Total
356 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-2241 | 2025-03-17 | N/A | 8.2 HIGH | ||
|
A flaw was found in Hive, a component of Multicluster Engine (MCE) and Advanced Cluster Management (ACM). This vulnerability causes VCenter credentials to be exposed in the ClusterProvision object after provisioning a VSphere cluster. Users with read access to ClusterProvision objects can extract sensitive credentials even if they do not have direct access to Kubernetes Secrets. This issue can lead to unauthorized VCenter access, cluster management, and privilege escalation.
|
|||||
| CVE-2025-2157 | 2025-03-15 | N/A | 3.3 LOW | ||
|
A flaw was found in Foreman/Red Hat Satellite. Improper file permissions allow low-privileged OS users to monitor and access temporary files under /var/tmp, exposing sensitive command outputs, such as /etc/shadow. This issue can lead to information disclosure and privilege escalation if exploited effectively.
|
|||||
| CVE-2023-23522 | 1 Apple | 1 Macos | 2025-03-11 | N/A | 5.5 MEDIUM |
|
A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Ventura 13.2.1. An app may be able to observe unprotected user data.
|
|||||
| CVE-2024-48353 | 1 Yealink | 1 Yealink Meeting Server | 2025-03-07 | N/A | 7.5 HIGH |
|
Yealink Meeting Server before V26.0.0.67 allows attackers to obtain static key information from a front-end JS file and decrypt the plaintext passwords based on the obtained key information.
|
|||||
| CVE-2025-21098 | 1 Openatom | 1 Openharmony | 2025-03-06 | N/A | 5.5 MEDIUM |
|
in OpenHarmony v5.0.2 and prior versions allow a local attacker cause information leak through out-of-bounds read bypass permission check.
|
|||||
| CVE-2025-22492 | 2025-02-28 | N/A | 6.3 MEDIUM | ||
|
The connection string visible to users with access to FRSCore database on Foreseer Reporting Software (FRS) VM, this
string can be used for gaining administrative access to the 4crXref database. This vulnerability has been resolved in the latest version 1.5.100 of FRS.
|
|||||
| CVE-2024-12315 | 1 Smackcoders | 1 Export All Posts\, Products\, Orders\, Refunds \& Users | 2025-02-25 | N/A | 7.5 HIGH |
|
The Export All Posts, Products, Orders, Refunds & Users plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.9.3 via the exports directory. This makes it possible for unauthenticated attackers to extract sensitive data stored insecurely in the /wp-content/uploads/smack_uci_uploads/exports/ directory which can contain information like exported user data.
|
|||||
| CVE-2023-6253 | 1 Fortra | 1 Digital Guardian Agent | 2025-02-13 | N/A | 6.0 MEDIUM |
|
A saved encryption key in the Uninstaller in Digital Guardian's Agent before version 7.9.4 allows a local attacker to retrieve the uninstall key and remove the software by extracting the uninstaller key from the memory of the uninstaller file.
|
|||||
| CVE-2023-50298 | 1 Apache | 1 Solr | 2025-02-13 | N/A | 7.5 HIGH |
|
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Solr.This issue affects Apache Solr: from 6.0.0 through 8.11.2, from 9.0.0 before 9.4.1.
Solr Streaming Expressions allows users to extract data from other Solr Clouds, using a "zkHost" parameter.
When original SolrCloud is setup to use ZooKeeper credentials and ACLs, they will be sent to whatever "zkHost" the user provides.
An attacker could setup a server to mock ZooKeeper, that accepts ZooKeeper requests with ...
Show More |
|||||
| CVE-2023-6962 | 1 Joomunited | 1 Wp Meta Seo | 2025-02-06 | N/A | 5.3 MEDIUM |
|
The WP Meta SEO plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.5.12 via the meta description. This makes it possible for unauthenticated attackers to disclose potentially sensitive information via the meta description of password-protected posts.
|
|||||
| CVE-2024-54549 | 1 Apple | 1 Macos | 2025-02-04 | N/A | 5.5 MEDIUM |
|
This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sequoia 15.2. An app may be able to access user-sensitive data.
|
|||||
| CVE-2024-29965 | 1 Broadcom | 1 Brocade Sannav | 2025-02-04 | N/A | 6.8 MEDIUM |
|
In Brocade SANnav before v2.3.1, and v2.3.0a, it is possible to back up the appliance from the web interface or the command line interface ("SSH"). The resulting backups are world-readable. A local attacker can recover backup files, restore them to a new malicious appliance, and retrieve the passwords of all the switches.
