Total
8074 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-42948 | 1 Apple | 1 Macos | 2025-03-17 | N/A | 3.3 LOW |
| This issue was addressed through improved state management. This issue is fixed in macOS Sonoma 14. A Wi-Fi password may not be deleted when activating a Mac in macOS Recovery. | |||||
| CVE-2024-47197 | 1 Apache | 1 Maven Archetype | 2025-03-17 | N/A | 7.5 HIGH |
| Exposure of Sensitive Information to an Unauthorized Actor, Insecure Storage of Sensitive Information vulnerability in Maven Archetype Plugin. This issue affects Maven Archetype Plugin: from 3.2.1 before 3.3.0. Users are recommended to upgrade to version 3.3.0, which fixes the issue. Archetype integration testing creates a file called ./target/classes/archetype-it/archetype-settings.xml This file contains all the content from the users ~/.m2/settings.xml file, which often contains information they do not want to publish. We expect that on many developer machines, this also contains credentials. When the user runs mvn verify again (without a mvn clean), this file becomes part of the final artifact. If a developer were to publish this into Maven Central or any other remote repository (whether as a release or a snapshot) their credentials would be published without them knowing. | |||||
| CVE-2024-40863 | 1 Apple | 2 Ipados, Iphone Os | 2025-03-17 | N/A | 5.5 MEDIUM |
| This issue was addressed with improved data protection. This issue is fixed in iOS 18 and iPadOS 18. An app may be able to leak sensitive user information. | |||||
| CVE-2024-44182 | 1 Apple | 1 Macos | 2025-03-17 | N/A | 5.5 MEDIUM |
| This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to access sensitive data logged when a shortcut fails to launch another app. | |||||
| CVE-2024-2931 | 1 Wpfront | 1 Wpfront User Role Editor | 2025-03-17 | N/A | 4.3 MEDIUM |
| The WPFront User Role Editor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.2.1.11184 via the wpfront_user_role_editor_assign_roles_user_autocomplete AJAX action. This makes it possible for authenticated attackers, with subscriber-level access and above, to extract retrieve a list of all user email addresses who are registered on the site. | |||||
| CVE-2024-21685 | 1 Atlassian | 2 Jira Data Center, Jira Server | 2025-03-17 | N/A | 6.5 MEDIUM |
| This High severity Information Disclosure vulnerability was introduced in versions 9.4.0, 9.12.0, and 9.15.0 of Jira Core Data Center. This Information Disclosure vulnerability, with a CVSS Score of 7.4, allows an unauthenticated attacker to view sensitive information via an Information Disclosure vulnerability which has high impact to confidentiality, no impact to integrity, no impact to availability, and requires user interaction. Atlassian recommends that Jira Core Data Center customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions: Jira Core Data Center 9.4: Upgrade to a release greater than or equal to 9.4.21 Jira Core Data Center 9.12: Upgrade to a release greater than or equal to 9.12.8 Jira Core Data Center 9.16: Upgrade to a release greater than or equal to 9.16.0 See the release notes. You can download the latest version of Jira Core Data Center from the download center. This vulnerability was found internally. | |||||
| CVE-2024-57954 | 1 Huawei | 1 Harmonyos | 2025-03-17 | N/A | 6.2 MEDIUM |
| Permission verification vulnerability in the media library module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2024-57955 | 1 Huawei | 1 Harmonyos | 2025-03-17 | N/A | 6.1 MEDIUM |
| Arbitrary write vulnerability in the Gallery module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2020-29010 | 2025-03-17 | N/A | 5.0 MEDIUM | ||
| An exposure of sensitive information to an unauthorized actor vulnerability in FortiOS version 6.2.4 and below, version 6.0.10 and belowmay allow remote authenticated actors to read the SSL VPN events log entries of users in other VDOMs by executing "get vpn ssl monitor" from the CLI. The sensitive data includes usernames, user groups, and IP address. | |||||
| CVE-2024-13622 | 1 Imaginate-solutions | 1 File Uploads Addon For Woocommerce | 2025-03-17 | N/A | 7.5 HIGH |
