Total
8015 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2025-32986 | 1 Netscout | 1 Ngeniusone | 2025-05-27 | N/A | 7.5 HIGH |
NETSCOUT nGeniusONE before 6.4.0 b2350 has a Sensitive File Accessible Without Proper Authentication to an endpoint. | |||||
CVE-2025-4904 | 1 Dlink | 2 Di-7003g, Di-7003g Firmware | 2025-05-27 | 5.0 MEDIUM | 5.3 MEDIUM |
A vulnerability has been found in D-Link DI-7003GV2 24.04.18D1 R(68125) and classified as problematic. This vulnerability affects the function sub_41F0FC of the file /H5/webgl.data. The manipulation leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
CVE-2023-42884 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2025-05-27 | N/A | 5.5 MEDIUM |
This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sonoma 14.2, iOS 17.2 and iPadOS 17.2, macOS Ventura 13.6.3, tvOS 17.2, iOS 16.7.3 and iPadOS 16.7.3. An app may be able to disclose kernel memory. | |||||
CVE-2022-32849 | 1 Apple | 5 Ipados, Iphone Os, Mac Os X and 2 more | 2025-05-27 | N/A | 5.5 MEDIUM |
An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. An app may be able to access sensitive user information. | |||||
CVE-2024-28339 | 1 Netgear | 6 Cbk40, Cbk40 Firmware, Cbk43 and 3 more | 2025-05-27 | N/A | 5.4 MEDIUM |
An information leak in the debuginfo.htm component of Netgear CBR40 2.5.0.28, Netgear CBK40 2.5.0.28, and Netgear CBK43 2.5.0.28 allows attackers to obtain sensitive information without any authentication required. | |||||
CVE-2024-28340 | 1 Netgear | 6 Cbk40, Cbk40 Firmware, Cbk43 and 3 more | 2025-05-27 | N/A | 7.5 HIGH |
An information leak in the currentsetting.htm component of Netgear CBR40 2.5.0.28, Netgear CBK40 2.5.0.28, and Netgear CBK43 2.5.0.28 allows attackers to obtain sensitive information without any authentication required. | |||||
CVE-2025-31207 | 1 Apple | 2 Ipados, Iphone Os | 2025-05-27 | N/A | 7.7 HIGH |
A logic issue was addressed with improved checks. This issue is fixed in iOS 18.5 and iPadOS 18.5. An app may be able to enumerate a user's installed apps. | |||||
CVE-2025-24142 | 1 Apple | 1 Macos | 2025-05-27 | N/A | 5.5 MEDIUM |
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.7.6, macOS Sequoia 15.5, macOS Sonoma 14.7.6. An app may be able to access sensitive user data. | |||||
CVE-2025-24144 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2025-05-27 | N/A | 5.5 MEDIUM |
An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.3, macOS Sonoma 14.7.6, visionOS 2.3, iPadOS 17.7.7, watchOS 11.3, macOS Ventura 13.7.6, iOS 18.3 and iPadOS 18.3, tvOS 18.3. An app may be able to leak sensitive kernel state. | |||||
CVE-2025-24155 | 1 Apple | 1 Macos | 2025-05-27 | N/A | 5.5 MEDIUM |
The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.3, macOS Ventura 13.7.6, macOS Sonoma 14.7.6. An app may be able to disclose kernel memory. | |||||
CVE-2025-24220 | 1 Apple | 2 Ipados, Iphone Os | 2025-05-27 | N/A | 5.5 MEDIUM |
A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 18.4 and iPadOS 18.4. An app may be able to read a persistent device identifier. | |||||
CVE-2024-13568 | 1 Wpmanageninja | 1 Fluent Support | 2025-05-26 | N/A | 7.5 HIGH |
The Fluent Support – Helpdesk & Customer Support Ticket System plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.8.5 via the 'fluent-support' directory. This makes it possible for unauthenticated attackers to extract sensitive data stored insecurely in the /wp-content/uploads/fluent-support directory which can contain file attachments included in support tickets. | |||||
CVE-2024-13611 | 1 Wordplus | 1 Better Messages | 2025-05-26 | N/A | 7.5 HIGH |
The Better Messages – Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.9 via the 'bp-better-messages' directory. This makes it possible for unauthenticated attackers to extract sensitive data stored insecurely in the /wp-content/uploads/bp-better-messages directory which can contain file attachments included in chat messages. | |||||
CVE-2016-3674 | 4 Debian, Fedoraproject, Redhat and 1 more | 4 Debian Linux, Fedora, Jboss Middleware and 1 more | 2025-05-23 | 5.0 MEDIUM | 7.5 HIGH |
Multiple XML external entity (XXE) vulnerabilities in the (1) Dom4JDriver, (2) DomDriver, (3) JDomDriver, (4) JDom2Driver, (5) SjsxpDriver, (6) StandardStaxDriver, and (7) WstxDriver drivers in XStream before 1.4.9 allow remote attackers to read arbitrary files via a crafted XML document. | |||||
CVE-2025-5098 | 2025-05-23 | N/A | 9.1 CRITICAL | ||
PrinterShare Android application allows the capture of Gmail authentication tokens that can be reused to access a user's Gmail account without proper authorization. | |||||
CVE-2022-32818 | 1 Apple | 1 Macos | 2025-05-22 | N/A | 5.5 MEDIUM |
The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.5. An app may be able to leak sensitive kernel state. | |||||
CVE-2018-10596 | 1 Medtronic | 2 2090 Carelink Programmer, 2090 Carelink Programmer Firmware | 2025-05-22 | 5.2 MEDIUM | 7.1 HIGH |
Medtronic 2090 CareLink Programmer uses a virtual private network connection to securely download updates. It does not verify it is still connected to this virtual private network before downloading updates. The affected products initially establish an encapsulated IP-based VPN connection to a Medtronic-hosted update network. Once the VPN is established, it makes a request to a HTTP (non-TLS) server across the VPN for updates, which responds and provides any available updates. The programmer-side (client) service responsible for this HTTP request does not check to ensure it is still connected to the VPN before making the HTTP request. Thus, an attacker could cause the VPN connection to terminate (through various methods and attack points) and intercept the HTTP request, responding with malicious updates via a man-in-the-middle attack. The affected products do not verify the origin or integrity of these updates, as it insufficiently relied on the security of the VPN. An attacker with remote network access to the programmer could influence these communications. | |||||
CVE-2025-27980 | 1 Oldmoon | 1 Cashbook | 2025-05-22 | N/A | 6.5 MEDIUM |
cashbook v4.0.3 has an arbitrary file read vulnerability in /api/entry/flow/invoice/show?invoice=. | |||||
CVE-2024-45805 | 1 Citeum | 1 Opencti | 2025-05-22 | N/A | 4.3 MEDIUM |
OpenCTI is an open-source cyber threat intelligence platform. Before 6.3.0, general users can access information that can only be accessed by users with access privileges to admin and support information (SETTINGS_SUPPORT). This is due to inadequate access control for support information (http://<opencti_domain>/storage/get/support/UUID/UUID.zip), and that the UUID is available to general users using an attached query (logs query). This vulnerability is fixed in 6.3.0. | |||||
CVE-2022-32825 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2025-05-22 | N/A | 5.5 MEDIUM |
The issue was addressed with improved memory handling. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5. An app may be able to disclose kernel memory. |