| CVE-2025-11697 | 1 Rockwellautomation | 1 Studio 5000 Simulation Interface | 2026-04-15 | N/A |
| A local code execution security issue exists within Studio 5000® Simulation Interface™ via the API. This vulnerability allows any Windows user on the system to extract files using path traversal sequences, resulting in execution of scripts with Administrator privileges on system reboot. | ||||
| CVE-2025-11645 | 2 Google, Tomofun | 2 Android, Furbo Mobile App | 2026-04-15 | 2.4 Low |
| A security vulnerability has been detected in Tomofun Furbo Mobile App up to 7.57.0a on Android. This affects an unknown part of the component Authentication Token Handler. The manipulation leads to insecure storage of sensitive information. It is possible to launch the attack on the physical device. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-42049 | 1 Tightvnc | 1 Tightvnc | 2026-04-15 | 9.1 Critical |
| TightVNC (Server for Windows) before 2.8.84 allows attackers to connect to the control pipe via a network connection. | ||||