Vulnerabilities (CVE)

Filtered by CWE-200
Total 8015 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2025-32986 1 Netscout 1 Ngeniusone 2025-05-27 N/A 7.5 HIGH
NETSCOUT nGeniusONE before 6.4.0 b2350 has a Sensitive File Accessible Without Proper Authentication to an endpoint.
CVE-2025-4904 1 Dlink 2 Di-7003g, Di-7003g Firmware 2025-05-27 5.0 MEDIUM 5.3 MEDIUM
A vulnerability has been found in D-Link DI-7003GV2 24.04.18D1 R(68125) and classified as problematic. This vulnerability affects the function sub_41F0FC of the file /H5/webgl.data. The manipulation leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2023-42884 1 Apple 4 Ipados, Iphone Os, Macos and 1 more 2025-05-27 N/A 5.5 MEDIUM
This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sonoma 14.2, iOS 17.2 and iPadOS 17.2, macOS Ventura 13.6.3, tvOS 17.2, iOS 16.7.3 and iPadOS 16.7.3. An app may be able to disclose kernel memory.
CVE-2022-32849 1 Apple 5 Ipados, Iphone Os, Mac Os X and 2 more 2025-05-27 N/A 5.5 MEDIUM
An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. An app may be able to access sensitive user information.
CVE-2024-28339 1 Netgear 6 Cbk40, Cbk40 Firmware, Cbk43 and 3 more 2025-05-27 N/A 5.4 MEDIUM
An information leak in the debuginfo.htm component of Netgear CBR40 2.5.0.28, Netgear CBK40 2.5.0.28, and Netgear CBK43 2.5.0.28 allows attackers to obtain sensitive information without any authentication required.
CVE-2024-28340 1 Netgear 6 Cbk40, Cbk40 Firmware, Cbk43 and 3 more 2025-05-27 N/A 7.5 HIGH
An information leak in the currentsetting.htm component of Netgear CBR40 2.5.0.28, Netgear CBK40 2.5.0.28, and Netgear CBK43 2.5.0.28 allows attackers to obtain sensitive information without any authentication required.
CVE-2025-31207 1 Apple 2 Ipados, Iphone Os 2025-05-27 N/A 7.7 HIGH
A logic issue was addressed with improved checks. This issue is fixed in iOS 18.5 and iPadOS 18.5. An app may be able to enumerate a user's installed apps.
CVE-2025-24142 1 Apple 1 Macos 2025-05-27 N/A 5.5 MEDIUM
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.7.6, macOS Sequoia 15.5, macOS Sonoma 14.7.6. An app may be able to access sensitive user data.
CVE-2025-24144 1 Apple 6 Ipados, Iphone Os, Macos and 3 more 2025-05-27 N/A 5.5 MEDIUM
An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.3, macOS Sonoma 14.7.6, visionOS 2.3, iPadOS 17.7.7, watchOS 11.3, macOS Ventura 13.7.6, iOS 18.3 and iPadOS 18.3, tvOS 18.3. An app may be able to leak sensitive kernel state.
CVE-2025-24155 1 Apple 1 Macos 2025-05-27 N/A 5.5 MEDIUM
The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.3, macOS Ventura 13.7.6, macOS Sonoma 14.7.6. An app may be able to disclose kernel memory.
CVE-2025-24220 1 Apple 2 Ipados, Iphone Os 2025-05-27 N/A 5.5 MEDIUM
A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 18.4 and iPadOS 18.4. An app may be able to read a persistent device identifier.
CVE-2024-13568 1 Wpmanageninja 1 Fluent Support 2025-05-26 N/A 7.5 HIGH
The Fluent Support – Helpdesk & Customer Support Ticket System plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.8.5 via the 'fluent-support' directory. This makes it possible for unauthenticated attackers to extract sensitive data stored insecurely in the /wp-content/uploads/fluent-support directory which can contain file attachments included in support tickets.
CVE-2024-13611 1 Wordplus 1 Better Messages 2025-05-26 N/A 7.5 HIGH
The Better Messages – Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.9 via the 'bp-better-messages' directory. This makes it possible for unauthenticated attackers to extract sensitive data stored insecurely in the /wp-content/uploads/bp-better-messages directory which can contain file attachments included in chat messages.
CVE-2016-3674 4 Debian, Fedoraproject, Redhat and 1 more 4 Debian Linux, Fedora, Jboss Middleware and 1 more 2025-05-23 5.0 MEDIUM 7.5 HIGH
Multiple XML external entity (XXE) vulnerabilities in the (1) Dom4JDriver, (2) DomDriver, (3) JDomDriver, (4) JDom2Driver, (5) SjsxpDriver, (6) StandardStaxDriver, and (7) WstxDriver drivers in XStream before 1.4.9 allow remote attackers to read arbitrary files via a crafted XML document.
CVE-2025-5098 2025-05-23 N/A 9.1 CRITICAL
PrinterShare Android application allows the capture of Gmail authentication tokens that can be reused to access a user's Gmail account without proper authorization.
CVE-2022-32818 1 Apple 1 Macos 2025-05-22 N/A 5.5 MEDIUM
The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.5. An app may be able to leak sensitive kernel state.
CVE-2018-10596 1 Medtronic 2 2090 Carelink Programmer, 2090 Carelink Programmer Firmware 2025-05-22 5.2 MEDIUM 7.1 HIGH
Medtronic 2090 CareLink Programmer uses a virtual private network connection to securely download updates. It does not verify it is still connected to this virtual private network before downloading updates. The affected products initially establish an encapsulated IP-based VPN connection to a Medtronic-hosted update network. Once the VPN is established, it makes a request to a HTTP (non-TLS) server across the VPN for updates, which responds and provides any available updates. The programmer-side (client) service responsible for this HTTP request does not check to ensure it is still connected to the VPN before making the HTTP request. Thus, an attacker could cause the VPN connection to terminate (through various methods and attack points) and intercept the HTTP request, responding with malicious updates via a man-in-the-middle attack. The affected products do not verify the origin or integrity of these updates, as it insufficiently relied on the security of the VPN. An attacker with remote network access to the programmer could influence these communications.
CVE-2025-27980 1 Oldmoon 1 Cashbook 2025-05-22 N/A 6.5 MEDIUM
cashbook v4.0.3 has an arbitrary file read vulnerability in /api/entry/flow/invoice/show?invoice=.
CVE-2024-45805 1 Citeum 1 Opencti 2025-05-22 N/A 4.3 MEDIUM
OpenCTI is an open-source cyber threat intelligence platform. Before 6.3.0, general users can access information that can only be accessed by users with access privileges to admin and support information (SETTINGS_SUPPORT). This is due to inadequate access control for support information (http://<opencti_domain>/storage/get/support/UUID/UUID.zip), and that the UUID is available to general users using an attached query (logs query). This vulnerability is fixed in 6.3.0.
CVE-2022-32825 1 Apple 5 Ipados, Iphone Os, Macos and 2 more 2025-05-22 N/A 5.5 MEDIUM
The issue was addressed with improved memory handling. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5. An app may be able to disclose kernel memory.