Total
13 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-32388 | 1 Kerlink | 1 Keros | 2025-12-23 | N/A | 5.3 MEDIUM |
| Due to a firewall misconfiguration, Kerlink devices running KerOS prior to 5.12 incorrectly accept specially crafted UDP packets. This allows an attacker to bypass the firewall and access UDP-based services that would otherwise be protected. | |||||
| CVE-2025-67745 | 2025-12-19 | N/A | 7.1 HIGH | ||
| MyHoard is a daemon for creating, managing and restoring MySQL backups. Starting in version 1.0.1 and prior to version 1.3.0, in some cases, myhoard logs the whole backup info, including the encryption key. Version 1.3.0 fixes the issue. As a workaround, direct logs into /dev/null. | |||||
| CVE-2025-0502 | 4 Apple, Craftercms, Linux and 1 more | 4 Macos, Craftercms, Linux Kernel and 1 more | 2025-12-15 | N/A | 9.1 CRITICAL |
| Transmission of Private Resources into a New Sphere ('Resource Leak') vulnerability in CrafterCMS Engine on Linux, MacOS, x86, Windows, 64 bit, ARM allows Directory Indexing, Resource Leak Exposure.This issue affects CrafterCMS: from 4.0.0 before 4.0.8, from 4.1.0 before 4.1.6. | |||||
| CVE-2025-66422 | 1 Tryton | 1 Trytond | 2025-12-04 | N/A | 4.3 MEDIUM |
| Tryton trytond before 7.6.11 allows remote attackers to obtain sensitive trace-back (server setup) information. This is fixed in 7.6.11, 7.4.21, 7.0.40, and 6.0.70. | |||||
| CVE-2025-55014 | 2025-11-04 | N/A | 4.7 MEDIUM | ||
| The YouDao plugin for StarDict, as used in stardict 3.0.7+git20220909+dfsg-6 in Debian trixie and elsewhere, sends an X11 selection to the dict.youdao.com and dict.cn servers via cleartext HTTP. | |||||
| CVE-2025-52925 | 2025-07-03 | N/A | 5.0 MEDIUM | ||
| In One Identity OneLogin Active Directory Connector before 6.1.5, encryption of the DirectoryToken was mishandled, aka ST-812. | |||||
| CVE-2025-49618 | 2025-07-03 | N/A | 5.8 MEDIUM | ||
| In Plesk Obsidian 18.0.69, unauthenticated requests to /login_up.php can reveal an AWS accessKeyId, secretAccessKey, region, and endpoint. | |||||
| CVE-2025-48383 | 2025-05-28 | N/A | 8.2 HIGH | ||
| Django-Select2 is a Django integration for Select2. Prior to version 8.4.1, instances of HeavySelect2Mixin subclasses like the ModelSelect2MultipleWidget and ModelSelect2Widget can leak secret access tokens across requests. This can allow users to access restricted query sets and restricted data. This issue has been patched in version 8.4.1. | |||||
| CVE-2024-29900 | 1 Openjsf | 1 Packager | 2025-05-07 | N/A | 7.5 HIGH |
| Electron Packager bundles Electron-based application source code with a renamed Electron executable and supporting files into folders ready for distribution. A random segment of ~1-10kb of Node.js heap memory allocated either side of a known buffer will be leaked into the final executable. This memory _could_ contain sensitive information such as environment variables, secrets files, etc. This issue is patched in 18.3.1. | |||||
| CVE-2025-29925 | 1 Xwiki | 1 Xwiki | 2025-04-30 | N/A | 5.3 MEDIUM |
| XWiki Platform is a generic wiki platform. Prior to 15.10.14, 16.4.6, and 16.10.0-rc-1, protected pages are listed when requesting the REST endpoints /rest/wikis/[wikiName]/pages even if the user doesn't have view rights on them. It's particularly true if the entire wiki is protected with "Prevent unregistered user to view pages": the endpoint would still list the pages of the wiki, though only for the main wiki. The problem has been patched in XWiki 15.10.14, 16.4.6, 16.10.0RC1. In those versions the endpoint can still be requested but the result is filtered out based on pages rights. | |||||
| CVE-2025-32360 | 1 Zammad | 1 Zammad | 2025-04-15 | N/A | 4.2 MEDIUM |
| In Zammad 6.4.x before 6.4.2, there is information exposure. Only agents should be able to see and work on shared article drafts. However, a logged in customer was able to see details about shared drafts for their customer tickets in the browser console, which may contain confidential information, and also to manipulate them via API. | |||||
| CVE-2024-47146 | 1 Ruijienetworks | 1 Reyee Os | 2024-12-10 | N/A | 6.5 MEDIUM |
| Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could allow an attacker to obtain the devices serial number if physically adjacent and sniffing the RAW WIFI signal. | |||||
| CVE-2023-38509 | 1 Xwiki | 1 Xwiki | 2024-11-21 | N/A | 4.3 MEDIUM |
| XWiki Platform is a generic wiki platform. In org.xwiki.platform:xwiki-platform-livetable-ui starting with version 3.5-milestone-1 and prior to versions 14.10.9 and 15.3-rc-1, the mail obfuscation configuration was not fully taken into account and is was still possible by obfuscated emails. This has been patched in XWiki 14.10.9 and XWiki 15.3-rc-1. A workaround is to modify the page `XWiki.LiveTableResultsMacros` following the patch. | |||||