Total
8074 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-0020 | 1 Google | 1 Android | 2025-03-19 | N/A | 5.5 MEDIUM |
| In onActivityResult of NotificationSoundPreference.java, there is a possible way to hear audio files belonging to a different user due to a confused deputy. This could lead to local information disclosure across users of a device with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-44163 | 1 Apple | 1 Macos | 2025-03-18 | N/A | 5.5 MEDIUM |
| The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. A malicious application may be able to access private information. | |||||
| CVE-2024-39817 | 1 Cybozu | 1 Office | 2025-03-18 | N/A | 6.5 MEDIUM |
| Insertion of sensitive information into sent data issue exists in Cybozu Office 10.0.0 to 10.8.6, which may allow a user who can login to the product to view data that the user does not have access by conducting 'search' under certain conditions in Custom App. | |||||
| CVE-2024-34897 | 2025-03-18 | N/A | 7.5 HIGH | ||
| Nedis SmartLife android app v1.4.0 was discovered to contain an API key disclosure vulnerability. | |||||
| CVE-2024-42006 | 1 Keyfactor | 1 Aws Orchestrator | 2025-03-18 | N/A | 7.5 HIGH |
| Keyfactor AWS Orchestrator through 2.0 allows Information Disclosure. | |||||
| CVE-2024-40842 | 1 Apple | 1 Macos | 2025-03-18 | N/A | 5.5 MEDIUM |
| An issue was addressed with improved validation of environment variables. This issue is fixed in macOS Sequoia 15. An app may be able to access user-sensitive data. | |||||
| CVE-2025-22918 | 2025-03-18 | N/A | 7.5 HIGH | ||
| Polycom RealPresence Group 500 <=20 has Insecure Permissions due to automatically loaded cookies. This allows for the use of administrator functions, resulting in the leakage of sensitive user information. | |||||
| CVE-2024-51163 | 2025-03-18 | N/A | 7.5 HIGH | ||
| A Local File Inclusion vulnerability in Vegam Solutions Vegam 4i versions 6.3.47.0 and earlier allows a remote attacker to obtain sensitive information through the print label function. Specifically, the filePathList parameter is susceptible to LFI, enabling a malicious user to include files from the web server, such as web.config or /etc/host, leading to the disclosure of sensitive information. | |||||
| CVE-2024-44186 | 1 Apple | 1 Macos | 2025-03-18 | N/A | 5.5 MEDIUM |
| An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sequoia 15. An app may be able to access protected user data. | |||||
| CVE-2024-44129 | 1 Apple | 1 Macos | 2025-03-18 | N/A | 5.5 MEDIUM |
| The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7, macOS Sequoia 15. An app may be able to leak sensitive user information. | |||||
| CVE-2024-26312 | 1 Archerirm | 1 Archer | 2025-03-18 | N/A | 4.3 MEDIUM |
| Archer Platform 6 before 2024.03 contains a sensitive information disclosure vulnerability. An authenticated attacker could potentially obtain access to sensitive information via a popup warning message. | |||||
| CVE-2024-3596 | 3 Broadcom, Freeradius, Sonicwall | 4 Brocade Sannav, Fabric Operating System, Freeradius and 1 more | 2025-03-18 | N/A | 9.0 CRITICAL |
| RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature. | |||||
| CVE-2022-32933 | 1 Apple | 1 Macos | 2025-03-18 | N/A | 5.3 MEDIUM |
| An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed in macOS Monterey 12.5. A website may be able to track the websites a user visited in Safari private browsing mode. | |||||
| CVE-2024-31816 | 1 Totolink | 2 Ex200, Ex200 Firmware | 2025-03-18 | N/A | 7.5 HIGH |
| In TOTOLINK EX200 V4.0.3c.7646_B20201211, an attacker can obtain sensitive information without authorization through the function getEasyWizardCfg. | |||||
| CVE-2025-29781 | 2025-03-18 | N/A | 6.5 MEDIUM | ||
| The Bare Metal Operator (BMO) implements a Kubernetes API for managing bare metal hosts in Metal3. Baremetal Operator enables users to load Secret from arbitrary namespaces upon deployment of the namespace scoped Custom Resource `BMCEventSubscription`. Prior to versions 0.8.1 and 0.9.1, an adversary Kubernetes account with only namespace level roles (e.g. a tenant controlling a namespace) may create a `BMCEventSubscription` in his authorized namespace and then load Secrets from his unauthorized namespaces to his authorized namespace via the Baremetal Operator, causing Secret Leakage. The patch makes BMO refuse to read Secrets from other namespace than where the corresponding BMH resource is. The patch does not change the `BMCEventSubscription` API in BMO, but stricter validation will fail the request at admission time. It will also prevent the controller reading such Secrets, in case the BMCES CR has already been deployed. The issue exists for all versions of BMO, and is patched in BMO releases v0.9.1 and v0.8.1. Prior upgrading to patched BMO version, duplicate any existing Secret pointed to by `BMCEventSubscription`'s `httpHeadersRef` to the same namespace where the corresponding BMH exists. After upgrade, remove the old Secrets. As a workaround, the operator can configure BMO RBAC to be namespace scoped, instead of cluster scoped, to prevent BMO from accessing Secrets from other namespaces, and/or use `WATCH_NAMESPACE` configuration option to limit BMO to single namespace. | |||||
| CVE-2024-48125 | 2025-03-18 | N/A | 7.5 HIGH | ||
| An issue in the AsDB service of HI-SCAN 6040i Hitrax HX-03-19-I allows attackers to enumerate user credentials via crafted GIOP protocol requests. | |||||
| CVE-2023-51787 | 2025-03-18 | N/A | 7.5 HIGH | ||
| An issue was discovered in Wind River VxWorks 7 22.09 and 23.03. If a VxWorks task or POSIX thread that uses OpenSSL exits, limited per-task memory is not freed, resulting in a memory leak. | |||||
| CVE-2025-24174 | 1 Apple | 1 Macos | 2025-03-18 | N/A | 7.7 HIGH |
| The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.3, macOS Sequoia 15.3, macOS Sonoma 14.7.3. An app may be able to bypass Privacy preferences. | |||||
| CVE-2024-42508 | 1 Hp | 1 Oneview | 2025-03-17 | N/A | 5.5 MEDIUM |
| This vulnerability could be exploited, leading to unauthorized disclosure of information to authenticated users. | |||||
| CVE-2025-22960 | 2025-03-17 | N/A | 8.0 HIGH | ||
| A session hijacking vulnerability exists in the web-based management interface of GatesAir Maxiva UAXT, VAXT transmitters. Unauthenticated attackers can access exposed log files (/logs/debug/xteLog*), potentially revealing sensitive session-related information such as session IDs (sess_id) and authentication success tokens (user_check_password OK). Exploiting this flaw could allow attackers to hijack active sessions, gain unauthorized access, and escalate privileges on affected devices. | |||||