Total
294 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-9986 | 2026-02-11 | N/A | 8.2 HIGH | ||
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Vadi Corporate Information Systems Ltd. Co. DIGIKENT allows Excavation.This issue affects DIGIKENT: through 13092025. | |||||
| CVE-2025-66599 | 2026-02-09 | N/A | N/A | ||
| A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. Physical paths could be displayed on web pages. This information could be exploited by an attacker for other attacks. The affected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to R10.04 | |||||
| CVE-2020-36926 | 1 Smartertools | 1 Smartertrack | 2026-02-09 | N/A | 7.5 HIGH |
| SmarterTrack 7922 contains an information disclosure vulnerability in the Chat Management search form that reveals agent identification details. Attackers can access the vulnerable /Management/Chat/frmChatSearch.aspx endpoint to retrieve agents' first and last names along with their unique identifiers. | |||||
| CVE-2025-4614 | 1 Paloaltonetworks | 1 Pan-os | 2026-02-06 | N/A | 2.7 LOW |
| An information disclosure vulnerability in Palo Alto Networks PAN-OS® software enables an authenticated administrator to view session tokens of users authenticated to the firewall web UI. This may allow impersonation of users whose session tokens are leaked. The security risk posed by this issue is significantly minimized when CLI access is restricted to a limited group of administrators. Cloud NGFW and Prisma® Access are not affected by this vulnerability. | |||||
| CVE-2025-14150 | 2026-02-05 | N/A | 6.5 MEDIUM | ||
| IBM webMethods Integration (on prem) - Integration Server 10.15 through IS_10.15_Core_Fix2411.1 to IS_11.1_Core_Fix8 IBM webMethods Integration could disclose sensitive user information in server responses. | |||||
| CVE-2026-25023 | 2026-02-03 | N/A | 5.3 MEDIUM | ||
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in mdedev Run Contests, Raffles, and Giveaways with ContestsWP contest-code-checker allows Retrieve Embedded Sensitive Data.This issue affects Run Contests, Raffles, and Giveaways with ContestsWP: from n/a through <= 2.0.7. | |||||
| CVE-2026-24998 | 2026-02-03 | N/A | 5.3 MEDIUM | ||
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPMU DEV - Your All-in-One WordPress Platform Hustle wordpress-popup allows Retrieve Embedded Sensitive Data.This issue affects Hustle: from n/a through <= 7.8.9.2. | |||||
| CVE-2025-67717 | 1 Zitadel | 1 Zitadel | 2026-02-02 | N/A | 4.3 MEDIUM |
| ZITADEL is an open-source identity infrastructure tool. Versions 2.44.0 through 3.4.4 and 4.0.0-rc.1 through 4.7.1 disclose the total number of instance users to authenticated users, regardless of their specific permissions. While this does not leak individual user data or PII, disclosing the total user count via the totalResult field constitutes an information disclosure vulnerability that may be sensitive in certain contexts. This issue is fixed in versions 3.4.5 and 4.7.2. | |||||
| CVE-2025-67954 | 2026-01-29 | N/A | 6.5 MEDIUM | ||
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Dimitri Grassi Salon booking system salon-booking-system allows Retrieve Embedded Sensitive Data.This issue affects Salon booking system: from n/a through <= 10.30.3. | |||||
| CVE-2025-64258 | 1 Wpwebelite | 1 Follow My Blog Post | 2026-01-29 | N/A | 7.5 HIGH |
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in wpweb Follow My Blog Post follow-my-blog-post allows Retrieve Embedded Sensitive Data.This issue affects Follow My Blog Post: from n/a through <= 2.3.9. | |||||
| CVE-2025-43024 | 1 Hp | 1 Thinpro | 2026-01-29 | N/A | 7.5 HIGH |
| A GUI dialog of an application allows to view what files are in the file system without proper authorization. | |||||
| CVE-2025-63051 | 2026-01-28 | N/A | 4.3 MEDIUM | ||
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in sizam REHub Framework rehub-framework allows Retrieve Embedded Sensitive Data.This issue affects REHub Framework: from n/a through < 19.9.9.4. | |||||
| CVE-2025-68046 | 2026-01-28 | N/A | 6.5 MEDIUM | ||
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in ThemeHunk Contact Form & Lead Form Elementor Builder lead-form-builder allows Retrieve Embedded Sensitive Data.This issue affects Contact Form & Lead Form Elementor Builder: from n/a through <= 2.0.1. | |||||
| CVE-2025-47319 | 1 Qualcomm | 236 Ar8035, Ar8035 Firmware, Fastconnect 6200 and 233 more | 2026-01-28 | N/A | 6.7 MEDIUM |
| Information disclosure while exposing internal TA-to-TA communication APIs to HLOS | |||||
| CVE-2025-39589 | 1 Wpdeveloper | 1 Essential Addons For Elementor | 2026-01-28 | N/A | 4.3 MEDIUM |
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPDeveloper Essential Addons for Elementor allows Retrieve Embedded Sensitive Data. This issue affects Essential Addons for Elementor: from n/a through 6.1.9. | |||||
| CVE-2025-58585 | 1 Sick | 4 Baggage Analytics, Logistic Diagnostic Analytics, Package Analytics and 1 more | 2026-01-27 | N/A | 5.3 MEDIUM |
| Multiple endpoints with sensitive information do not require authentication, making the application susceptible to information gathering. | |||||
| CVE-2025-58579 | 1 Sick | 5 Baggage Analytics, Enterprise Analytics, Logistic Diagnostic Analytics and 2 more | 2026-01-27 | N/A | 5.3 MEDIUM |
| Due to a lack of authentication, it is possible for an unauthenticated user to request data from this endpoint, making the application vulnerable for user enumeration. | |||||
| CVE-2025-58583 | 1 Sick | 1 Enterprise Analytics | 2026-01-27 | N/A | 5.3 MEDIUM |
| The application provides access to a login protected H2 database for caching purposes. The username is prefilled. | |||||
| CVE-2026-24536 | 2026-01-26 | N/A | 7.5 HIGH | ||
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in webpushr Webpushr webpushr-web-push-notifications allows Retrieve Embedded Sensitive Data.This issue affects Webpushr: from n/a through <= 4.38.0. | |||||
| CVE-2026-24523 | 2026-01-26 | N/A | 7.5 HIGH | ||
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Marcus (aka @msykes) WP FullCalendar wp-fullcalendar allows Retrieve Embedded Sensitive Data.This issue affects WP FullCalendar: from n/a through <= 1.6. | |||||