Total
157 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-43227 | 1 Apple | 7 Ipados, Iphone Os, Macos and 4 more | 2026-04-02 | N/A | 7.5 HIGH |
| This issue was addressed through improved state management. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing maliciously crafted web content may disclose sensitive user information. | |||||
| CVE-2025-43217 | 1 Apple | 2 Ipados, Iphone Os | 2026-04-02 | N/A | 4.0 MEDIUM |
| The issue was addressed by adding additional logic. This issue is fixed in iOS 18.6 and iPadOS 18.6, iPadOS 17.7.9. Privacy Indicators for microphone or camera access may not be correctly displayed. | |||||
| CVE-2024-40796 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2026-04-02 | N/A | 5.3 MEDIUM |
| A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, macOS Monterey 12.7.6, macOS Sonoma 14.6, macOS Ventura 13.6.8. Private browsing may leak some browsing history. | |||||
| CVE-2024-27881 | 1 Apple | 1 Macos | 2026-04-02 | N/A | 5.3 MEDIUM |
| A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Monterey 12.7.6, macOS Sonoma 14.6, macOS Ventura 13.6.8. An app may be able to access information about a user’s contacts. | |||||
| CVE-2024-27850 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2026-04-02 | N/A | 6.5 MEDIUM |
| This issue was addressed with improvements to the noise injection algorithm. This issue is fixed in Safari 17.5, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, visionOS 1.2. A maliciously crafted webpage may be able to fingerprint the user. | |||||
| CVE-2024-23211 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2026-04-02 | N/A | 3.3 LOW |
| A privacy issue was addressed with improved handling of user preferences. This issue is fixed in Safari 17.3, iOS 16.7.5 and iPadOS 16.7.5, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, watchOS 10.3. A user's private browsing activity may be visible in Settings. | |||||
| CVE-2026-34226 | 1 Capricorn86 | 1 Happy Dom | 2026-04-01 | N/A | 7.5 HIGH |
| Happy DOM is a JavaScript implementation of a web browser without its graphical user interface. Versions prior to 20.8.9 may attach cookies from the current page origin (`window.location`) instead of the request target URL when `fetch(..., { credentials: "include" })` is used. This can leak cookies from origin A to destination B. Version 20.8.9 fixes the issue. | |||||
| CVE-2025-10450 | 1 Rti | 1 Connext Professional | 2026-04-01 | N/A | 7.5 HIGH |
| Exposure of Private Personal Information to an Unauthorized Actor vulnerability in RTI Connext Professional (Core Libraries) allows Sniffing Network Traffic.This issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.2.0 before 7.3.1. | |||||
| CVE-2025-66605 | 1 Yokogawa | 1 Fast\/tools | 2026-03-05 | N/A | 5.3 MEDIUM |
| A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. Since there are input fields on this webpage with the autocomplete attribute enabled, the input content could be saved in the browser the user is using. The affected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to R10.04 | |||||
| CVE-2026-0102 | 1 Microsoft | 1 Edge Chromium | 2026-02-19 | N/A | 3.1 LOW |
| Under specific conditions, a malicious webpage may trigger autofill population after two consecutive taps, potentially without clear or intentional user consent. This could result in disclosure of stored autofill data such as addresses, email, or phone number metadata. | |||||
| CVE-2020-37173 | 1 Wwbn | 1 Avideo | 2026-02-18 | N/A | 7.5 HIGH |
| AVideo Platform 8.1 contains an information disclosure vulnerability that allows attackers to enumerate user details through the playlistsFromUser.json.php endpoint. Attackers can retrieve sensitive user information including email, password hash, and administrative status by manipulating the users_id parameter. | |||||
| CVE-2026-24321 | 1 Sap | 1 Commerce Cloud | 2026-02-17 | N/A | 5.3 MEDIUM |
| SAP Commerce Cloud exposes multiple API endpoints to unauthenticated users, allowing them to submit requests to these open endpoints to retrieve sensitive information that is not intended to be publicly accessible via the front-end. This vulnerability has a low impact on confidentiality and does not affect integrity and availability. | |||||
| CVE-2026-24735 | 1 Apache | 1 Answer | 2026-02-06 | N/A | 7.5 HIGH |
| Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Apache Answer. This issue affects Apache Answer: through 1.7.1. An unauthenticated API endpoint incorrectly exposes full revision history for deleted content. This allows unauthorized user to retrieve restricted or sensitive information. Users are recommended to upgrade to version 2.0.0, which fixes the issue. | |||||
| CVE-2025-59843 | 1 Flagforge | 1 Flagforge | 2026-01-29 | N/A | 5.3 MEDIUM |
| Flag Forge is a Capture The Flag (CTF) platform. From versions 2.0.0 to before 2.3.2, the public endpoint /api/user/[username] returns user email addresses in its JSON response. The fix, intended for release in 2.3.1 but only available starting in version 2.3.2, removes email addresses from public API responses while keeping the endpoint publicly accessible. Users should upgrade to version 2.3.2 or later to eliminate exposure. There are no workarounds for this vulnerability. | |||||
| CVE-2025-3950 | 1 Gitlab | 1 Gitlab | 2026-01-21 | N/A | 3.5 LOW |
| GitLab has remediated an issue in GitLab CE/EE affecting all versions from 10.3 before 18.5.5, 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed a user to leak certain information by referencing specially crafted images that bypass asset proxy protection. | |||||
| CVE-2025-1030 | 1 Utarit | 1 Soliclub | 2026-01-16 | N/A | 7.5 HIGH |
| Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Utarit Informatics Services Inc. SoliClub allows Query System for Information.This issue affects SoliClub: from 5.2.4 before 5.3.7. | |||||
| CVE-2026-20834 | 1 Microsoft | 14 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 11 more | 2026-01-15 | N/A | 4.6 MEDIUM |
| Absolute path traversal in Windows Shell allows an unauthorized attacker to perform spoofing with a physical attack. | |||||
| CVE-2025-68945 | 1 Gitea | 1 Gitea | 2025-12-31 | N/A | 5.8 MEDIUM |
| In Gitea before 1.21.2, an anonymous user can visit a private user's project. | |||||
| CVE-2025-34441 | 1 Wwbn | 1 Avideo | 2025-12-19 | N/A | 7.5 HIGH |
| AVideo versions prior to 20.1 expose sensitive user information through an unauthenticated public API endpoint. Responses include emails, usernames, administrative status, and last login times, enabling user enumeration and privacy violations. | |||||
| CVE-2025-43439 | 1 Apple | 2 Ipados, Iphone Os | 2025-12-17 | N/A | 5.5 MEDIUM |
| A privacy issue was addressed by removing sensitive data. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, visionOS 26.1. An app may be able to fingerprint the user. | |||||