| The File Uploads Addon for WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.7.1 via the 'uploads' directory. This makes it possible for unauthenticated attackers to extract sensitive data stored insecurely in the /wp-content/uploads directory which can contain file attachments uploaded by customers. | |||||
| CVE-2025-2348 | 2025-03-16 | 3.3 LOW | 4.3 MEDIUM | ||
| A vulnerability was found in IROAD Dash Cam FX2 up to 20250308. It has been classified as problematic. Affected is an unknown function of the file /mnt/extsd/event/ of the component HTTP/RTSP. The manipulation leads to information disclosure. The attack needs to be initiated within the local network. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-55272 | 2025-03-15 | N/A | 7.5 HIGH | ||
| An issue in Brainasoft Braina v2.8 allows a remote attacker to obtain sensitive information via the chat window function. | |||||
| CVE-2018-9384 | 2025-03-15 | N/A | 4.4 MEDIUM | ||
| In multiple locations, there is a possible way to bypass KASLR due to an unusual root cause. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-48957 | 1 Purevpn | 1 Purevpn | 2025-03-14 | N/A | 5.3 MEDIUM |
| PureVPN Linux client 2.0.2-Productions fails to properly handle DNS queries, allowing them to bypass the VPN tunnel and be sent directly to the ISP or default DNS servers. | |||||
| CVE-2024-39676 | 1 Apache | 1 Pinot | 2025-03-14 | N/A | 7.5 HIGH |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Pinot. This issue affects Apache Pinot: from 0.1 before 1.0.0. Users are recommended to upgrade to version 1.0.0 and configure RBAC, which fixes the issue. Details: When using a request to path “/appconfigs” to the controller, it can lead to the disclosure of sensitive information such as system information (e.g. arch, os version), environment information (e.g. maxHeapSize) and Pinot configurations (e.g. zookeeper path). This issue was addressed by the Role-based Access Control https://docs.pinot.apache.org/operators/tutorials/authentication/basic-auth-access-control , so that /appConfigs` and all other APIs can be access controlled. Only authorized users have access to it. Note the user needs to add the admin role accordingly to the RBAC guide to control access to this endpoint, and in the future version of Pinot, a default admin role is planned to be added. | |||||
| CVE-2024-44184 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2025-03-14 | N/A | 5.5 MEDIUM |
| A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Ventura 13.7, iOS 17.7 and iPadOS 17.7, iOS 18 and iPadOS 18, macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to access user-sensitive data. | |||||
| CVE-2024-42222 | 1 Apache | 1 Cloudstack | 2025-03-14 | N/A | 4.3 MEDIUM |
| In Apache CloudStack 4.19.1.0, a regression in the network listing API allows unauthorised list access of network details for domain admin and normal user accounts. This vulnerability compromises tenant isolation, potentially leading to unauthorised access to network details, configurations and data. Affected users are advised to upgrade to version 4.19.1.1 to address this issue. Users on older versions of CloudStack considering to upgrade, can skip 4.19.1.0 and upgrade directly to 4.19.1.1. | |||||
| CVE-2024-40793 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2025-03-14 | N/A | 5.5 MEDIUM |
| This issue was addressed by removing the vulnerable code. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, macOS Ventura 13.6.8, macOS Monterey 12.7.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, macOS Sonoma 14.6. An app may be able to access user-sensitive data. | |||||
| CVE-2024-27806 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2025-03-14 | N/A | 5.5 MEDIUM |
| This issue was addressed with improved environment sanitization. This issue is fixed in macOS Ventura 13.6.7, macOS Monterey 12.7.5, iOS 16.7.8 and iPadOS 16.7.8, tvOS 17.5, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. An app may be able to access sensitive user data. | |||||
| CVE-2024-54463 | 1 Apple | 1 Macos | 2025-03-14 | N/A | 5.5 MEDIUM |
| This issue was addressed with improved entitlements. This issue is fixed in macOS Sequoia 15. An app may be able to access removable volumes without user consent. | |||||