Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-43024

Summary
Assigner-hp
Assigner Org ID-74586083-13ce-40fd-b46a-8e5d23cfbcb2
Published At-27 Oct, 2025 | 23:11
Updated At-28 Oct, 2025 | 14:57
Rejected At-
Credits

HP ThinPro 8.1 SP8 Security Updates

A GUI dialog of an application allows to view what files are in the file system without proper authorization.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:hp
Assigner Org ID:74586083-13ce-40fd-b46a-8e5d23cfbcb2
Published At:27 Oct, 2025 | 23:11
Updated At:28 Oct, 2025 | 14:57
Rejected At:
▼CVE Numbering Authority (CNA)
HP ThinPro 8.1 SP8 Security Updates

A GUI dialog of an application allows to view what files are in the file system without proper authorization.

Affected Products
Vendor
HP Inc
Product
ThinPro 8.1
Platforms
  • Linux
Default Status
unaffected
Versions
Affected
  • From SP1 before <SP8 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-497CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere
Type: CWE
CWE ID: CWE-497
Description: CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere
Metrics
VersionBase scoreBase severityVector
4.05.1MEDIUM
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
Version: 4.0
Base score: 5.1
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://support.hp.com/us-en/document/ish_13164593-13164617-16/hpsbhf04066
N/A
Hyperlink: https://support.hp.com/us-en/document/ish_13164593-13164617-16/hpsbhf04066
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:hp-security-alert@hp.com
Published At:28 Oct, 2025 | 00:15
Updated At:29 Jan, 2026 | 14:00

A GUI dialog of an application allows to view what files are in the file system without proper authorization.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.05.1MEDIUM
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Type: Secondary
Version: 4.0
Base score: 5.1
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Primary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CPE Matches
HP Inc.
hp
>>thinpro>>8.1
cpe:2.3:o:hp:thinpro:8.1:sp2:*:*:*:*:*:*
HP Inc.
hp
>>thinpro>>8.1
cpe:2.3:o:hp:thinpro:8.1:sp3:*:*:*:*:*:*
HP Inc.
hp
>>thinpro>>8.1
cpe:2.3:o:hp:thinpro:8.1:sp4:*:*:*:*:*:*
HP Inc.
hp
>>thinpro>>8.1
cpe:2.3:o:hp:thinpro:8.1:sp5:*:*:*:*:*:*
HP Inc.
hp
>>thinpro>>8.1
cpe:2.3:o:hp:thinpro:8.1:sp6:*:*:*:*:*:*
HP Inc.
hp
>>thinpro>>8.1
cpe:2.3:o:hp:thinpro:8.1:sp7:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-497Secondaryhp-security-alert@hp.com
CWE ID: CWE-497
Type: Secondary
Source: hp-security-alert@hp.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://support.hp.com/us-en/document/ish_13164593-13164617-16/hpsbhf04066hp-security-alert@hp.com
Vendor Advisory
Hyperlink: https://support.hp.com/us-en/document/ish_13164593-13164617-16/hpsbhf04066
Source: hp-security-alert@hp.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

63Records found
CVE-2021-20373
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.30% / 52.96%
||
7 Day CHG~0.00%
Published-09 Dec, 2021 | 17:00
Updated-17 Sep, 2024 | 00:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Db2 9.7, 10.1, 10.5, 11.1, and 11.5 may be vulnerable to an Information Disclosure when using the LOAD utility as under certain circumstances the LOAD utility does not enforce directory restrictions. IBM X-Force ID: 199521.

Action-Not Available
Vendor-Microsoft CorporationHP Inc.IBM CorporationLinux Kernel Organization, IncOracle Corporation
Product-solarislinux_kerneldb2hp-uxwindowsaixDB2 for Linux, UNIX and Windows
CVE-2021-3965
Matching Score-8
Assigner-HP Inc.
ShareView Details
Matching Score-8
Assigner-HP Inc.
CVSS Score-7.5||HIGH
EPSS-0.26% / 48.71%
||
7 Day CHG~0.00%
Published-14 Jan, 2022 | 19:11
Updated-03 Aug, 2024 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain HP DesignJet products may be vulnerable to unauthenticated HTTP requests which allow viewing and downloading of print job previews.

Action-Not Available
Vendor-n/aHP Inc.
Product-designjet_z6810_2qu12a_firmwaredesignjet_t930_l2y22a_firmwaredesignjet_t2530_l2y26a_firmwaredesignjet_z6610_2qu13a_firmwaredesignjet_t2530_l2y26b_firmwaredesignjet_t2530_l2y26adesignjet_z6810_2qu14a_firmwaredesignjet_t930_l2y21adesignjet_t920_cr354a_firmwaredesignjet_t920_cr355b_firmwaredesignjet_z6800_f2s72b_firmwaredesignjet_z6610_2qu13bdesignjet_z6600_f2s71adesignjet_t3500_b9e24b_firmwaredesignjet_z6600_f2s71a_firmwaredesignjet_t3500_b9e24a_firmwaredesignjet_t3500_b9e24adesignjet_t3500_b9e25adesignjet_t1530_l2y24b_firmwaredesignjet_z6810_2qu14bdesignjet_t930_l2y22bdesignjet_t930_l2y22adesignjet_z6610_2qu13b_firmwaredesignjet_t3500_b9e24bdesignjet_z6800_f2s72bdesignjet_z6800_f2s72adesignjet_t3500_b9e25a_firmwaredesignjet_t2530_l2y25adesignjet_t930_l2y21bdesignjet_z6810_2qu12b_firmwaredesignjet_z6810_2qu14b_firmwaredesignjet_t2530_l2y26bdesignjet_t930_l2y22b_firmwaredesignjet_t920_cr355a_firmwaredesignjet_t1530_l2y24a_firmwaredesignjet_z6810_2qu12bdesignjet_z6810_2qu12adesignjet_t1530_l2y24adesignjet_z6800_f2s72ar_firmwaredesignjet_t1530_l2y23a_firmwaredesignjet_z6610_2qu13adesignjet_t920_cr354adesignjet_t920_cr355bdesignjet_t930_l2y21a_firmwaredesignjet_t1530_l2y23adesignjet_t2530_l2y25a_firmwaredesignjet_z6800_f2s72ardesignjet_t1530_l2y24bdesignjet_t920_cr355adesignjet_t930_l2y21b_firmwaredesignjet_z6800_f2s72a_firmwaredesignjet_z6600_f2s71ardesignjet_z6810_2qu14adesignjet_z6600_f2s71ar_firmwareHP DesignJet Printer
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2021-39002
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.18% / 39.49%
||
7 Day CHG~0.00%
Published-09 Dec, 2021 | 17:00
Updated-16 Sep, 2024 | 20:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.

Action-Not Available
Vendor-Microsoft CorporationHP Inc.IBM CorporationLinux Kernel Organization, IncNetApp, Inc.Oracle Corporation
Product-solarislinux_kerneldb2hp-uxwindowsaixoncommand_insightDB2 for Linux, UNIX and Windows
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2021-29723
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.14% / 34.41%
||
7 Day CHG~0.00%
Published-30 Aug, 2021 | 17:00
Updated-16 Sep, 2024 | 20:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Sterling Secure Proxy 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-ForceID: 201100.

Action-Not Available
Vendor-Microsoft CorporationHP Inc.IBM CorporationLinux Kernel Organization, IncOracle Corporation
Product-sterling_external_authentication_serversolarislinux_kernelsterling_secure_proxyhp-uxlinux_on_ibm_zwindowsaixSterling Secure Proxy
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2021-29722
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.14% / 34.41%
||
7 Day CHG~0.00%
Published-30 Aug, 2021 | 17:00
Updated-16 Sep, 2024 | 16:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Sterling Secure Proxy 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 201095.

