WordPress Plugin SurveyFunnel - Survey Plugin for WordPress Information Disclosure Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in SurveyFunnel - Survey Plugin for WordPress...

CVE-2025-20305

A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to obtain sensitive information from an affected device. This vulnerability exists because certain files lack proper data protection mechanisms. An attacker with read-only Administrato...

The vulnerability of the IDE Assets component in the Xcode development environment allows a hacker to gain unauthorized access to protected information.

The vulnerability of the IDE Assets component in the Xcode development environment is related to insufficient protection of sensitive data. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information...

The vulnerability of the FrontBoard component in iPadOS and iOS operating systems allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the FrontBoard component in iPadOS and iOS operating systems is related to insufficient protection of sensitive data. Exploiting this vulnerability can allow attackers to gain unauthorized access to protected information...

The vulnerability of the Golang programming language, related to insufficient protection of sensitive data, allows attackers to gain unauthorized access to user credentials.

The vulnerability of the Golang programming language is related to insufficient protection for operational data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to account information...

The vulnerability of Zoom’s video conferencing software lies in the insufficient protection of sensitive data, allowing attackers to gain unauthorized access to protected information.

The vulnerability of Zoom video conferencing software is related to insufficient protection of sensitive data. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorized access to protected information...

The vulnerability of the Core server component of the Oracle HTTP Server allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Core server component of Oracle HTTP Server is related to insufficient protection of service data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information using the HTTP network protocol...

The vulnerability in virtual and physical systems of Veeam Backup & Replication lies in the insufficient protection of registration data, allowing attackers to execute arbitrary codes.

The vulnerability of virtual and physical systems managed by Veeam Backup & Replication is related to insufficient protection of registration data. Exploiting these vulnerabilities could allow a malicious actor, operating remotely, to execute arbitrary code...

The vulnerability of the YouGile project management service, related to insufficient protection of operational data, allows a hacker to disclose the protected information.

The vulnerability of the YouGile project management service is related to insufficient protection of operational data. Exploiting this vulnerability could allow a malicious actor, operating remotely, to disclose the protected information...

The vulnerability of the MatrixClient.sendSharedHistoryKeys function in the development tools for JavaScript and TypeScript matrix-js-sdk allows a hacker to bypass authentication procedures and gain unauthorized access to protected information.

The vulnerability of the MatrixClient.sendSharedHistoryKeys function in the JavaScript and TypeScript matrix-js-sdk development tools is related to insufficient protection of sensitive data. Exploiting this vulnerability could allow an attacker to bypass authentication procedures and gain...

CVE-2024-20515

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to obtain sensitive information from an affected device. This vulnerability is due to a lack of proper data protection mechanisms for certain configuration...

The vulnerability of the NVIDIA GPU Display Driver software driver allows a hacker to disclose protected information.

The vulnerability of the NVIDIA GPU Display Driver software driver is related to insufficient protection for sensitive data. Exploiting this vulnerability allows an attacker to disclose protected information...

The vulnerability of the foreman-installer component of the Red Hat Satellite system management software allows a hacker to obtain the password from the process list.

The vulnerability of the foreman-installer component of the Red Hat Satellite system management software is related to insufficient protection for operational data. Exploiting this vulnerability could allow an attacker to obtain the password from the process list...

The vulnerability of the args4j library in the Jenkins automation server’s command-line interface (CLI) allows a hacker to execute arbitrary code.

The vulnerability of the args4j library, a built-in command-line interface CLI for Jenkins automation servers, is related to insufficient protection of service data. Exploiting this vulnerability allows an attacker, operating remotely, to execute arbitrary code...

The vulnerability of iCloud Photo Library on operating systems macOS, iOS, and iPadOS allows attackers to disclose protected information.

The vulnerability of iCloud Photo Library in operating systems such as macOS, iOS, and iPadOS lies in the lack of data protection measures. Exploiting this vulnerability could allow an attacker to disclose protected information...

The vulnerability of Windows operating systems’ message queues allows attackers to gain unauthorized access to protected information.

The vulnerability of Message Queuing in Windows operating systems is related to insufficient protection of operational data. Exploiting this vulnerability can allow an attacker, working remotely, to gain unauthorized access to protected information...

The vulnerability of the DHCP server service for Windows operating systems allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the DHCP server service for Windows operating systems is related to insufficient protection of service-related data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information...

The vulnerability of Firefox browser, related to insufficient protection of service data, allows attackers to gain unauthorized access to protected information.

The vulnerability of Firefox browsers is related to insufficient protection of service data during the processing of the Vary response header for comparing request headers. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information by sending iterativ...

The vulnerability of Milesight UR5X, UR32L, UR32, UR35, and UR41 router microprogramming systems lies in the insufficient protection of service data, allowing attackers to gain unauthorized access to protected information.

The vulnerability of Milesight UR5X, UR32L, UR32, UR35, and UR41 router microprogramming systems is related to insufficient protection of service data. Exploiting this vulnerability can allow an attacker operating remotely to gain unauthorized access to protected information...

The vulnerability of the Crucible code-checking tool and the Fisheye code-searching tool lies in the insufficient protection of operational data, allowing unauthorized access by attackers to protected information.

The vulnerability of the Crucible code-checking tool and the Fisheye code-searching tool is related to insufficient protection for service data. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to protected information...