Vulnerabilities > Information Exposure

DATE	CVE	VULNERABILITY TITLE	RISK
2025-03-26	CVE-2025-20226	In Splunk Enterprise versions below 9.4.1, 9.3.3, 9.2.5, and 9.1.8 and Splunk Cloud Platform versions below 9.3.2408.107, 9.2.2406.111, and 9.1.2308.214, a low-privileged user that does not hold the "admin" or "power" Splunk roles could run a saved search with a risky command using the permissions of a higher-privileged user to bypass the SPL safeguards for risky commands on the "/services/streams/search" endpoint through its "q" parameter. network low complexity CWE-200	5.7
2025-03-26	CVE-2025-20232	In Splunk Enterprise versions below 9.3.3, 9.2.5, and 9.1.8 and Splunk Cloud Platform versions below 9.3.2408.103, 9.2.2406.108, 9.2.2403.113, 9.1.2312.208 and 9.1.2308.212, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles could run a saved search with a risky command using the permissions of a higher-privileged user to bypass the SPL safeguards for risky commands on the “/app/search/search“ endpoint through its “s“ parameter. network low complexity CWE-200	5.7
2025-03-26	CVE-2025-2228	The Responsive Addons for Elementor – Free Elementor Addons Plugin and Elementor Templates plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.6.8 the 'register_user' function. network low complexity CWE-200	5.7
2025-03-25	CVE-2025-2252	The Easy Digital Downloads – eCommerce Payments and Subscriptions made easy plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.3.6.1 via the edd_ajax_get_download_title() function. network low complexity CWE-200	5.3
2025-03-22	CVE-2025-2331	The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.22.1 via a misconfigured capability check in the 'permissionsCheck' function. network low complexity CWE-200	5.3
2025-03-12	CVE-2024-13498	The NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 8.8.1 via file uploads due to insufficient directory listing prevention and lack of randomization of file names. network low complexity CWE-200	5.3
2025-03-11	CVE-2025-24071	Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network. network low complexity CWE-200	7.5
2025-03-10	CVE-2024-54469	Information Exposure vulnerability in Apple products The issue was addressed with improved checks. local low complexity apple CWE-200	5.5
2025-03-10	CVE-2024-54473	Information Exposure vulnerability in Apple Macos This issue was addressed with improved redaction of sensitive information. local low complexity apple CWE-200	5.5
2025-03-08	CVE-2025-1322	Information Exposure vulnerability in Plechevandrey Wp-Recall The WP-Recall – Registration, Profile, Commerce & More plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 16.26.10 via the 'feed' shortcode due to insufficient restrictions on which posts can be included. network low complexity plechevandrey CWE-200	4.3

Vulnerabilities > Information Exposure {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Information Exposure"}]}

Vulnerabilities > Information Exposure