Action-Not Available
Vendor-Microsoft CorporationHP Inc.IBM CorporationLinux Kernel Organization, IncOracle Corporation
Product-sterling_external_authentication_serversolarislinux_kernelsterling_secure_proxyhp-uxlinux_on_ibm_zwindowsaixSterling Secure Proxy
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2024-5749
Matching Score-8
Assigner-HP Inc.
ShareView Details
Matching Score-8
Assigner-HP Inc.
CVSS Score-7.5||HIGH
EPSS-0.11% / 30.35%
||
7 Day CHG+0.01%
Published-15 Oct, 2024 | 17:27
Updated-24 Feb, 2026 | 14:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Certain HP DesignJet products – Credential reflection

Certain HP DesignJet products may be vulnerable to credential reflection which allow viewing SMTP server credentials.

Action-Not Available
Vendor-HP Inc.
Product-f9a29c_firmwaref9a29e_firmwaref9a29b_firmwaref9a29g_firmwaref9a30cf9a30et5d66a_firmwaref9a29af9a29df9a30g_firmwaref9a30bf9a30d_firmwaref9a29gf9a30e_firmwaref9a30gf9a30a_firmware1jl02b_firmwaref9a29a_firmwaref9a30c_firmwaref9a29d_firmwaref9a29cf9a30a1jl02bf9a29et5d67a_firmwaref9a30b_firmwaret5d66at5d67af9a29bf9a30dCertain HP DesignJet productsdesignjet_t830_firmwaredesignjet_t730_firmware
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2021-26586
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-7.5||HIGH
EPSS-0.30% / 53.49%
||
7 Day CHG~0.00%
Published-05 Aug, 2021 | 20:40
Updated-03 Aug, 2024 | 20:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A potential security vulnerability has been identified in the HPE Edgeline Infrastructure Manager, also known as HPE Edgeline Infrastructure Management Software. The vulnerability could be remotely exploited to disclose sensitive information. HPE has made software updates available to resolve the vulnerability in the HPE Edgeline Infrastructure Manager (EIM).

Action-Not Available
Vendor-n/aHP Inc.
Product-edgeline_infrastructure_managementHPE Edgeline Infrastructure Management Software
CVE-2023-33850
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-7.5||HIGH
EPSS-0.05% / 15.99%
||
7 Day CHG~0.00%
Published-22 Aug, 2023 | 20:31
Updated-03 Nov, 2025 | 22:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM GSKit-Crypto information disclosure

IBM GSKit-Crypto could allow a remote attacker to obtain sensitive information, caused by a timing-based side channel in the RSA Decryption implementation. By sending an overly large number of trial messages for decryption, an attacker could exploit this vulnerability to obtain sensitive information.

Action-Not Available
Vendor-IBM CorporationMicrosoft CorporationHP Inc.Linux Kernel Organization, Inc
Product-txseries_for_multiplatformhp-uxwindowsaixcics_txlinux_kernelCICS TX StandardTXSeries for MultiplatformsCICS TX Advancedcics_txtxseries_for_multiplatform
CWE ID-CWE-203
Observable Discrepancy
CVE-2021-20354
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.46% / 63.73%
||
7 Day CHG~0.00%
Published-18 Feb, 2021 | 15:10
Updated-16 Sep, 2024 | 20:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM WebSphere Application Server 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 194883.

Action-Not Available
Vendor-Microsoft CorporationHP Inc.IBM CorporationLinux Kernel Organization, IncOracle Corporation
Product-solarislinux_kernelwebsphere_application_serverihp-uxwindowsz\/osaixWebSphere Application Server
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2025-33142
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.03% / 7.09%
||
7 Day CHG~0.00%
Published-14 Aug, 2025 | 15:41
Updated-18 Aug, 2025 | 18:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM WebSphere Application Server information disclosure

IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security for TLS connections.

Action-Not Available
Vendor-Oracle CorporationIBM CorporationHP Inc.Microsoft CorporationLinux Kernel Organization, Inc
Product-linux_kernelwindowsz\/osisolarishp-uxwebsphere_application_serveraixWebSphere Application Server
CWE ID-CWE-295
Improper Certificate Validation
CVE-2020-7130
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-7.5||HIGH
EPSS-1.35% / 79.91%
||
7 Day CHG-1.01%
Published-04 Mar, 2020 | 20:21
Updated-04 Aug, 2024 | 09:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HPE OneView Global Dashboard (OVGD) 1.9 has a remote information disclosure vulnerability. HPE OneView Global Dashboard - After Upgrade or Install of OVGD Version 1.9, Appliance Firewall May Leave Ports Open. This is resolved in OVGD 1.91 or later.

Action-Not Available
Vendor-n/aHP Inc.
Product-oneview_global_dashboardHPE OneView Global Dashboard
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2023-1707
Matching Score-8
Assigner-HP Inc.
ShareView Details
Matching Score-8
Assigner-HP Inc.
CVSS Score-7.5||HIGH
EPSS-0.41% / 60.77%
||
7 Day CHG~0.00%
Published-13 Jun, 2023 | 17:06
Updated-03 Jan, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain HP Enterprise LaserJet and HP LaserJet Managed Printers are potentially vulnerable to information disclosure when IPsec is enabled with FutureSmart version 5.6.

