WordPress Plugin SurveyFunnel - Survey Plugin for WordPress Information Disclosure Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in SurveyFunnel - Survey Plugin for WordPress...

CVE-2025-20305

A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to obtain sensitive information from an affected device. This vulnerability exists because certain files lack proper data protection mechanisms. An attacker with read-only Administrato...

The vulnerability of the IDE Assets component in the Xcode development environment allows a hacker to gain unauthorized access to protected information.

The vulnerability of the IDE Assets component in the Xcode development environment is related to insufficient protection of sensitive data. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information...

The vulnerability of the FrontBoard component in iPadOS and iOS operating systems allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the FrontBoard component in iPadOS and iOS operating systems is related to insufficient protection of sensitive data. Exploiting this vulnerability can allow attackers to gain unauthorized access to protected information...

The vulnerability of the Golang programming language, related to insufficient protection of sensitive data, allows attackers to gain unauthorized access to user credentials.

The vulnerability of the Golang programming language is related to insufficient protection for operational data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to account information...

The vulnerability of Zoom’s video conferencing software lies in the insufficient protection of sensitive data, allowing attackers to gain unauthorized access to protected information.

The vulnerability of Zoom video conferencing software is related to insufficient protection of sensitive data. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorized access to protected information...

The vulnerability of the Core server component of the Oracle HTTP Server allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Core server component of Oracle HTTP Server is related to insufficient protection of service data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information using the HTTP network protocol...

The vulnerability in virtual and physical systems of Veeam Backup & Replication lies in the insufficient protection of registration data, allowing attackers to execute arbitrary codes.

The vulnerability of virtual and physical systems managed by Veeam Backup & Replication is related to insufficient protection of registration data. Exploiting these vulnerabilities could allow a malicious actor, operating remotely, to execute arbitrary code...

The vulnerability of the Core server component of Oracle WebLogic Server allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Core server component of Oracle WebLogic Server is related to insufficient protection of operational data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information using the T3/IIOP protocols...

The vulnerability of the YouGile project management service, related to insufficient protection of operational data, allows a hacker to disclose the protected information.

The vulnerability of the YouGile project management service is related to insufficient protection of operational data. Exploiting this vulnerability could allow a malicious actor, operating remotely, to disclose the protected information...

The vulnerability of the MatrixClient.sendSharedHistoryKeys function in the development tools for JavaScript and TypeScript matrix-js-sdk allows a hacker to bypass authentication procedures and gain unauthorized access to protected information.

The vulnerability of the MatrixClient.sendSharedHistoryKeys function in the JavaScript and TypeScript matrix-js-sdk development tools is related to insufficient protection of sensitive data. Exploiting this vulnerability could allow an attacker to bypass authentication procedures and gain...

CVE-2024-20515

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to obtain sensitive information from an affected device. This vulnerability is due to a lack of proper data protection mechanisms for certain configuration...

The vulnerability of Zoom’s video conferencing software lies in the insufficient protection of registration data, allowing attackers to disclose sensitive information.

The vulnerability of Zoom’s video conferencing software relates to insufficient protection of registration data. Exploiting this vulnerability can allow a malicious actor to disclose sensitive information that is protected by the system...

The vulnerability of the NVIDIA GPU Display Driver software driver allows a hacker to disclose protected information.

The vulnerability of the NVIDIA GPU Display Driver software driver is related to insufficient protection for sensitive data. Exploiting this vulnerability allows an attacker to disclose protected information...

The vulnerability of the foreman-installer component of the Red Hat Satellite system management software allows a hacker to obtain the password from the process list.

The vulnerability of the foreman-installer component of the Red Hat Satellite system management software is related to insufficient protection for operational data. Exploiting this vulnerability could allow an attacker to obtain the password from the process list...

PT-2024-2188 · Vmware · Vmware Cloud Director

Name of the Vulnerable Software and Affected Versions: VMware Cloud Director affected versions not specified Description: The issue is related to a partial information disclosure, where a malicious actor can potentially gather information about organization names based on the behavior of the...

The vulnerability of Microsoft Teams’ corporate platform for Android, related to insufficient protection of sensitive data, allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of Microsoft Teams’ corporate platform for Android is related to insufficient protection of sensitive data. Exploiting this vulnerability could allow a malicious actor to gain unauthorized access to protected information by downloading and running a specially created application...

The vulnerability of the args4j library in the Jenkins automation server’s command-line interface (CLI) allows a hacker to execute arbitrary code.

The vulnerability of the args4j library, a built-in command-line interface CLI for Jenkins automation servers, is related to insufficient protection of service data. Exploiting this vulnerability allows an attacker, operating remotely, to execute arbitrary code...

The vulnerability of iCloud Photo Library on operating systems macOS, iOS, and iPadOS allows attackers to disclose protected information.

The vulnerability of iCloud Photo Library in operating systems such as macOS, iOS, and iPadOS lies in the lack of data protection measures. Exploiting this vulnerability could allow an attacker to disclose protected information...

The vulnerability of Windows operating systems’ message queues allows attackers to gain unauthorized access to protected information.

The vulnerability of Message Queuing in Windows operating systems is related to insufficient protection of operational data. Exploiting this vulnerability can allow an attacker, working remotely, to gain unauthorized access to protected information...