Export limit exceeded: 10694 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10694 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-4609 | 1 Mortbay | 1 Jetty | 2026-04-23 | N/A |
| The Dump Servlet in Mort Bay Jetty 6.x and 7.0.0 allows remote attackers to obtain sensitive information about internal variables and other data via a request to a URI ending in /dump/, as demonstrated by discovering the value of the getPathTranslated variable. | ||||
| CVE-2007-5011 | 1 Wilson Windowware | 1 Webbatch | 2026-04-23 | N/A |
| webbatch.exe in WebBatch allows remote attackers to obtain sensitive information via the dumpinputdata parameter. | ||||
| CVE-2008-3168 | 1 Empire Server | 1 Empire Server | 2026-04-23 | N/A |
| The files utility in Empire Server before 4.3.15 discloses the world creation time, which makes it easier for attackers to determine the PRNG seed. | ||||
| CVE-2009-4466 | 1 Deluxebb | 1 Deluxebb | 2026-04-23 | N/A |
| DeluxeBB 1.3 allows remote attackers to obtain sensitive information via a crafted page parameter to misc.php, which reveals the installation path in an error message. NOTE: this issue might be resultant from improperly controlled computation in tools.php that leads to a denial of service (CPU or memory consumption). | ||||
| CVE-2008-7146 | 1 Intralearn | 1 Intralearn | 2026-04-23 | N/A |
| IntraLearn Software IntraLearn 2.1, and possibly other versions before 4.2.3, allows remote attackers to obtain sensitive information via a direct request to (1) Knowledge_Impact_Course.htm, (2) LRN-formatted_Course.htm, or (3) Create_Course.htm in help/1/Instructor/, which reveals the installation path in an error message. | ||||
| CVE-2008-0863 | 1 Bea | 1 Weblogic Server | 2026-04-23 | N/A |
| BEA WebLogic Server and WebLogic Express 9.0 and 9.1 exposes the web service's WSDL and security policies, which allows remote attackers to obtain sensitive information and potentially launch further attacks. | ||||
| CVE-2008-0993 | 1 Apple | 3 Mac Os X, Mac Os X Server, Podcast Producer | 2026-04-23 | N/A |
| Podcast Capture in Podcast Producer for Apple Mac OS X 10.5.2 invokes a subtask with passwords in command line arguments, which allows local users to read the passwords via process listings. | ||||
| CVE-2008-0367 | 1 Mozilla | 1 Firefox | 2026-04-23 | N/A |
| Mozilla Firefox 2.0.0.11, 3.0b2, and possibly earlier versions, when prompting for HTTP Basic Authentication, displays the site requesting the authentication after the Realm text, which might make it easier for remote HTTP servers to conduct phishing and spoofing attacks. | ||||
| CVE-2008-5107 | 1 Citrix | 2 Desktop Server, Presentation Server | 2026-04-23 | N/A |
| The installation process for Citrix Presentation Server 4.5 and Desktop Server 1.0, when MSI logging is enabled, stores database credentials in MSI log files, which allows local users to obtain these credentials by reading the log files. | ||||
| CVE-2008-4638 | 1 Symantec | 1 Veritas File System | 2026-04-23 | N/A |
| qioadmin in the Quick I/O for Database feature in Symantec Veritas File System (VxFS) on HP-UX, and before 5.0 MP3 on Solaris, Linux, and AIX, allows local users to read arbitrary files by causing qioadmin to write a file's content to standard error in an error message. | ||||
| CVE-2025-10744 | 2 Softdiscover, Wordpress | 2 File Manager Code Editor And Backup, Wordpress | 2026-04-22 | 5.9 Medium |
| The File Manager, Code Editor, and Backup by Managefy plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.6.1 through publicly exposed log files. This makes it possible for unauthenticated attackers to view information like full paths and full paths to backup files information contained in the exposed log files. | ||||
| CVE-2025-11760 | 2 Wordpress, Wpcenter | 2 Wordpress, Eroom | 2026-04-22 | 5.3 Medium |
| The eRoom – Webinar & Meeting Plugin for Zoom, Google Meet, Microsoft Teams plugin for WordPress is vulnerable to exposure of sensitive information in all versions up to, and including, 1.5.6. This is due to the plugin exposing Zoom SDK secret keys in client-side JavaScript within the meeting view template. This makes it possible for unauthenticated attackers to extract the sdk_secret value, which should remain server-side, compromising the security of the Zoom integration and allowing attackers to generate valid JWT signatures for unauthorized meeting access. | ||||
| CVE-2025-43480 | 1 Apple | 7 Ios, Ipados, Iphone Os and 4 more | 2026-04-22 | 8.1 High |
| The issue was addressed with improved checks. This issue is fixed in Safari 26.1, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. A malicious website may exfiltrate data cross-origin. | ||||
| CVE-2025-43479 | 1 Apple | 3 Macos, Macos Sequoia, Macos Sonoma | 2026-04-22 | 5.5 Medium |
| A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1. An app may be able to access sensitive user data. | ||||
| CVE-2025-43495 | 1 Apple | 4 Ios, Ipad Os, Ipados and 1 more | 2026-04-22 | 5.4 Medium |
| The issue was addressed with improved checks. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1. An app may be able to monitor keystrokes without user permission. | ||||
| CVE-2025-43460 | 1 Apple | 3 Ios, Ipados, Iphone Os | 2026-04-22 | 4.6 Medium |
| A logic issue was addressed with improved checks. This issue is fixed in iOS 26.1 and iPadOS 26.1. An attacker with physical access to a locked device may be able to view sensitive user information. | ||||
| CVE-2026-2571 | 2 Codename065, Wordpress | 2 Download Manager Plugin, Wordpress | 2026-04-22 | 4.3 Medium |
| The Download Manager plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'reviewUserStatus' function in all versions up to, and including, 3.3.49. This makes it possible for authenticated attackers, with Subscriber-level access and above, to retrieve sensitive information for any user on the site including email addresses, display names, and registration dates. | ||||
| CVE-2026-4218 | 1 Myaedes | 1 Myaedes App | 2026-04-22 | 2.5 Low |
| A vulnerability was detected in myAEDES App up to 1.18.4 on Android. Affected is an unknown function of the file aedes/me/beta/utils/EngageBayUtils.java of the component aedes.me.beta. Performing a manipulation of the argument AUTH_KEY results in information disclosure. The attack is only possible with local access. The attack's complexity is rated as high. The exploitability is told to be difficult. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-12468 | 3 Funnelkit, Woocommerce, Wordpress | 3 Funnelkit Automations, Woocommerce, Wordpress | 2026-04-22 | 5.3 Medium |
| The FunnelKit Automations – Email Marketing Automation and CRM for WordPress & WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.6.4.1 via the '/wc-coupons/' REST API endpoint. This is due to the endpoint being marked as a public API (`public_api = true`), which results in the endpoint being registered with `permission_callback => '__return_true'`, bypassing all authentication and capability checks. This makes it possible for unauthenticated attackers to extract sensitive data including all WooCommerce coupon codes, coupon IDs, and expiration status. | ||||
| CVE-2026-2589 | 2 Wordpress, Wpsoul | 2 Wordpress, Greenshift – Animation And Page Builder Blocks | 2026-04-22 | 5.3 Medium |
| The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 12.8.3 via the automated Settings Backup stored in a publicly accessible file. This makes it possible for unauthenticated attackers to extract sensitive data including the configured OpenAI, Claude, Google Maps, Gemini, DeepSeek, and Cloudflare Turnstile API keys. | ||||