Action-Not Available
Vendor-HP Inc.
Product-color_laserjet_managed_mfp_e78625_5qj90alaserjet_managed_flow_mfp_e73140_6bs58acolor_laserjet_managed_mfp_e786_3sj13alaserjet_managed_mfp_e73140_6bs57acolor_laserjet_enterprise_6700_49l00alaserjet_managed_e82670_3sj07acolor_laserjet_managed_flow_e87750_5qk20acolor_laserjet_managed_flow_mfp_e78625_5qj90alaserjet_managed_flow_mfp_e73130_5qk02acolor_laserjet_managed_flow_e87750_3sj37acolor_laserjet_managed_flow_mfp_e78630_3sj12acolor_laserjet_managed_mfp_e78630_5qj90alaserjet_enterprise_mfp_m430_3pz55acolor_laserjet_managed_mfp_e87760_3sj22acolor_laserjet_managed_flow_e87740_3sj19alaserjet_managed_mfp_e826dn_5qk13acolor_laserjet_managed_mfp_e87740_3sj38alaserjet_managed_mfp_e42540_3pz75acolor_laserjet_managed_mfp_e78625_3sj32alaserjet_managed_flow_mfp_e826z_3sj29alaserjet_managed_mfp_e73140_3sj00acolor_laserjet_managed_flow_e87770_5qk03alaserjet_managed_mfp_e73135_6bs58acolor_laserjet_managed_flow_e87760_3sj38acolor_laserjet_enterprise_flow_mfp_6800_6qn37acolor_laserjet_enterprise_6700_4y280alaserjet_managed_flow_mfp_e826z_5qk09alaserjet_managed_e40040_3pz35acolor_laserjet_managed_flow_e87760_3sj20acolor_laserjet_managed_flow_e87760_3sj19alaserjet_managed_e82650_3sj09acolor_laserjet_managed_mfp_e78625_3sj12acolor_laserjet_managed_mfp_e87750_3sj22acolor_laserjet_managed_mfp_e87740_3sj21acolor_laserjet_enterprise_5700_6qn28alaserjet_enterprise_mfp_m431_3pz56acolor_laserjet_managed_flow_mfp_e78630_5qk18alaserjet_managed_e82670_3sj28acolor_laserjet_managed_mfp_e87750_5qk03acolor_laserjet_enterprise_flow_mfp_6800_4y279acolor_laserjet_managed_mfp_e87750_3sj36acolor_laserjet_managed_flow_e87770_3sj38acolor_laserjet_managed_mfp_e87750_3sj21acolor_laserjet_managed_flow_e87750_5qk03acolor_laserjet_managed_flow_e87740_3sj36acolor_laserjet_managed_mfp_e87760_5qk20acolor_laserjet_managed_flow_e87760_3sj21alaserjet_managed_flow_mfp_e73135_5qj98acolor_laserjet_managed_mfp_e87770_5qk20alaserjet_managed_flow_mfp_e73130_3sj02alaserjet_managed_mfp_e826dn_3sj09acolor_laserjet_enterprise_mfp_6800_6qn35alaserjet_managed_e82660_3sj09alaserjet_managed_mfp_e73130_6bs57acolor_laserjet_managed_mfp_e78635_3sj32acolor_laserjet_enterprise_x55745_6qp97acolor_laserjet_managed_mfp_e78528_5qj81acolor_laserjet_enterprise_mfp_x57945_6qp98acolor_laserjet_enterprise_mfp_6800_6qn36alaserjet_managed_flow_mfp_e826z_3sj09acolor_laserjet_managed_mfp_e87770_3sj21acolor_laserjet_managed_flow_e87760_3sj35acolor_laserjet_managed_mfp_e87760_3sj37acolor_laserjet_enterprise_6701_4y280acolor_laserjet_managed_mfp_e786_3sj12acolor_laserjet_managed_mfp_e78625_5qj94acolor_laserjet_managed_flow_mfp_e78630_3sj34acolor_laserjet_managed_mfp_e87740_3sj37acolor_laserjet_enterprise_flow_mfp_5800_49k96avcolor_laserjet_managed_mfp_e87770_3sj19acolor_laserjet_managed_mfp_e78630_3sj33alaserjet_managed_mfp_e826dn_3sj29acolor_laserjet_managed_mfp_e786_5qj90acolor_laserjet_managed_mfp_e78635_5qj90acolor_laserjet_managed_flow_mfp_e786_5qj90acolor_laserjet_enterprise_flow_mfp_x57945_6qp99acolor_laserjet_managed_flow_e87760_3sj37acolor_laserjet_managed_mfp_e87740_5qk03acolor_laserjet_enterprise_mfp_5800_6qn29acolor_laserjet_managed_flow_e87740_3sj35acolor_laserjet_managed_mfp_e78625_5qk18acolor_laserjet_managed_flow_mfp_e786_3sj12alaserjet_managed_mfp_e73025_3sj03alaserjet_managed_mfp_e73030_3sj04acolor_laserjet_enterprise_mfp_x57945_49k97avcolor_laserjet_managed_mfp_e78625_3sj34acolor_laserjet_enterprise_6700_6qn33acolor_laserjet_managed_flow_e87770_3sj21acolor_laserjet_managed_flow_mfp_e786_3sj32acolor_laserjet_managed_mfp_e78625_3sj11alaserjet_managed_mfp_e73130_5qk02acolor_laserjet_managed_mfp_e87770_3sj36acolor_laserjet_managed_flow_e87750_3sj36acolor_laserjet_managed_mfp_e78635_3sj33acolor_laserjet_managed_mfp_e78635_5qk18alaserjet_managed_mfp_e73135_3sj01acolor_laserjet_managed_mfp_e87760_3sj20alaserjet_managed_e82670_5qk13acolor_laserjet_managed_flow_mfp_e786_5qk18acolor_laserjet_managed_flow_e87750_3sj20acolor_laserjet_managed_flow_mfp_e786_3sj11acolor_laserjet_managed_flow_e87740_3sj22acolor_laserjet_enterprise_mfp_6800_4y279acolor_laserjet_managed_flow_e87770_3sj35acolor_laserjet_enterprise_flow_mfp_5800_6qn29acolor_laserjet_managed_mfp_e78630_3sj11acolor_laserjet_managed_flow_mfp_e78625_3sj12acolor_laserjet_managed_flow_mfp_e78625_3sj32alaserjet_managed_e82660_3sj29acolor_laserjet_managed_mfp_e78625_3sj33alaserjet_managed_e82650_3sj08acolor_laserjet_managed_mfp_e87760_3sj21alaserjet_managed_e82670_3sj08alaserjet_managed_mfp_e73140_5qj98alaserjet_managed_e82660_5qk13alaserjet_managed_flow_mfp_e73135_3sj01acolor_laserjet_managed_flow_e87740_5qk20acolor_laserjet_managed_flow_mfp_e78635_3sj12alaserjet_managed_mfp_e73130_5qj98alaserjet_managed_mfp_e73135_3sj02alaserjet_managed_mfp_e73030_3sj03acolor_laserjet_managed_mfp_e87770_3sj38acolor_laserjet_managed_flow_e87740_3sj38acolor_laserjet_enterprise_flow_mfp_5800_6qn30acolor_laserjet_managed_mfp_e78523_5qj83alaserjet_managed_flow_mfp_e826z_3sj07alaserjet_managed_flow_mfp_e73140_6bs59alaserjet_managed_flow_mfp_e826z_3sj30alaserjet_managed_mfp_e826dn_3sj08acolor_laserjet_enterprise_flow_mfp_x57945_49k97avcolor_laserjet_managed_flow_mfp_e78630_3sj32acolor_laserjet_managed_mfp_e78528_5qk15alaserjet_managed_e82650_3sj28acolor_laserjet_managed_mfp_e87740_3sj22alaserjet_managed_mfp_e73135_5qj98acolor_laserjet_managed_flow_e87740_3sj37acolor_laserjet_managed_flow_mfp_e78635_3sj32acolor_laserjet_managed_flow_e87770_3sj22acolor_laserjet_enterprise_flow_mfp_6800_6qn35acolor_laserjet_managed_flow_mfp_e78635_3sj13acolor_laserjet_managed_mfp_e78625_3sj13acolor_laserjet_enterprise_mfp_6800_6qn38acolor_laserjet_enterprise_flow_mfp_5800_58r10acolor_laserjet_managed_flow_mfp_e78635_5qk18acolor_laserjet_managed_flow_e87750_3sj21alaserjet_managed_mfp_e73140_6bs59alaserjet_managed_mfp_e73135_5qk02acolor_laserjet_managed_mfp_e786_5qj94acolor_laserjet_managed_mfp_e87770_3sj37alaserjet_managed_e82670_3sj29acolor_laserjet_managed_mfp_e87740_3sj36alaserjet_managed_e82650_3sj30acolor_laserjet_managed_flow_mfp_e78635_5qj90acolor_laserjet_managed_mfp_e786_3sj33acolor_laserjet_managed_mfp_e78635_3sj13acolor_laserjet_managed_mfp_e78523_5qj81acolor_laserjet_enterprise_flow_mfp_x57945_6qp98acolor_laserjet_managed_mfp_e78630_5qk18alaserjet_enterprise_m407_3pz16acolor_laserjet_managed_mfp_e87740_3sj35acolor_laserjet_enterprise_6701_6qn33acolor_laserjet_enterprise_mfp_5800_6qn30