Export limit exceeded: 366485 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (10814 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-34314 1 Ibm 1 Cics Tx 2025-04-30 4 Medium
IBM CICS TX 11.1 could disclose sensitive information to a local user due to insecure permission settings. IBM X-Force ID: 229450.
CVE-2022-44746 1 Acronis 1 Cyber Protect Home Office 2025-04-30 5.5 Medium
Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40107.
CVE-2022-34313 1 Ibm 1 Cics Tx 2025-04-30 4.3 Medium
IBM CICS TX 11.1 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. X-Force ID: 229449.
CVE-2022-28764 1 Zoom 3 Meetings, Rooms, Vdi Windows Meeting Clients 2025-04-29 3.3 Low
The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.12.6 is susceptible to a local information exposure vulnerability. A failure to clear data from a local SQL database after a meeting ends and the usage of an insufficiently secure per-device key encrypting that database results in a local malicious user being able to obtain meeting information such as in-meeting chat for the previous meeting attended from that local user account.
CVE-2024-33865 2 Linqi, Microsoft 2 Linqi, Windows 2025-04-28 7.5 High
An issue was discovered in linqi before 1.4.0.1 on Windows. There is an NTLM hash leak via the /api/Cdn/GetFile and /api/DocumentTemplate/{GUID] endpoints.
CVE-2022-38113 1 Solarwinds 1 Security Event Manager 2025-04-25 5.3 Medium
This vulnerability discloses build and services versions in the server response header.
CVE-2022-34329 1 Ibm 1 Cics Tx 2025-04-25 5.3 Medium
IBM CICS TX 11.7 could allow an attacker to obtain sensitive information from HTTP response headers. IBM X-Force ID: 229467.
CVE-2024-21501 3 Apostrophecms, Fedoraproject, Redhat 5 Sanitize-html, Fedora, Acm and 2 more 2025-04-25 5.3 Medium
Versions of the package sanitize-html before 2.12.1 are vulnerable to Information Exposure when used on the backend and with the style attribute allowed, allowing enumeration of files in the system (including project dependencies). An attacker could exploit this vulnerability to gather details about the file system structure and dependencies of the targeted server.
CVE-2022-26885 1 Apache 1 Dolphinscheduler 2025-04-25 7.5 High
When using tasks to read config files, there is a risk of database password disclosure. We recommend you upgrade to version 2.0.6 or higher.
CVE-2024-25120 1 Typo3 1 Typo3 2025-04-24 4.3 Medium
TYPO3 is an open source PHP based web content management system released under the GNU GPL. The TYPO3-specific `t3://` URI scheme could be used to access resources outside of the users' permission scope. This encompassed files, folders, pages, and records (although only if a valid link-handling configuration was provided). Exploiting this vulnerability requires a valid backend user account. Users are advised to update to TYPO3 versions 8.7.57 ELTS, 9.5.46 ELTS, 10.4.43 ELTS, 11.5.35 LTS, 12.4.11 LTS, 13.0.1 that fix the problem described. There are no known workarounds for this issue.
CVE-2022-28607 1 Isic.lk Project 1 Isic.lk 2025-04-24 7.5 High
An issue was discovered in asith-eranga ISIC tour booking through version published on Feb 13th 2018, allows attackers to gain sensitive information via the action parameter to /system/user/modules/mod_users/controller.php.
CVE-2022-42766 2 Google, Unisoc 14 Android, S8011, Sc7731e and 11 more 2025-04-23 6.6 Medium
In wlan driver, there is a possible missing permission check, This could lead to local information disclosure.
CVE-2021-37192 1 Siemens 1 Sinema Remote Connect Server 2025-04-23 4.3 Medium
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). The affected software has an information disclosure vulnerability that could allow an attacker to retrieve a list of network devices a known user can manage.
CVE-2021-37190 1 Siemens 1 Sinema Remote Connect Server 2025-04-23 4.3 Medium
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). The affected software has an information disclosure vulnerability that could allow an attacker to retrieve VPN connection for a known user.
CVE-2023-50324 1 Ibm 1 Cognos Command Center 2025-04-23 5.3 Medium
IBM Cognos Command Center 10.2.4.1 and 10.2.5 exposes details the X-AspNet-Version Response Header that could allow an attacker to obtain information of the application environment to conduct further attacks. IBM X-Force ID: 275038.
CVE-2021-39857 3 Adobe, Apple, Microsoft 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more 2025-04-23 N/A
Adobe Acrobat Reader DC add-on for Internet Explorer versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by an Information Disclosure vulnerability. An unauthenticated attacker could leverage this vulnerability to check for existence of local files. Exploitation of this issue requires user interaction in that a victim must visit an attacker controlled web page.
CVE-2022-42782 2 Google, Unisoc 14 Android, S8000, Sc7731e and 11 more 2025-04-23 5.5 Medium
In wlan driver, there is a possible missing permission check, This could lead to local information disclosure.
CVE-2022-21642 1 Discourse 1 Discourse 2025-04-23 4.3 Medium
Discourse is an open source platform for community discussion. In affected versions when composing a message from topic the composer user suggestions reveals whisper participants. The issue has been patched in stable version 2.7.13 and beta version 2.8.0.beta11. There is no workaround for this issue and users are advised to upgrade.
CVE-2022-21671 1 Replit 1 Crosis 2025-04-23 8.1 High
@replit/crosis is a JavaScript client that speaks Replit's container protocol. A vulnerability that involves exposure of sensitive information exists in versions prior to 7.3.1. When using this library as a way to programmatically communicate with Replit in a standalone fashion, if there are multiple failed attempts to contact Replit through a WebSocket, the library will attempt to communicate using a fallback poll-based proxy. The URL of the proxy has changed, so any communication done to the previous URL could potentially reach a server that is outside of Replit's control and the token used to connect to the Repl could be obtained by an attacker, leading to full compromise of that Repl (not of the account). This was patched in version 7.3.1 by updating the address of the fallback WebSocket polling proxy to the new one. As a workaround, a user may specify the new address for the polling host (`gp-v2.replit.com`) in the `ConnectArgs`. More information about this workaround is available in the GitHub Security Advisory.
CVE-2022-21678 1 Discourse 1 Discourse 2025-04-23 4.3 Medium
Discourse is an open source discussion platform. Prior to version 2.8.0.beta11 in the `tests-passed` branch, version 2.8.0.beta11 in the `beta` branch, and version 2.7.13 in the `stable` branch, the bios of users who made their profiles private were still visible in the `<meta>` tags on their users' pages. The problem is patched in `tests-passed` version 2.8.0.beta11, `beta` version 2.8.0.beta11, and `stable` version 2.7.13 of Discourse.