|
|||||
| CVE-2024-29968 | 1 Broadcom | 1 Brocade Sannav | 2025-02-04 | N/A | 7.7 HIGH |
|
An information disclosure vulnerability exists in Brocade SANnav before v2.3.1 and v2.3.0a when Brocade SANnav instances are configured in disaster recovery mode. SQL Table names, column names, and SQL queries are collected in DR standby Supportsave. This could allow authenticated users to access the database structure and its contents.
|
|||||
| CVE-2024-29953 | 1 Broadcom | 1 Fabric Operating System | 2025-02-04 | N/A | 4.3 MEDIUM |
|
A vulnerability in the web interface in Brocade Fabric OS before v9.2.1, v9.2.0b, and v9.1.1d prints encoded session passwords on session storage for Virtual Fabric platforms.
This could allow an authenticated user to view other users' session encoded passwords.
|
|||||
| CVE-2024-54728 | 2025-02-03 | N/A | 6.5 MEDIUM | ||
|
Incorrect access control in BYD QIN PLUS DM-i Dilink OS 3.0_13.1.7.2204050.1 allows unauthorized attackers to access system logcat logs.
|
|||||
| CVE-2024-3501 | 1 Lunary | 1 Lunary | 2025-01-30 | N/A | 8.1 HIGH |
|
In lunary-ai/lunary versions up to and including 1.2.5, an information disclosure vulnerability exists due to the inclusion of single-use tokens in the responses of `GET /v1/users/me` and `GET /v1/users/me/org` API endpoints. These tokens, intended for sensitive operations such as password resets or account verification, are exposed to unauthorized actors, potentially allowing them to perform actions on behalf of the user. This issue was addressed in version 1.2.6, where the exposure of single-u ...
Show More |
|||||
| CVE-2022-33973 | 2 Intel, Microsoft | 3 Wlan Authentication And Privacy Infrastructure, Windows 10, Windows 11 | 2025-01-29 | N/A | 3.3 LOW |
|
Improper access control in the Intel(R) WAPI Security software for Windows 10/11 before version 22.2150.0.1 may allow an authenticated user to potentially enable information disclosure via local access.
|
|||||
| CVE-2023-6748 | 1 Wpgogo | 1 Custom Field Template | 2025-01-29 | N/A | 4.3 MEDIUM |
|
The Custom Field Template plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.1 via the 'cft' shortcode. This makes it possible for authenticated attackers with contributor access and above, to extract sensitive data including arbitrary post metadata.
|
|||||
| CVE-2023-27942 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2025-01-29 | N/A | 5.5 MEDIUM |
|
The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, macOS Big Sur 11.7.5, macOS Monterey 12.6.4, tvOS 16.4, watchOS 9.4. An app may be able to access user-sensitive data.
|
|||||
| CVE-2023-23542 | 1 Apple | 1 Macos | 2025-01-29 | N/A | 5.5 MEDIUM |
|
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, macOS Big Sur 11.7.5. An app may be able to access user-sensitive data.
|
|||||
| CVE-2023-23541 | 1 Apple | 2 Ipados, Iphone Os | 2025-01-29 | N/A | 3.3 LOW |
|
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 15.7.4 and iPadOS 15.7.4, iOS 16.4 and iPadOS 16.4. An app may be able to access information about a user’s contacts.
|
|||||
| CVE-2022-43877 | 1 Ibm | 1 Urbancode Deploy | 2025-01-29 | N/A | 5.1 MEDIUM |
|
IBM UrbanCode Deploy (UCD) versions up to 7.3.0.1 could disclose sensitive password information during a manual edit of the agentrelay.properties file. IBM X-Force ID: 240148.
|
|||||
| CVE-2024-56972 | 2025-01-28 | N/A | 6.5 MEDIUM | ||
|
An issue in Midea Group Co., Ltd Midea Home iOS 9.3.12 allows attackers to access sensitive user information via supplying a crafted link.
|
|||||
| CVE-2024-56971 | 2025-01-28 | N/A | 6.5 MEDIUM | ||
|
An issue in Zhiyuan Yuedu (Guangzhou) Literature Information Technology Co., Ltd Shuqi Novel iOS 5.3.8 allows attackers to access sensitive user information via supplying a crafted link.