acolor_laserjet_enterprise_flow_mfp_6800_6qn36alaserjet_managed_flow_mfp_e73130_6bs59alaserjet_managed_flow_mfp_e73135_3sj00alaserjet_managed_flow_mfp_e73130_6bs57alaserjet_managed_e82670_3sj09alaserjet_managed_flow_mfp_e73135_3sj02alaserjet_managed_mfp_e73130_3sj01alaserjet_managed_flow_mfp_e73135_5qk02acolor_laserjet_managed_mfp_e87760_3sj35acolor_laserjet_managed_flow_mfp_e78625_3sj11acolor_laserjet_managed_mfp_e786_3sj32acolor_laserjet_managed_flow_e87770_3sj19alaserjet_managed_e82660_3sj28acolor_laserjet_enterprise_flow_mfp_5800_6qn31alaserjet_managed_flow_mfp_e73135_6bs59acolor_laserjet_managed_flow_mfp_e78625_5qj94alaserjet_managed_flow_mfp_e73140_6bs57acolor_laserjet_managed_flow_mfp_e786_5qj94alaserjet_managed_e82650_5qk09acolor_laserjet_enterprise_6701_49l00acolor_laserjet_managed_mfp_e78523_5qk15alaserjet_managed_e82660_3sj08acolor_laserjet_managed_flow_mfp_e78635_5qj94alaserjet_managed_mfp_e73140_3sj01acolor_laserjet_managed_mfp_e87750_3sj35alaserjet_managed_flow_mfp_e73030_3sj03acolor_laserjet_managed_mfp_e87750_3sj37acolor_laserjet_managed_flow_e87770_3sj36acolor_laserjet_enterprise_flow_mfp_6800_6qn38acolor_laserjet_managed_flow_e87770_3sj20acolor_laserjet_managed_flow_e87770_3sj37acolor_laserjet_managed_mfp_e78635_3sj11acolor_laserjet_managed_mfp_e87740_3sj19acolor_laserjet_managed_flow_e87740_3sj21alaserjet_managed_mfp_e826dn_5qk09acolor_laserjet_managed_mfp_e87750_5qk20acolor_laserjet_managed_mfp_e87750_5qk08acolor_laserjet_managed_mfp_e87750_3sj38acolor_laserjet_enterprise_mfp_5800_49k96avlaserjet_managed_flow_mfp_e73130_3sj00acolor_laserjet_enterprise_5700_49k98alaserjet_managed_mfp_e826dn_3sj30acolor_laserjet_enterprise_6701_58m42acolor_laserjet_managed_flow_e87740_5qk03acolor_laserjet_managed_mfp_e78630_3sj13acolor_laserjet_managed_mfp_e87740_5qk08alaserjet_managed_mfp_e73135_3sj00alaserjet_managed_flow_mfp_e73135_6bs58afuturesmart_5color_laserjet_managed_flow_e87760_3sj22alaserjet_managed_mfp_e73135_6bs57acolor_laserjet_managed_flow_mfp_e78630_3sj33acolor_laserjet_managed_mfp_e785dn_5qk15acolor_laserjet_managed_flow_e87770_5qk20acolor_laserjet_managed_flow_e87760_5qk20acolor_laserjet_managed_mfp_e87760_3sj19acolor_laserjet_managed_mfp_e78630_5qj94acolor_laserjet_enterprise_m455_3pz95alaserjet_managed_flow_mfp_e73130_3sj01acolor_laserjet_managed_mfp_e87770_3sj22alaserjet_managed_flow_mfp_e826z_5qk13acolor_laserjet_managed_mfp_e786_5qk18acolor_laserjet_managed_mfp_e87770_3sj35alaserjet_enterprise_m406_3pz15alaserjet_managed_mfp_e73130_3sj02acolor_laserjet_managed_flow_mfp_e78630_5qj94acolor_laserjet_enterprise_mfp_m480_3qa55acolor_laserjet_managed_mfp_e785dn_5qj83acolor_laserjet_enterprise_flow_mfp_6800_49k84acolor_laserjet_managed_flow_mfp_e786_3sj13acolor_laserjet_managed_flow_mfp_e78635_3sj11acolor_laserjet_managed_mfp_e87760_3sj38alaserjet_managed_flow_mfp_e826z_3sj08alaserjet_managed_e82660_3sj30acolor_laserjet_managed_flow_mfp_e78625_3sj33alaserjet_managed_mfp_e826dn_3sj07acolor_laserjet_managed_flow_mfp_e78635_3sj33acolor_laserjet_managed_mfp_e78630_3sj32acolor_laserjet_enterprise_mfp_x57945_6qp99alaserjet_managed_mfp_e73025_5qj87acolor_laserjet_managed_mfp_e786_3sj11alaserjet_managed_flow_mfp_e73140_3sj02acolor_laserjet_enterprise_mfp_5800_58r10alaserjet_managed_mfp_e73025_3sj04acolor_laserjet_managed_e45028_3qa35alaserjet_managed_flow_mfp_e73130_6bs58alaserjet_managed_e82660_5qk09alaserjet_managed_mfp_e73130_6bs59acolor_laserjet_enterprise_mfp_6800_49k84acolor_laserjet_managed_flow_mfp_e786_3sj33acolor_laserjet_managed_mfp_e78635_3sj12alaserjet_managed_flow_mfp_e73140_5qk02alaserjet_managed_mfp_e73130_3sj00acolor_laserjet_managed_mfp_e78635_3sj34alaserjet_managed_flow_mfp_e826z_3sj28alaserjet_managed_e82670_3sj30alaserjet_managed_e82650_3sj07alaserjet_managed_flow_mfp_e73030_5qj87acolor_laserjet_managed_mfp_e78528_5qj83acolor_laserjet_managed_flow_e87760_3sj36alaserjet_managed_flow_mfp_e73140_5qj98acolor_laserjet_managed_flow_e87760_5qk03acolor_laserjet_managed_flow_mfp_e78625_3sj34acolor_laserjet_managed_mfp_e87760_5qk08alaserjet_managed_flow_mfp_e73130_5qj98acolor_laserjet_managed_flow_mfp_e78630_3sj13acolor_laserjet_managed_flow_mfp_e78630_3sj11alaserjet_managed_mfp_e73140_6bs58acolor_laserjet_managed_flow_e87740_3sj20acolor_laserjet_managed_flow_e87750_3sj19acolor_laserjet_enterprise_x55745_49k99acolor_laserjet_managed_mfp_e87760_3sj36acolor_laserjet_managed_flow_e87750_3sj22acolor_laserjet_managed_mfp_e78630_3sj12acolor_laserjet_managed_flow_mfp_e78625_5qk18acolor_laserjet_managed_flow_mfp_e78635_3sj34alaserjet_managed_flow_mfp_e73140_3sj00acolor_laserjet_managed_flow_e87750_3sj38acolor_laserjet_managed_flow_e87740_5qk08acolor_laserjet_managed_mfp_e785dn_5qj81alaserjet_managed_e82650_3sj29acolor_laserjet_managed_mfp_e87770_3sj20acolor_laserjet_managed_flow_e87750_3sj35acolor_laserjet_managed_mfp_e87750_3sj19alaserjet_managed_e82650_5qk13acolor_laserjet_managed_mfp_e87770_5qk08alaserjet_managed_flow_mfp_e73135_6bs57acolor_laserjet_managed_mfp_e78635_5qj94acolor_laserjet_managed_flow_mfp_e786_3sj34acolor_laserjet_managed_mfp_e87740_5qk20alaserjet_managed_mfp_e73140_3sj02acolor_laserjet_managed_mfp_e87750_3sj20acolor_laserjet_managed_mfp_e47528_3qa75alaserjet_managed_e82670_5qk09acolor_laserjet_managed_mfp_e78630_3sj34alaserjet_managed_mfp_e73140_5qk02acolor_laserjet_managed_flow_mfp_e78625_3sj13alaserjet_managed_mfp_e826dn_3sj28alaserjet_managed_e82660_3sj07acolor_laserjet_managed_mfp_e87770_5qk03acolor_laserjet_managed_mfp_e87760_5qk03acolor_laserjet_managed_flow_e87770_5qk08alaserjet_managed_flow_mfp_e73140_3sj01alaserjet_managed_flow_mfp_e73030_3sj04acolor_laserjet_managed_flow_mfp_e78630_5qj90acolor_laserjet_enterprise_mfp_6800_6qn37acolor_laserjet_managed_flow_e87760_5qk08alaserjet_managed_mfp_e73135_6bs59alaserjet_managed_mfp_e73030_5qj87alaserjet_managed_mfp_e73130_6bs58acolor_laserjet_managed_mfp_e786_3sj34acolor_laserjet_enterprise_6700_58m42acolor_laserjet_managed_mfp_e87740_3sj20acolor_laserjet_managed_flow_e87750_5qk08acolor_laserjet_enterprise_mfp_5800_6qn31aHP Enterprise LaserJet and HP LaserJet Managed Printers
CWE ID-CWE-203
Observable Discrepancy
CVE-2020-4937
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.11% / 29.80%
||
7 Day CHG~0.00%
Published-20 Nov, 2020 | 13:50
Updated-17 Sep, 2024 | 04:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.0.3.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 191814.

