28041 matches found
EUVD-2025-208511
IBM Aspera Orchestrator 3.0.0 through 4.1.2 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history...
CVE-2025-13219
IBM Aspera Orchestrator 3.0.0 through 4.1.2 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history...
Vulnerabilities fixed in Microsoft Azure
Microsoft has fixed vulnerabilities in several Azure components. A malicious party could exploit the vulnerabilities to impersonate another user, grant themselves elevated privileges or gain access to sensitive data. Azure Entra ID: |----------------|------|-------------------------------------| ...
CVE-2025-13219
CVE-2025-13219 affects IBM Aspera Orchestrator versions 3.0.0–4.1.2. The vulnerability stems from storing sensitive data in URL parameters, potentially exposing confidential information via server logs, referrer headers, or browser history. The Red Hat/IBM advisories and IBM security bulletin con...
EUVD-2026-10658
Exposure of sensitive information to an unauthorized actor in Windows Accessibility Infrastructure ATBroker.exe allows an authorized attacker to disclose information locally...
EUVD-2026-10655
Exposure of sensitive information to an unauthorized actor in Windows Shell Link Processing allows an unauthorized attacker to perform spoofing over a network...
EUVD-2026-10583
Cleartext transmission of sensitive information in Azure IoT Explorer allows an unauthorized attacker to disclose information over a network...
EUVD-2025-208470
An unauthenticated remote attacker who tricks a user to upload a manipulated HTML file can get access to sensitive information on the device. This is a result of incorrect permission assignment for the web server...
EUVD-2025-208459
IBM Planning Analytics Advanced Certified Containers 3.1.0 through 3.1.4 could allow a local privileged user to obtain sensitive information from environment variables...
CVE-2026-25186
Exposure of sensitive information to an unauthorized actor in Windows Accessibility Infrastructure ATBroker.exe allows an authorized attacker to disclose information locally...
CVE-2026-25185
Exposure of sensitive information to an unauthorized actor in Windows Shell Link Processing allows an unauthorized attacker to perform spoofing over a network...
CVE-2026-23661
Cleartext transmission of sensitive information in Azure IoT Explorer allows an unauthorized attacker to disclose information over a network...
CVE-2026-30916
Rejected reason: REJECT DO NOT USE THIS CANDIDATE NUMBER. Reason: Further investigation determined that the software behavior described did not falls within the project's threat model. See https://github.com/github/advisory-database/pull/7206 for more information...
CVE-2026-24310
Due to missing authorization check in SAP NetWeaver Application Server for ABAP, an authenticated attacker could execute specific ABAP function module and read the sensitive information from database catalog of the ABAP system. This vulnerability has low impact on the application's confidentialit...
CVE-2026-25186
Exposure of sensitive information to an unauthorized actor in Windows Accessibility Infrastructure ATBroker.exe allows an authorized attacker to disclose information locally...
CVE-2025-36105
IBM Planning Analytics Advanced Certified Containers 3.1.0 through 3.1.4 could allow a local privileged user to obtain sensitive information from environment variables...
CVE-2026-25689
An improper neutralization of argument delimiters in a command 'argument injection' vulnerability in Fortinet FortiDeceptor 6.2.0, FortiDeceptor 6.0 all versions, FortiDeceptor 5.3 all versions, FortiDeceptor 5.2 all versions, FortiDeceptor 5.1 all versions, FortiDeceptor 5.0 all versions,...
Azure IoT Explorer Information Disclosure Vulnerability
Cleartext transmission of sensitive information in Azure IoT Explorer allows an unauthorized attacker to disclose information over a network...
Windows Shell Link Processing Spoofing Vulnerability
Exposure of sensitive information to an unauthorized actor in Windows Shell Link Processing allows an unauthorized attacker to perform spoofing over a network...
CVE-2025-41712 Incorrect Permission Assignment on power analyzer
An unauthenticated remote attacker who tricks a user to upload a manipulated HTML file can get access to sensitive information on the device. This is a result of incorrect permission assignment for the web server...