Search Results (354 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-67954 1 Wordpress 1 Wordpress 2026-04-15 6.5 Medium
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Dimitri Grassi Salon booking system salon-booking-system allows Retrieve Embedded Sensitive Data.This issue affects Salon booking system: from n/a through <= 10.30.3.
CVE-2024-9470 1 Paloaltonetworks 1 Cortex Xsoar 2026-04-15 N/A
A vulnerability in Cortex XSOAR allows the disclosure of incident data to users who do not have the privilege to view the data.
CVE-2025-63051 1 Wordpress 1 Wordpress 2026-04-15 4.3 Medium
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in sizam REHub Framework rehub-framework allows Retrieve Embedded Sensitive Data.This issue affects REHub Framework: from n/a through < 19.9.9.4.
CVE-2024-10940 1 Langchain-ai 1 Langchain 2026-04-15 N/A
A vulnerability in langchain-core versions >=0.1.17,<0.1.53, >=0.2.0,<0.2.43, and >=0.3.0,<0.3.15 allows unauthorized users to read arbitrary files from the host file system. The issue arises from the ability to create langchain_core.prompts.ImagePromptTemplate's (and by extension langchain_core.prompts.ChatPromptTemplate's) with input variables that can read any user-specified path from the server file system. If the outputs of these prompt templates are exposed to the user, either directly or through downstream model outputs, it can lead to the exposure of sensitive information.
CVE-2025-66599 1 Yokogawa 1 Fast/tools 2026-04-15 N/A
A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. Physical paths could be displayed on web pages. This information could be exploited by an attacker for other attacks. The affected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to R10.04
CVE-2024-52033 1 Rakuten 1 Turbo 5g Firmware 2026-04-15 5.3 Medium
Exposure of sensitive system information to an unauthorized control sphere issue exists in Rakuten Turbo 5G firmware version V1.3.18 and earlier. If this vulnerability is exploited, a remote unauthenticated attacker may obtain information of the other devices connected through the Wi-Fi.
CVE-2025-0036 2026-04-15 3.2 Low
In AMD Versal Adaptive SoC devices, the incorrect configuration of the SSS during runtime (post-boot) cryptographic operations could cause data to be incorrectly written to and read from invalid locations as well as returning incorrect cryptographic data.
CVE-2025-0055 2026-04-15 6 Medium
SAP GUI for Windows stores user input on the client PC to improve usability. Under very specific circumstances an attacker with administrative privileges or access to the victim�s user directory on the Operating System level would be able to read this data. Depending on the user input provided in transactions, the disclosed data could range from non-critical data to highly sensitive data, causing high impact on confidentiality of the application.
CVE-2025-69025 3 Aethonic, Woocommerce, Wordpress 3 Poptics, Woocommerce, Wordpress 2026-04-15 4.3 Medium
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Aethonic Poptics poptics allows Retrieve Embedded Sensitive Data.This issue affects Poptics: from n/a through <= 1.0.20.
CVE-2025-62735 2 Joelhardi, Wordpress 2 User Spam Remover, Wordpress 2026-04-15 5.3 Medium
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Joel User Spam Remover user-spam-remover allows Retrieve Embedded Sensitive Data.This issue affects User Spam Remover: from n/a through <= 1.1.
CVE-2025-14712 1 Jhenggao 1 Student Learning Assessment And Support System 2026-04-15 7.5 High
Student Learning Assessment and Support System developed by JHENG GAO has a Exposure of Sensitive Information vulnerability, allowing unauthenticated remote attackers to view a specific page and obtain test accounts and password.
CVE-2025-52752 2 Themeatelier, Wordpress 2 Idonate, Wordpress 2026-04-15 6.5 Medium
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in ThemeAtelier IDonatePro idonate-pro allows Retrieve Embedded Sensitive Data.This issue affects IDonatePro: from n/a through <= 2.1.9.
CVE-2025-10264 1 Digiever 7 Ds-1200, Ds-16x00, Ds-2100 and 4 more 2026-04-15 10 Critical
Certain models of NVR developed by Digiever has an Exposure of Sensitive Information vulnerability, allowing unauthenticated remoter attackers to access the system configuration file and obtain plaintext credentials of the NVR and its connected cameras.
CVE-2025-49914 2 Motopress, Wordpress 2 Restaurant Menu, Wordpress 2026-04-15 6.5 Medium
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in jetmonsters Restaurant Menu by MotoPress mp-restaurant-menu allows Retrieve Embedded Sensitive Data.This issue affects Restaurant Menu by MotoPress: from n/a through <= 2.4.7.
CVE-2022-4985 2 Sercomm, Vodafone 3 H500s, H500s, Vodafone H500s 2026-04-15 N/A
Vodafone H500s devices running firmware v3.5.10 (hardware model Sercomm VFH500) expose the WiFi access point password via an unauthenticated HTTP endpoint. By sending a crafted GET request to /data/activation.json with specific headers and cookies, a remote attacker can retrieve a JSON document that contains the wifi_password field. This allows an unauthenticated attacker to obtain the WiFi credentials and gain unauthorized access to the wireless network, compromising confidentiality of network traffic and attached systems.
CVE-2024-8313 2026-04-15 N/A
An Exposure of Sensitive System Information to an Unauthorized Control Sphere and Initialization of a Resource with an Insecure Default vulnerability in the SNMP component of B&R APROL <4.4-00P5 may allow an unauthenticated adjacent-based attacker to read and alter configuration using SNMP.
CVE-2025-0059 2026-04-15 6 Medium
Applications based on SAP GUI for HTML in SAP NetWeaver Application Server ABAP store user input in the local browser storage to improve usability. An attacker with administrative privileges or access to the victim�s user directory on the Operating System level would be able to read this data. Depending on the user input provided in transactions, the disclosed data could range from non-critical data to highly sensitive data, causing high impact on confidentiality of the application.
CVE-2025-0056 2026-04-15 6 Medium
SAP GUI for Java saves user input on the client PC to improve usability. An attacker with administrative privileges or access to the victim�s user directory on the Operating System level would be able to read this data. Depending on the user input provided in transactions, the disclosed data could range from non-critical data to highly sensitive data, causing high impact on confidentiality of the application.
CVE-2025-55131 1 Nodejs 1 Nodejs 2026-04-15 7.1 High
A flaw in Node.js's buffer allocation logic can expose uninitialized memory when allocations are interrupted, when using the `vm` module with the timeout option. Under specific timing conditions, buffers allocated with `Buffer.alloc` and other `TypedArray` instances like `Uint8Array` may contain leftover data from previous operations, allowing in-process secrets like tokens or passwords to leak or causing data corruption. While exploitation typically requires precise timing or in-process code execution, it can become remotely exploitable when untrusted input influences workload and timeouts, leading to potential confidentiality and integrity impact.
CVE-2025-47699 1 Gallagher 1 Command Centre 2026-04-15 9.9 Critical
Exposure of Sensitive System Information to an Unauthorized Control Sphere (CWE-497) in the Gallagher Morpho integration could allow an authenticated operator with limited site permissions to make critical changes to local Morpho devices. This issue affects Command Centre Server: 9.30 prior to vEL9.30.2482 (MR2), 9.20 prior to vEL9.20.2819 (MR4), 9.10 prior to vEL9.10.3672 (MR7), 9.00 prior to vEL9.00.3831 (MR8), all versions of 8.90 and prior.