Action-Not Available
Vendor-Microsoft CorporationHP Inc.IBM CorporationLinux Kernel Organization, IncOracle Corporation
Product-sterling_b2b_integratorsolarislinux_kernelihp-uxwindowsaixSterling B2B Integrator
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2019-11995
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-7.5||HIGH
EPSS-1.98% / 83.39%
||
7 Day CHG~0.00%
Published-18 Dec, 2019 | 19:46
Updated-04 Aug, 2024 | 23:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Security vulnerabilities in HPE UIoT version 1.2.4.2 could allow unauthorized remote access and access to sensitive data. HPE has addressed this issue in HPE UIoT: For customers with release UIoT 1.2.4.2 fixes are made available with 1.2.4.2 RP3 HF1. For customers with release older than 1.2.4.2, such as 1.2.4.1, 1.2.4.0, the resolution will be to upgrade to 1.2.4.2 RP3 HF1 Customers are requested to upgrade to the updated versions or contact HPE support for further assistance.

Action-Not Available
Vendor-n/aHP Inc.
Product-universal_internet_of_thingsHPE IOT + GCP
CVE-2022-43927
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.11% / 29.85%
||
7 Day CHG~0.00%
Published-17 Feb, 2023 | 16:51
Updated-18 Mar, 2025 | 15:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Db2 for Linux, UNIX and Windows information disclosure

IBM Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 is vulnerable to information Disclosure due to improper privilege management when a specially crafted table access is used. IBM X-Force ID: 241671.

Action-Not Available
Vendor-IBM CorporationHP Inc.Microsoft CorporationOracle CorporationLinux Kernel Organization, Inc
Product-solarislinux_kerneldb2hp-uxwindowsaixDb2 for Linux, UNIX and Windows
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-269
Improper Privilege Management
CVE-2022-37934
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-6.8||MEDIUM
EPSS-0.56% / 68.07%
||
7 Day CHG~0.00%
Published-03 Jan, 2023 | 18:33
Updated-10 Apr, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A potential security vulnerability has been identified in HPE OfficeConnect 1820, and 1850 switch series. The vulnerability could be remotely exploited to allow remote directory traversal in HPE OfficeConnect 1820 switch series version PT.02.17 and below, HPE OfficeConnect 1850 switch series version PC.01.23 and below, and HPE OfficeConnect 1850 (10G aggregator) switch version PO.01.22 and below.

Action-Not Available
Vendor-Hewlett Packard Enterprise (HPE)HP Inc.
Product-officeconnect_1850_6xgtofficeconnect_1820_48g_poe\+_\(370w\)_switch_j9984a_firmwareofficeconnect_1820_8g_poe\+_\(65w\)_switch_j9982aofficeconnect_1850_24g_2xgt_poe\+officeconnect_1850_24g_2xgtofficeconnect_1850_2xgt\/spf\+officeconnect_1850_2xgt\/spf\+_firmwareofficeconnect_1820_24g_poe\+_\(185w\)_switch_j9983a_firmwareofficeconnect_1850_48g_4xgt_poe\+officeconnect_1850_24g_2xgt_firmwareofficeconnect_1850_48g_4xgt_poe\+_firmwareofficeconnect_1850_48g_4xgtofficeconnect_1850_6xgt_firmwareofficeconnect_1820_48g_poe\+_\(370w\)_switch_j9984aofficeconnect_1820_8g_switch_j9979a_firmwareofficeconnect_1820_8g_poe\+_\(65w\)_switch_j9982a_firmwareofficeconnect_1820_24g_poe\+_\(185w\)_switch_j9983aofficeconnect_1850_24g_2xgt_poe\+_firmwareofficeconnect_1820_8g_switch_j9979aofficeconnect_1850_48g_4xgt_firmwareHPE OfficeConnect 1820 and 1850 Switch Series
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2025-12785
Matching Score-8
Assigner-HP Inc.
ShareView Details
Matching Score-8
Assigner-HP Inc.
CVSS Score-6.9||MEDIUM
EPSS-0.04% / 11.34%
||
7 Day CHG~0.00%
Published-13 Nov, 2025 | 17:38
Updated-13 Feb, 2026 | 16:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Certain HP LaserJet Pro Printers – Potential Information Disclosure

Certain HP LaserJet Pro printers may be vulnerable to information disclosure leading to credential exposure by altering the scan/send destination address and/or modifying the LDAP Server.

Action-Not Available
Vendor-HP IncHP Inc.
Product-7kw59a7kw64a_firmwarew1a63a7kw68a7kw75a_firmware7kw57a_firmwarew1a82aw1a77a7kw66aw1a30a_firmwarew1a35a_firmware7kw55a7kw66a_firmwarew1y47a_firmwarew1a76aw1a33a7kw67aw1a28a_firmware7kw49a_firmwarew1a32a_firmware7kw59a_firmwarew1a60a_firmwarew1a34aw1y47aw1a63a_firmwarew1y45a_firmwarew1a35aw1y40aw1y40a_firmwarew1a52aw1a38a7kw74aw1a80aw1y43aw1a31a7kw56a7kw57aw1a48a_firmware7kw73a_firmwarew1a57a_firmwarew1a81a_firmwarew1a79aw1a56aw1a38a_firmware7kw76a7kw58a_firmware7kw48a7kw72a_firmwarew1a58a_firmwarew1a47a7kw77a_firmware7kw72aw1a56a_firmware7kw48a_firmwarew1a66aw1a58aw1a79a_firmwarew1a51a_firmwarew1y43a_firmwarew1y44a7kw79aw1y41a_firmware7kw58aw1a77a_firmware7kw77a7kw63a_firmware7kw78a7kw65a7kw64a7kw54a_firmwarew1a53aw1y44a_firmwarew1y46a_firmwarew1a59aw1a75aw1a53a_firmwarew1a78aw1a30a7kw68a_firmware7kw51a_firmwarew1y46aw1a57a7kw65a_firmwarew1a51aw1a29aw1a47a_firmware7kw63a7kw79a_firmwarew1a48a7kw74a_firmware93m22a_firmwarew1a60aw1a46a_firmwarew1a31a_firmwarew1a46aw1a75a_firmwarew1a34a_firmwarew1y45a7kw51aw1a76a_firmware7kw76a_firmwarew1a32aw1y41aw1a82a_firmwarew1a52a_firmware93m22aw1a81aw1a33a_firmware7kw50aw1a59a_firmware7kw75a7kw56a_firmware7kw55a_firmwarew1a28aw1a80a_firmware7kw50a_firmwarew1a66a_firmwarew1a78a_firmware7kw54aw1a29a_firmware7kw49a7kw73a7kw78a_firmware7kw67a_firmwareHP LaserJet Pro MFP M428-M429 f seriesHP LaserJet Pro M304-M305 Printer seriesHP Color LaserJet Pro M453-M454 seriesHP Color LaserJet MFP M478-M479 seriesHP LaserJet Pro M404-M405 Printer seriesHP LaserJet Pro MFP M428-M429 series
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2015-2802
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.88% / 88.07%
||
7 Day CHG~0.00%
Published-04 Feb, 2020 | 20:09
Updated-06 Aug, 2024 | 05:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An Information Disclosure vulnerability exists in HP SiteScope 11.2 and 11.3 on Windows, Linux and Solaris, HP Asset Manager 9.30 through 9.32, 9.40 through 9.41, 9.50, and Asset Manager Cloudsystem Chargeback 9.40, which could let a remote malicious user obtain sensitive information. This is the TLS vulnerability known as the RC4 cipher Bar Mitzvah vulnerability.

