Total
668 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-10004 | 1 Json Web Token Project | 1 Json Web Token | 2025-04-11 | N/A | 7.5 HIGH |
| Token validation methods are susceptible to a timing side-channel during HMAC comparison. With a large enough number of requests over a low latency connection, an attacker may use this to determine the expected HMAC. | |||||
| CVE-2022-48198 | 2 Ntpd Driver Project, Openrobotics | 2 Ntpd Driver, Robot Operating System | 2025-04-11 | N/A | 9.8 CRITICAL |
| The ntpd_driver component before 1.3.0 and 2.x before 2.2.0 for Robot Operating System (ROS) allows attackers, who control the source code of a different node in the same ROS application, to change a robot's behavior. This occurs because a topic name depends on the attacker-controlled time_ref_topic parameter. | |||||
| CVE-2013-4480 | 2 Redhat, Suse | 5 Network Satellite, Satellite, Satellite With Embedded Oracle and 2 more | 2025-04-11 | 7.5 HIGH | N/A |
| Red Hat Satellite 5.6 and earlier does not disable the web interface that is used to create the first user for a satellite, which allows remote attackers to create administrator accounts. | |||||
| CVE-2012-1846 | 1 Google | 1 Chrome | 2025-04-11 | 10.0 HIGH | N/A |
| Google Chrome 17.0.963.66 and earlier allows remote attackers to bypass the sandbox protection mechanism by leveraging access to a sandboxed process, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012. NOTE: the primary affected product may be clarified later; it was not identified by the researcher, who reportedly stated "it really doesn't matter if it's third-party code." | |||||
| CVE-2011-1258 | 1 Microsoft | 6 Internet Explorer, Windows 7, Windows Server 2003 and 3 more | 2025-04-11 | 4.3 MEDIUM | N/A |
| Microsoft Internet Explorer 6 through 8 does not properly restrict web script, which allows user-assisted remote attackers to obtain sensitive information from a different (1) domain or (2) zone via vectors involving a drag-and-drop operation, aka "Drag and Drop Information Disclosure Vulnerability." | |||||
| CVE-2011-1960 | 1 Microsoft | 6 Internet Explorer, Windows 7, Windows Server 2003 and 3 more | 2025-04-11 | 4.3 MEDIUM | N/A |
| Microsoft Internet Explorer 6 through 9 does not properly implement JavaScript event handlers, which allows remote attackers to access content from a different (1) domain or (2) zone via unspecified script code, aka "Event Handlers Information Disclosure Vulnerability." | |||||
| CVE-2022-45935 | 1 Apache | 1 James | 2025-04-10 | N/A | 5.5 MEDIUM |
| Usage of temporary files with insecure permissions by the Apache James server allows an attacker with local access to access private user data in transit. Vulnerable components includes the SMTP stack and IMAP APPEND command. This issue affects Apache James server version 3.7.2 and prior versions. | |||||
| CVE-2021-26343 | 1 Amd | 48 Epyc 7003, Epyc 7003 Firmware, Epyc 72f3 and 45 more | 2025-04-09 | N/A | 5.5 MEDIUM |
| Insufficient validation in ASP BIOS and DRTM commands may allow malicious supervisor x86 software to disclose the contents of sensitive memory which may result in information disclosure. | |||||
| CVE-2022-24913 | 1 Java-merge-sort Project | 1 Java-merge-sort | 2025-04-08 | N/A | 5.5 MEDIUM |
| Versions of the package com.fasterxml.util:java-merge-sort before 1.1.0 are vulnerable to Insecure Temporary File in the StdTempFileProvider() function in StdTempFileProvider.java, which uses the permissive File.createTempFile() function, exposing temporary file contents. | |||||
| CVE-2023-32019 | 1 Microsoft | 8 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 5 more | 2025-04-08 | N/A | 4.7 MEDIUM |
| Windows Kernel Information Disclosure Vulnerability | |||||
| CVE-2022-45438 | 1 Apache | 1 Superset | 2025-04-07 | N/A | 5.3 MEDIUM |
| When explicitly enabling the feature flag DASHBOARD_CACHE (disabled by default), the system allowed for an unauthenticated user to access dashboard configuration metadata using a REST API Get endpoint. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0. | |||||
| CVE-2001-0893 | 1 Acme | 1 Mini Httpd | 2025-04-03 | 5.0 MEDIUM | N/A |
| Acme mini_httpd before 1.16 allows remote attackers to view sensitive files under the document root (such as .htpasswd) via a GET request with a trailing /. | |||||
| CVE-2001-0892 | 1 Acme | 1 Thttpd | 2025-04-03 | 5.0 MEDIUM | N/A |
| Acme Thttpd Secure Webserver before 2.22, with the chroot option enabled, allows remote attackers to view sensitive files under the document root (such as .htpasswd) via a GET request with a trailing /. | |||||
| CVE-2004-1489 | 1 Opera | 1 Opera Browser | 2025-04-03 | 2.6 LOW | N/A |
| Opera 7.54 and earlier does not properly limit an applet's access to internal Java packages from Sun, which allows remote attackers to gain sensitive information, such as user names and the installation directory. | |||||
| CVE-2021-41989 | 1 Qlik | 1 Qlikview | 2025-04-01 | N/A | 7.8 HIGH |
| Qlik QlikView through 12.60.20100.0 creates a Temporary File in a Directory with Insecure Permissions. | |||||
| CVE-2021-41988 | 1 Qlik | 1 Nprinting Designer | 2025-04-01 | N/A | 7.8 HIGH |
| Qlik NPrinting Designer through 21.14.3.0 creates a Temporary File in a Directory with Insecure Permissions. | |||||
| CVE-2023-25192 | 1 Ami | 1 Megarac Sp-x | 2025-03-19 | N/A | 5.3 MEDIUM |
| AMI MegaRAC SPX devices allow User Enumeration through Redfish. The fixed versions are SPx12-update-7.00 and SPx13-update-5.00. | |||||
| CVE-2023-26081 | 2 Fedoraproject, Gnome | 2 Fedora, Epiphany | 2025-03-18 | N/A | 7.5 HIGH |
| In Epiphany (aka GNOME Web) through 43.0, untrusted web content can trick users into exfiltrating passwords, because autofill occurs in sandboxed contexts. | |||||
| CVE-2024-40725 | 1 Apache | 1 Http Server | 2025-03-14 | N/A | 5.3 MEDIUM |
| A partial fix for CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some use of the legacy content-type based configuration of handlers. "AddType" and similar configuration, under some circumstances where files are requested indirectly, result in source code disclosure of local content. For example, PHP scripts may be served instead of interpreted. Users are recommended to upgrade to version 2.4.62, which fixes this issue. | |||||
| CVE-2023-0481 | 1 Quarkus | 1 Quarkus | 2025-03-12 | N/A | 3.3 LOW |
| In RestEasy Reactive implementation of Quarkus the insecure File.createTempFile() is used in the FileBodyHandler class which creates temp files with insecure permissions that could be read by a local user. | |||||