|
|||||
| CVE-2024-56969 | 2025-01-28 | N/A | 6.5 MEDIUM | ||
|
An issue in Pixocial Technology (Singapore) Pte. Ltd BeautyPlus iOS 7.8.010 allows attackers to access sensitive user information via supplying a crafted link.
|
|||||
| CVE-2024-56968 | 2025-01-28 | N/A | 6.5 MEDIUM | ||
|
An issue in Shenzhen Intellirocks Tech Co. Ltd Govee Home iOS 6.5.01 allows attackers to access sensitive user information via supplying a crafted payload.
|
|||||
| CVE-2024-56967 | 2025-01-28 | N/A | 6.5 MEDIUM | ||
|
An issue in Cloud Whale Interactive Technology LLC. PolyBuzz iOS 2.0.20 allows attackers to access sensitive user information via supplying a crafted link.
|
|||||
| CVE-2024-56966 | 2025-01-28 | N/A | 6.5 MEDIUM | ||
|
An issue in Shanghai Xuan Ting Entertainment Information & Technology Co., Ltd Qidian Reader iOS 5.9.384 allows attackers to access sensitive user information via supplying a crafted link.
|
|||||
| CVE-2024-56965 | 2025-01-28 | N/A | 6.5 MEDIUM | ||
|
An issue in Shanghai Shizhi Information Technology Co., Ltd Shihuo iOS 8.16.0 allows attackers to access sensitive user information via supplying a crafted link.
|
|||||
| CVE-2024-56964 | 2025-01-28 | N/A | 6.5 MEDIUM | ||
|
An issue in Che Hao Duo Used Automobile Agency (Beijing) Co., Ltd Guazi Used Car iOS 10.15.1 allows attackers to access sensitive user information via supplying a crafted link.
|
|||||
| CVE-2024-56963 | 2025-01-28 | N/A | 6.5 MEDIUM | ||
|
An issue in Beijing Sogou Technology Development Co., Ltd Sogou Input iOS 12.2.0 allows attackers to access sensitive user information via supplying a crafted link.
|
|||||
| CVE-2024-56962 | 2025-01-28 | N/A | 6.5 MEDIUM | ||
|
An issue in Tencent Technology (Shanghai) Co., Ltd WeSing iOS v9.3.39 allows attackers to access sensitive user information via supplying a crafted link.
|
|||||
| CVE-2024-56960 | 2025-01-28 | N/A | 6.5 MEDIUM | ||
|
An issue in Tianjin Xiaowu Information technology Co., Ltd BeiKe Holdings iOS 1.3.50 allows attackers to access sensitive user information via supplying a crafted link.
|
|||||
| CVE-2024-56959 | 2025-01-28 | N/A | 6.5 MEDIUM | ||
|
An issue in Mashang Consumer Finance Co., Ltd Anyihua iOS 3.6.2 allows attackers to access sensitive user information via supplying a crafted link.
|
|||||
| CVE-2024-56957 | 2025-01-28 | N/A | 6.5 MEDIUM | ||
|
An issue in Kingsoft Office Software Corporation Limited WPS Office iOS 12.20.0 allows attackers to access sensitive user information via supplying a crafted link.
|
|||||
| CVE-2024-56955 | 2025-01-28 | N/A | 6.5 MEDIUM | ||
|
An issue in Tencent Technology (Shenzhen) Company Limited QQMail iOS 6.6.4 allows attackers to access sensitive user information via supplying a crafted link.
|
|||||
| CVE-2024-56954 | 2025-01-28 | N/A | 6.5 MEDIUM | ||
|
An issue in Beijing Baidu Netcom Science & Technology Co Ltd Haokan Video iOS 7.70.0 allows attackers to access sensitive user information via supplying a crafted link.
|
|||||
| CVE-2024-56953 | 2025-01-28 | N/A | 6.5 MEDIUM | ||
|
An issue in Baidu (China) Co Ltd Baidu Input Method (iOS version) v12.6.13 allows attackers to access user information via supplying a crafted link.
|
|||||
| CVE-2024-56952 | 2025-01-28 | N/A | 6.5 MEDIUM | ||
|
An issue in Beijing Baidu Netcom Science & Technology Co Ltd Baidu Lite app (iOS version) 6.40.0 allows attackers to access user information via supplying a crafted link.
|
|||||
| CVE-2024-56951 | 2025-01-28 | N/A | 6.5 MEDIUM | ||
|
An issue in Hangzhou Bobo Technology Co Ltd UU Game Booster iOS 10.6.13 allows attackers to access sensitive user information via supplying a crafted link.
|
|||||