Action-Not Available
Vendor-n/aMicrosoft CorporationHP Inc.Oracle CorporationLinux Kernel Organization, Inc
Product-solarislinux_kernelasset_managerwindowssitescopeasset_manager_cloudsystem_chargebackn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2024-38320
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.04% / 11.51%
||
7 Day CHG~0.00%
Published-27 Jan, 2025 | 15:43
Updated-18 Aug, 2025 | 18:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Storage Protect for Virtual Environments: Data Protection for VMware information disclosure

IBM Storage Protect for Virtual Environments: Data Protection for VMware and Storage Protect Backup-Archive Client 8.1.0.0 through 8.1.23.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.

Action-Not Available
Vendor-Oracle CorporationIBM CorporationHP Inc.Microsoft CorporationLinux Kernel Organization, IncApple Inc.
Product-storage_protect_for_virtual_environmentslinux_kernelwindowsstorage_protectmacossolarishp-uxaixStorage Protect for Virtual Environments: Data Protection for VMwareStorage Protect Backup-Archive Client
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2026-1578
Matching Score-8
Assigner-HP Inc.
ShareView Details
Matching Score-8
Assigner-HP Inc.
CVSS Score-5.1||MEDIUM
EPSS-0.03% / 8.06%
||
7 Day CHG~0.00%
Published-13 Feb, 2026 | 14:56
Updated-13 Feb, 2026 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
HP App – Potential Cross-Site Scripting

HP App for Android is potentially vulnerable to cross-site scripting (XSS) when using an outdated version of the application via mobile devices. HP is releasing updates to mitigate these potential vulnerabilities.

Action-Not Available
Vendor-HP Inc
Product-HP App
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-1869
Matching Score-8
Assigner-HP Inc.
ShareView Details
Matching Score-8
Assigner-HP Inc.
CVSS Score-7.5||HIGH
EPSS-0.24% / 46.62%
||
7 Day CHG~0.00%
Published-01 Mar, 2024 | 21:31
Updated-15 Jan, 2026 | 14:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain HP DesignJet print products are potentially vulnerable to information disclosure related to accessing memory out-of-bounds when using the general-purpose gateway (GGW) over port 9220.

Action-Not Available
Vendor-HP Inc.
Product-cq893ccq891c_firmwarecq891ccq893c_firmwareHP DesignJetdesignjet_t120designjet_t520_36indesignjet_t520_24in
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-4499
Matching Score-8
Assigner-HP Inc.
ShareView Details
Matching Score-8
Assigner-HP Inc.
CVSS Score-7.5||HIGH
EPSS-0.18% / 39.68%
||
7 Day CHG~0.00%
Published-13 Oct, 2023 | 16:24
Updated-17 Sep, 2024 | 20:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A potential security vulnerability has been identified in the HP ThinUpdate utility (also known as HP Recovery Image and Software Download Tool) which may lead to information disclosure. HP is releasing mitigation for the potential vulnerability.

Action-Not Available
Vendor-HP Inc.
Product-mt32thinupdatet430elite_mt645mt43t628mt45mt44t630t638mt31t740t730t640mt21t540mt22t530mt46pro_mt440_g3HP ThinUpdatethinupdate
CWE ID-CWE-295
Improper Certificate Validation
CVE-2022-23698
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-7.5||HIGH
EPSS-0.31% / 53.55%
||
7 Day CHG~0.00%
Published-04 Apr, 2022 | 19:45
Updated-03 Aug, 2024 | 03:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote unauthenticated disclosure of information vulnerability was discovered in HPE OneView version(s): Prior to 6.6. HPE has provided a software update to resolve this vulnerability in HPE OneView.

Action-Not Available
Vendor-n/aHP Inc.
Product-oneviewHPE OneView
CVE-2023-50271
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-7.2||HIGH
EPSS-0.27% / 50.57%
||
7 Day CHG~0.00%
Published-17 Dec, 2023 | 14:49
Updated-02 Aug, 2024 | 22:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
HP-UX System Management Homepage, Disclosure of Information

A potential security vulnerability has been identified with HP-UX System Management Homepage (SMH). This vulnerability could be exploited locally or remotely to disclose information.

Action-Not Available
Vendor-HP Inc.Hewlett Packard Enterprise (HPE)
Product-system_management_homepagehp-uxHPE System Management Homepage (SMH)
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2022-43917
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.15% / 34.97%
||
7 Day CHG~0.00%
Published-25 Jan, 2023 | 17:17
Updated-31 Mar, 2025 | 14:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM WebSphere Application Server information disclosure

IBM WebSphere Application Server 8.5 and 9.0 traditional container uses weaker than expected cryptographic keys that could allow an attacker to decrypt sensitive information. This affects only the containerized version of WebSphere Application Server traditional. IBM X-Force ID: 241045.

Action-Not Available
Vendor-Oracle CorporationHP Inc.Microsoft CorporationIBM CorporationLinux Kernel Organization, Inc
Product-solarislinux_kernelwebsphere_application_serverihp-uxwindowsz\/osaixWebSphere Application Server
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2025-1212
Matching Score-4
Assigner-GitLab Inc.
ShareView Details
Matching Score-4
Assigner-GitLab Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.06% / 17.97%
||
7 Day CHG~0.00%
Published-12 Feb, 2025 | 15:02
Updated-06 Aug, 2025 | 18:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Exposure of Sensitive System Information to an Unauthorized Control Sphere in GitLab

An information disclosure vulnerability in GitLab CE/EE affecting all versions from 8.3 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2 allows an attacker to send a crafted request to a backend server to reveal sensitive information.

Action-Not Available
Vendor-GitLab Inc.
Product-gitlabGitLab
CWE ID-CWE-497
Exposure of Sensitive System Information to an Unauthorized Control Sphere
CVE-2024-5735
Matching Score-4
Assigner-CERT.PL
ShareView Details
Matching Score-4
Assigner-CERT.PL
CVSS Score-6.3||MEDIUM
EPSS-30.21% / 96.60%
||
7 Day CHG~0.00%
Published-28 Jun, 2024 | 11:24
Updated-01 Aug, 2024 | 21:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Full Path Disclosure in AdmirorFrames Joomla! Extension

Full Path Disclosure vulnerability in AdmirorFrames Joomla! extension in afHelper.php script allows an unauthorised attacker to retrieve location of web root folder. This issue affects AdmirorFrames: before 5.0.

Action-Not Available
Vendor-admiror-design-studioNikola Vasilijevski
Product-admirorframesAdmirorFrames
CWE ID-CWE-497
Exposure of Sensitive System Information to an Unauthorized Control Sphere
CVE-2024-54279
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.5||HIGH
EPSS-0.65% / 70.54%
||
7 Day CHG~0.00%
Published-16 Dec, 2024 | 15:41
Updated-16 Dec, 2024 | 16:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP-NERD Toolkit plugin <= 1.1 - Sensitive Data Exposure vulnerability

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPNERD WP-NERD Toolkit.This issue affects WP-NERD Toolkit: from n/a through 1.1.

Action-Not Available
Vendor-WPNERD
Product-WP-NERD Toolkit
CWE ID-CWE-497
Exposure of Sensitive System Information to an Unauthorized Control Sphere
CVE-2026-24523
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.5||HIGH
EPSS-0.04% / 13.38%
||
7 Day CHG~0.00%
Published-23 Jan, 2026 | 14:28
Updated-26 Jan, 2026 | 23:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP FullCalendar plugin <= 1.6 - Sensitive Data Exposure vulnerability

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Marcus (aka @msykes) WP FullCalendar wp-fullcalendar allows Retrieve Embedded Sensitive Data.This issue affects WP FullCalendar: from n/a through <= 1.6.

