Total
8174 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-11741 | 2025-05-09 | N/A | 4.3 MEDIUM | ||
| Grafana is an open-source platform for monitoring and observability. The Grafana Alerting VictorOps integration was not properly protected and could be exposed to users with Viewer permission. Fixed in versions 11.5.0, 11.4.1, 11.3.3, 11.2.6, 11.1.11, 11.0.11 and 10.4.15 | |||||
| CVE-2024-58252 | 1 Huawei | 1 Harmonyos | 2025-05-09 | N/A | 6.2 MEDIUM |
| Vulnerability of insufficient information protection in the media library module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2025-46591 | 1 Huawei | 1 Harmonyos | 2025-05-09 | N/A | 6.2 MEDIUM |
| Out-of-bounds data read vulnerability in the authorization module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2022-43410 | 1 Jenkins | 1 Mercurial | 2025-05-08 | N/A | 5.3 MEDIUM |
| Jenkins Mercurial Plugin 1251.va_b_121f184902 and earlier provides information about which jobs were triggered or scheduled for polling through its webhook endpoint, including jobs the user has no permission to access. | |||||
| CVE-2022-41707 | 1 Relatedcode | 1 Messenger | 2025-05-08 | N/A | 6.5 MEDIUM |
| Relatedcode's Messenger version 7bcd20b allows an authenticated external attacker to access sensitive data of any user of the application. This is possible because the application exposes user data to the public. | |||||
| CVE-2025-23212 | 1 Tandoor | 1 Recipes | 2025-05-08 | N/A | 7.7 HIGH |
| Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. The external storage feature allows any user to enumerate the name and content of files on the server. This vulnerability is fixed in 1.5.28. | |||||
| CVE-2017-10299 | 1 Oracle | 1 Agile Product Lifecycle Management | 2025-05-08 | 4.0 MEDIUM | 4.3 MEDIUM |
| Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain Products Suite (subcomponent: Security). Supported versions that are affected are 9.3.5 and 9.3.6. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Agile PLM. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Agile PLM accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N). | |||||
| CVE-2016-5513 | 1 Oracle | 1 Agile Product Lifecycle Management | 2025-05-08 | 4.0 MEDIUM | 4.3 MEDIUM |
| Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote authenticated users to affect confidentiality via vectors related to File Manager. | |||||
| CVE-2016-5510 | 1 Oracle | 1 Agile Product Lifecycle Management | 2025-05-08 | 5.0 MEDIUM | 5.3 MEDIUM |
| Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote attackers to affect confidentiality via unknown vectors. | |||||
| CVE-2016-5522 | 1 Oracle | 1 Agile Product Lifecycle Management | 2025-05-08 | 4.0 MEDIUM | 4.3 MEDIUM |
| Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote authenticated users to affect confidentiality via unknown vectors. | |||||
| CVE-2017-10093 | 1 Oracle | 1 Agile Product Lifecycle Management | 2025-05-08 | 5.0 MEDIUM | 5.3 MEDIUM |
| Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain Products Suite (subcomponent: Security). Supported versions that are affected are 9.3.5 and 9.3.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Agile PLM. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Agile PLM accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N). | |||||
| CVE-2016-5524 | 1 Oracle | 1 Agile Product Lifecycle Management | 2025-05-08 | 5.0 MEDIUM | 5.3 MEDIUM |
| Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote attackers to affect confidentiality via unknown vectors, a different vulnerability than CVE-2016-5527. | |||||
| CVE-2022-43890 | 1 Ibm | 1 Security Verify Privilege On-premises | 2025-05-08 | N/A | 5.3 MEDIUM |
| IBM Security Verify Privilege On-Premises 11.5 could disclose sensitive information through an HTTP request that could aid an attacker in further attacks against the system. IBM X-Force ID: 240453. | |||||
| CVE-2024-21064 | 1 Oracle | 1 Business Intelligence | 2025-05-08 | N/A | 5.4 MEDIUM |
| Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Web Answers). Supported versions that are affected are 7.0.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Business Intelligence Enterprise Edition, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N). | |||||
| CVE-2024-24309 | 1 Ecomiz | 1 Survey Tma | 2025-05-08 | N/A | 7.5 HIGH |
| In the module "Survey TMA" (ecomiz_survey_tma) up to version 2.0.0 from Ecomiz for PrestaShop, a guest can download personal information without restriction. | |||||
| CVE-2025-31174 | 1 Huawei | 1 Harmonyos | 2025-05-07 | N/A | 6.8 MEDIUM |
| Path traversal vulnerability in the DFS module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2025-4271 | 1 Totolink | 2 A720r, A720r Firmware | 2025-05-07 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability was found in TOTOLINK A720R 4.1.5cu.374. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument topicurl with the input showSyslog leads to information disclosure. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-4270 | 1 Totolink | 2 A720r, A720r Firmware | 2025-05-07 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability was found in TOTOLINK A720R 4.1.5cu.374. It has been classified as problematic. Affected is an unknown function of the file /cgi-bin/cstecgi.cgi of the component Config Handler. The manipulation of the argument topicurl with the input getInitCfg/getSysStatusCfg leads to information disclosure. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-0472 | 1 Sigb | 1 Pmb | 2025-05-07 | N/A | 7.5 HIGH |
| Information exposure in the PMB platform affecting versions 4.2.13 and earlier. This vulnerability allows an attacker to upload a file to the environment and enumerate the internal files of a machine by looking at the request response. | |||||
| CVE-2020-10195 | 1 Sygnoos | 1 Popup Builder | 2025-05-07 | 6.5 MEDIUM | 6.3 MEDIUM |
| The popup-builder plugin before 3.64.1 for WordPress allows information disclosure and settings modification, leading to in-scope privilege escalation via admin-post actions to com/classes/Actions.php. By sending a POST request to wp-admin/admin-post.php, an authenticated attacker with minimal (subscriber-level) permissions can modify the plugin's settings to allow arbitrary roles (including subscribers) access to plugin functionality by setting the action parameter to sgpbSaveSettings, export a list of current newsletter subscribers by setting the action parameter to csv_file, or obtain system configuration information including webserver configuration and a list of installed plugins by setting the action parameter to sgpb_system_info. | |||||