Action-Not Available
Vendor-Marcus (aka @msykes)
Product-WP FullCalendar
CWE ID-CWE-497
Exposure of Sensitive System Information to an Unauthorized Control Sphere
CVE-2025-68576
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.5||HIGH
EPSS-0.05% / 14.06%
||
7 Day CHG~0.00%
Published-24 Dec, 2025 | 13:10
Updated-20 Jan, 2026 | 15:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Virusdie plugin <= 1.1.6 - Sensitive Data Exposure vulnerability

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Virusdie Virusdie virusdie allows Retrieve Embedded Sensitive Data.This issue affects Virusdie: from n/a through <= 1.1.6.

Action-Not Available
Vendor-Virusdie
Product-Virusdie
CWE ID-CWE-497
Exposure of Sensitive System Information to an Unauthorized Control Sphere
CVE-2025-68988
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.5||HIGH
EPSS-0.04% / 13.38%
||
7 Day CHG~0.00%
Published-30 Dec, 2025 | 10:47
Updated-20 Jan, 2026 | 15:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress E-Invoice App Malaysia plugin <= 1.1.0 - Sensitive Data Exposure vulnerability

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in o2oe E-Invoice App Malaysia einvoiceapp-malaysia allows Retrieve Embedded Sensitive Data.This issue affects E-Invoice App Malaysia: from n/a through <= 1.1.0.

Action-Not Available
Vendor-o2oe
Product-E-Invoice App Malaysia
CWE ID-CWE-497
Exposure of Sensitive System Information to an Unauthorized Control Sphere
CVE-2025-68494
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.5||HIGH
EPSS-0.05% / 14.06%
||
7 Day CHG~0.00%
Published-24 Dec, 2025 | 12:31
Updated-20 Jan, 2026 | 15:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Premium Addons for Elementor plugin <= 4.11.53 - Sensitive Data Exposure vulnerability

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Leap13 Premium Addons for Elementor premium-addons-for-elementor allows Retrieve Embedded Sensitive Data.This issue affects Premium Addons for Elementor: from n/a through <= 4.11.53.

Action-Not Available
Vendor-leap13Leap13
Product-premium_addons_for_elementorPremium Addons for Elementor
CWE ID-CWE-497
Exposure of Sensitive System Information to an Unauthorized Control Sphere
CVE-2025-68606
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.5||HIGH
EPSS-0.05% / 14.06%
||
7 Day CHG~0.00%
Published-24 Dec, 2025 | 13:10
Updated-20 Jan, 2026 | 15:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress PostX plugin <= 5.0.3 - Sensitive Data Exposure vulnerability

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPXPO PostX ultimate-post allows Retrieve Embedded Sensitive Data.This issue affects PostX: from n/a through <= 5.0.3.

Action-Not Available
Vendor-WPXPO
Product-PostX
CWE ID-CWE-497
Exposure of Sensitive System Information to an Unauthorized Control Sphere
CVE-2025-67621
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.5||HIGH
EPSS-0.05% / 14.06%
||
7 Day CHG~0.00%
Published-24 Dec, 2025 | 13:10
Updated-20 Jan, 2026 | 15:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Eight Day Week Print Workflow plugin <= 1.2.5 - Sensitive Data Exposure vulnerability

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in 10up Eight Day Week Print Workflow eight-day-week-print-workflow allows Retrieve Embedded Sensitive Data.This issue affects Eight Day Week Print Workflow: from n/a through <= 1.2.5.

Action-Not Available
Vendor-10up
Product-Eight Day Week Print Workflow
CWE ID-CWE-497
Exposure of Sensitive System Information to an Unauthorized Control Sphere
CVE-2024-52367
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.10% / 28.70%
||
7 Day CHG~0.00%
Published-07 Jan, 2025 | 11:55
Updated-18 Jul, 2025 | 13:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Concert Software information disclosure

IBM Concert Software 1.0.0, 1.0.1, 1.0.2, 1.0.2.1, and 1.0.3 could disclose sensitive system information to an unauthorized actor that could be used in further attacks against the system.

Action-Not Available
Vendor-IBM Corporation
Product-concertConcert Software
CWE ID-CWE-497
Exposure of Sensitive System Information to an Unauthorized Control Sphere
CVE-2025-64258
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.5||HIGH
EPSS-0.05% / 14.06%
||
7 Day CHG~0.00%
Published-18 Dec, 2025 | 07:22
Updated-29 Jan, 2026 | 19:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Follow My Blog Post plugin <= 2.3.9 - Sensitive Data Exposure vulnerability

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in wpweb Follow My Blog Post follow-my-blog-post allows Retrieve Embedded Sensitive Data.This issue affects Follow My Blog Post: from n/a through <= 2.3.9.

Action-Not Available
Vendor-WPWeb Elite
Product-follow_my_blog_postFollow My Blog Post
CWE ID-CWE-497
Exposure of Sensitive System Information to an Unauthorized Control Sphere
CVE-2024-51770
Matching Score-4
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-4
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-7.5||HIGH
EPSS-0.07% / 20.68%
||
7 Day CHG~0.00%
Published-14 Jul, 2025 | 10:33
Updated-15 Jul, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability exists in HPE AutoPass License Server (APLS) prior to 9.17.

Action-Not Available
Vendor-Hewlett Packard Enterprise (HPE)
Product-HPE AutoPass License Server
CWE ID-CWE-497
Exposure of Sensitive System Information to an Unauthorized Control Sphere
CVE-2025-62902
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.5||HIGH
EPSS-0.06% / 17.43%
||
7 Day CHG+0.01%
Published-27 Oct, 2025 | 01:33
Updated-20 Jan, 2026 | 15:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Popup Builder plugin <= 1.3.6 - Sensitive Data Exposure vulnerability

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in ThemeHunk WP Popup Builder wp-popup-builder allows Retrieve Embedded Sensitive Data.This issue affects WP Popup Builder: from n/a through <= 1.3.6.

Action-Not Available
Vendor-themehunkThemeHunk
Product-wp_popup_builderWP Popup Builder
CWE ID-CWE-497
Exposure of Sensitive System Information to an Unauthorized Control Sphere
CVE-2025-58015
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.06% / 19.04%
||
7 Day CHG+0.01%
Published-22 Sep, 2025 | 18:24
Updated-12 Dec, 2025 | 19:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Quiz Maker Plugin <= 6.7.0.61 - Sensitive Data Exposure Vulnerability

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Ays Pro Quiz Maker allows Retrieve Embedded Sensitive Data. This issue affects Quiz Maker: from n/a through 6.7.0.61.

Action-Not Available
Vendor-AYS Pro Extensions
Product-quiz_makerQuiz Maker
CWE ID-CWE-497
Exposure of Sensitive System Information to an Unauthorized Control Sphere
CVE-2025-58585
Matching Score-4
Assigner-SICK AG
ShareView Details
Matching Score-4
Assigner-SICK AG
CVSS Score-5.3||MEDIUM
EPSS-0.10% / 28.06%
||
7 Day CHG~0.00%
Published-06 Oct, 2025 | 07:01
Updated-27 Jan, 2026 | 19:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Sensitive Information Disclosure Through Missing Authentication

Multiple endpoints with sensitive information do not require authentication, making the application susceptible to information gathering.

Action-Not Available
Vendor-SICK AG
Product-logistic_diagnostic_analyticspackage_analyticstire_analyticsbaggage_analyticsPackage AnalyticsTire AnalyticsLogistic Diagnostic AnalyticsBaggage Analytics
CWE ID-CWE-497
Exposure of Sensitive System Information to an Unauthorized Control Sphere
CVE-2024-50528
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.5||HIGH
EPSS-0.62% / 69.69%
||
7 Day CHG~0.00%
Published-04 Nov, 2024 | 14:07
Updated-06 Nov, 2024 | 17:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Stacks Mobile App Builder plugin <= 5.2.3 - Sensitive Data Exposure vulnerability

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Stacks Stacks Mobile App Builder allows Retrieve Embedded Sensitive Data.This issue affects Stacks Mobile App Builder: from n/a through 5.2.3.

Action-Not Available
Vendor-stacksmarketStacksstacks
Product-stacks_mobile_app_builderStacks Mobile App Builderstacks_mobile_app_builder
CWE ID-CWE-497
Exposure of Sensitive System Information to an Unauthorized Control Sphere
CVE-2020-36926
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-6.9||MEDIUM
EPSS-0.06% / 17.94%
||
7 Day CHG+0.02%
Published-15 Jan, 2026 | 23:25
Updated-09 Feb, 2026 | 15:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SmarterTools SmarterTrack 7922 -Information Disclosure

SmarterTrack 7922 contains an information disclosure vulnerability in the Chat Management search form that reveals agent identification details. Attackers can access the vulnerable /Management/Chat/frmChatSearch.aspx endpoint to retrieve agents' first and last names along with their unique identifiers.

Action-Not Available
Vendor-smartertoolsSmartertools
Product-smartertrackSmarterTools SmarterTrack
CWE ID-CWE-497
Exposure of Sensitive System Information to an Unauthorized Control Sphere
CVE-2020-36922
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-6.9||MEDIUM
EPSS-0.13% / 33.16%
||
7 Day CHG~0.00%
Published-06 Jan, 2026 | 15:52
Updated-22 Jan, 2026 | 21:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Sony BRAVIA Digital Signage 1.7.8 Unauthenticated System API Information Disclosure

Sony BRAVIA Digital Signage 1.7.8 contains an information disclosure vulnerability that allows unauthenticated attackers to access sensitive system details through API endpoints. Attackers can retrieve network interface information, server configurations, and system metadata by sending requests to the exposed system API.

Action-Not Available
Vendor-Pro-BraviaSony Group Corporation
Product-bravia_signageSony BRAVIA Digital Signage
CWE ID-CWE-497
Exposure of Sensitive System Information to an Unauthorized Control Sphere
CVE-2025-54459
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-8.7||HIGH
EPSS-0.24% / 47.32%
||
7 Day CHG+0.03%
Published-29 Oct, 2025 | 21:51
Updated-30 Oct, 2025 | 20:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Vertikal Systems Hospital Manager Backend Services Exposure of Sensitive System Information to an Unauthorized Control Sphere

Prior to September 19, 2025, the Hospital Manager Backend Services exposed the ASP.NET tracing endpoint /trace.axd without authentication, allowing a remote attacker to obtain live request traces and sensitive information such as request metadata, session identifiers, authorization headers, server variables, and internal file paths.

Action-Not Available
Vendor-Vertikal Systems
Product-Hospital Manager Backend Services
CWE ID-CWE-497
Exposure of Sensitive System Information to an Unauthorized Control Sphere
CVE-2024-22125
Matching Score-4
Assigner-SAP SE
ShareView Details
Matching Score-4
Assigner-SAP SE
CVSS Score-7.4||HIGH
EPSS-0.55% / 67.68%
||
7 Day CHG~0.00%
Published-09 Jan, 2024 | 01:20
Updated-17 Jun, 2025 | 20:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Information Disclosure vulnerability in Microsoft Edge browser extension (SAP GUI connector for Microsoft Edge)

Under certain conditions the Microsoft Edge browser extension (SAP GUI connector for Microsoft Edge) - version 1.0, allows an attacker to access highly sensitive information which would otherwise be restricted causing high impact on confidentiality.

Action-Not Available
Vendor-SAP SE
Product-gui_connectorMicrosoft Edge browser extension (SAP GUI connector for Microsoft Edge)
CWE ID-CWE-497
Exposure of Sensitive System Information to an Unauthorized Control Sphere
CVE-2024-22124
Matching Score-4
Assigner-SAP SE
ShareView Details
Matching Score-4
Assigner-SAP SE
CVSS Score-4.1||MEDIUM
EPSS-0.05% / 15.65%
||
7 Day CHG~0.00%
Published-09 Jan, 2024 | 01:19
Updated-14 Nov, 2024 | 16:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Information Disclosure vulnerability in SAP NetWeaver Internet Communication Manager

Under certain conditions, Internet Communication Manager (ICM) or SAP Web Dispatcher - versions KERNEL 7.22, KERNEL 7.53, KERNEL 7.54, KRNL64UC 7.22, KRNL64UC 7.22EXT, KRNL64UC 7.53, KRNL64NUC 7.22, KRNL64NUC 7.22_EXT, WEBDISP 7.22_EXT, WEBDISP 7.53, WEBDISP 7.54, could allow an attacker to access information which would otherwise be restricted causing high impact on confidentiality.

Action-Not Available
Vendor-SAP SE
Product-netweaverSAP NetWeaver (Internet Communication Manager)
CWE ID-CWE-497
Exposure of Sensitive System Information to an Unauthorized Control Sphere
CVE-2025-52616
Matching Score-4
Assigner-HCL Software
ShareView Details
Matching Score-4
Assigner-HCL Software
CVSS Score-5.3||MEDIUM
EPSS-0.06% / 18.47%
||
7 Day CHG~0.00%
Published-12 Oct, 2025 | 04:24
Updated-21 Oct, 2025 | 14:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
HCL Unica 12.1.10 is affected by an exposure of sensitive information

HCL Unica 12.1.10 can expose sensitive system information. An attacker could use this information to form an attack plan by leveraging known vulnerabilities in the application.

Action-Not Available
Vendor-HCL Technologies Ltd.
Product-unicaUnica
CWE ID-CWE-497
Exposure of Sensitive System Information to an Unauthorized Control Sphere
CVE-2025-47540
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.08% / 23.75%
||
7 Day CHG~0.00%
Published-07 May, 2025 | 14:20
Updated-09 Jun, 2025 | 17:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress weMail <= 1.14.13 - Sensitive Data Exposure Vulnerability

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in weDevs weMail allows Retrieve Embedded Sensitive Data. This issue affects weMail: from n/a through 1.14.13.

Action-Not Available
Vendor-weDevs Pte. Ltd.
Product-wemailweMail
CWE ID-CWE-497
Exposure of Sensitive System Information to an Unauthorized Control Sphere
CVE-2024-48024
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.5||HIGH
EPSS-0.47% / 64.42%
||
7 Day CHG~0.00%
Published-17 Oct, 2024 | 12:07
Updated-18 Oct, 2024 | 12:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Keep Backup Daily plugin <=2.0.7 - Sensitive Data Exposure vulnerability

: Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Fahad Mahmood Keep Backup Daily allows Retrieve Embedded Sensitive Data.This issue affects Keep Backup Daily: from n/a through 2.0.7.

Action-Not Available
Vendor-Fahad Mahmood
Product-Keep Backup Daily
CWE ID-CWE-497
Exposure of Sensitive System Information to an Unauthorized Control Sphere
CVE-2025-3606
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-8.7||HIGH
EPSS-0.31% / 53.63%
||
7 Day CHG~0.00%
Published-24 Apr, 2025 | 23:15
Updated-29 Apr, 2025 | 13:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Vestel AC Charger Exposure of Sensitive System Information to an Unauthorized Control Sphere

Vestel AC Charger version 3.75.0 contains a vulnerability that could enable an attacker to access files containing sensitive information, such as credentials which could be used to further compromise the device.

Action-Not Available
Vendor-Vestel
Product-AC Charger EVC04
CWE ID-CWE-497
Exposure of Sensitive System Information to an Unauthorized Control Sphere
  • Previous
  • 1
  • 2
  • Next
Details not found