Total
328 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-4995 | 2025-10-03 | N/A | 9.8 CRITICAL | ||
| Wapro ERP Desktop is vulnerable to MS SQL protocol downgrade request from a server side, what could lead to an unencrypted communication vulnerable to data interception and modification. This issue affects Wapro ERP Desktop versions before 9.00.0. | |||||
| CVE-2025-34189 | 3 Apple, Linux, Vasion | 4 Macos, Linux Kernel, Virtual Appliance Application and 1 more | 2025-10-02 | N/A | 7.8 HIGH |
| Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 1.0.735 and Application versions prior to 20.0.1330 (macOS/Linux client deployments) contain a vulnerability in the local inter-process communication (IPC) mechanism. The software stores IPC request and response files inside /opt/PrinterInstallerClient/tmp with world-readable and world-writable permissions. Any local user can craft malicious request files that are processed by privileged daemons, leading to unauthorized actions being executed in other user sessions. This breaks user session isolation, potentially allowing local attackers to hijack sessions, perform unintended actions in the context of other users, and impact system integrity and availability. This vulnerability has been identified by the vendor as: V-2022-004 — Client Inter-process Security. | |||||
| CVE-2025-46660 | 1 4cstrategies | 1 Exonaut | 2025-10-01 | N/A | 5.3 MEDIUM |
| An issue was discovered in 4C Strategies Exonaut 21.6. Passwords, stored in the database, are hashed without a salt. | |||||
| CVE-2024-23445 | 1 Elastic | 1 Elasticsearch | 2025-09-26 | N/A | 6.5 MEDIUM |
| It was identified that if a cross-cluster API key https://www.elastic.co/guide/en/elasticsearch/reference/8.14/security-api-create-cross-cluster-api-key.html#security-api-create-cross-cluster-api-key-request-body restricts search for a given index using the query or the field_security parameter, and the same cross-cluster API key also grants replication for the same index, the search restrictions are not enforced during cross cluster search operations and search results may include documents and terms that should not be returned. This issue only affects the API key based security model for remote clusters https://www.elastic.co/guide/en/elasticsearch/reference/8.14/remote-clusters.html#remote-clusters-security-models that was previously a beta feature and is released as GA with 8.14.0 | |||||
| CVE-2025-21041 | 1 Samsung | 1 Android | 2025-09-19 | N/A | 6.2 MEDIUM |
| Insecure Storage of Sensitive Information in Secure Folder prior to Android 16 allows local attackers to access sensitive information. | |||||
| CVE-2024-32211 | 1 Logint | 1 Lomag Warehouse Management | 2025-09-19 | N/A | 5.5 MEDIUM |
| An issue in LOGINT LoMag Inventory Management v1.0.20.120 and before allows a local attacker to obtain sensitive information via the UserClass.cs and Settings.cs components. | |||||
| CVE-2025-43203 | 1 Apple | 2 Ipados, Iphone Os | 2025-09-17 | N/A | 4.0 MEDIUM |
| The issue was addressed with improved handling of caches. This issue is fixed in iOS 18.7 and iPadOS 18.7, iOS 26 and iPadOS 26. An attacker with physical access to an unlocked device may be able to view an image in the most recently viewed locked note. | |||||
| CVE-2025-8699 | 2025-09-16 | N/A | 9.1 CRITICAL | ||
| Some "Stored Value" Unattended Payment Solutions of KioSoft use vulnerable NFC cards. Attackers could potentially use this vulnerability to change the balance on the cards and generate money. The account balance is stored on an insecure MiFare Classic NFC card and can be read and written back. By carefully observing changes in card dumps, one can identify fields that store the cash value of the card. Additionally, a checksum can be identified, which is created by XOR-ing the cash and an unknown field with a certain value. By updating the fields accordingly, arbitrary amounts of money can be loaded onto the card (up to $655,35) to pay for goods. | |||||
| CVE-2024-22808 | 1 Tormach | 2 Pathpilot Controller, Xstech Cnc Router | 2025-09-15 | N/A | 7.5 HIGH |
| An issue in Tormach xsTECH CNC Router, PathPilot Controller v2.9.6 allows attackers to cause a Denial of Service (DoS) by disrupting the communication between the PathPilot controller and the CNC router via overwriting the card's name in the device memory. | |||||
| CVE-2025-54083 | 2025-09-12 | N/A | N/A | ||
| Insecure Storage of Sensitive Information vulnerability in Calix GigaCenter ONT (Quantenna SoC modules) allows admin access to the web interface.This issue affects GigaCenter ONT: 844E, 844G, 844GE, 854GE. | |||||
| CVE-2025-53507 | 2025-08-29 | N/A | 6.5 MEDIUM | ||
| Multiple products provided by iND Co.,Ltd contain an insecure storage of sensitive information vulnerability. If exploited, configuration information, such as admin password, may be disclosed. As for the details of affected product names and versions, refer to the information under [Product Status]. | |||||
| CVE-2025-28171 | 1 Grandstream | 2 Ucm6510, Ucm6510 Firmware | 2025-08-06 | N/A | 6.5 MEDIUM |
| An issue in Grandstream UCM6510 v.1.0.20.52 and before allows a remote attacker to obtain sensitive information via the Login function at /cgi and /webrtccgi. | |||||
| CVE-2024-28132 | 1 F5 | 1 Big-ip Next Cloud-native Network Functions | 2025-08-06 | N/A | 4.4 MEDIUM |
| Exposure of Sensitive Information vulnerability exists in the GSLB container, which may allow an authenticated attacker with local access to view sensitive information. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||
| CVE-2024-31400 | 1 Cybozu | 1 Garoon | 2025-08-05 | N/A | 6.5 MEDIUM |
| Insertion of sensitive information into sent data issue exists in Cybozu Garoon 5.0.0 to 5.15.0. If this vulnerability is exploited, unintended data may be left in forwarded mail. | |||||
| CVE-2025-37110 | 2025-08-04 | N/A | 6.0 MEDIUM | ||
| A vulnerability was discovered in the storage policy for certain sets of sensitive credential information in the HPE Telco Network Function Virtual Orchestrator. Successful Exploitation could lead to unauthorized parties gaining access to sensitive system information. | |||||
| CVE-2022-20939 | 1 Cisco | 2 Smart Software Manager On-prem, Smart Software Manager Satellite | 2025-07-31 | N/A | 4.3 MEDIUM |
| A vulnerability in the web-based management interface of Cisco Smart Software Manager On-Prem could allow an authenticated, remote attacker to elevate privileges on an affected system. This vulnerability is due to inadequate protection of sensitive user information. An attacker could exploit this vulnerability by accessing certain logs on an affected system. A successful exploit could allow the attacker to use the obtained information to elevate privileges to System Admin.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. | |||||
| CVE-2025-28244 | 1 Alteryx | 1 Alteryx Server | 2025-07-17 | N/A | 8.8 HIGH |
| Insecure Permissions vulnerability in the Local Storage in Alteryx Server 2023.1.1.460 allows remote attackers to obtain valid user session tokens from localStorage, leading to account takeover | |||||
| CVE-2025-21003 | 1 Samsung | 1 Android | 2025-07-16 | N/A | 4.0 MEDIUM |
| Insecure storage of sensitive information in Emergency SOS prior to SMR Jul-2025 Release 1 allows local attackers to access sensitive information. | |||||
| CVE-2025-29809 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2025-07-10 | N/A | 7.1 HIGH |
| Insecure storage of sensitive information in Windows Kerberos allows an authorized attacker to bypass a security feature locally. | |||||
| CVE-2025-42979 | 2025-07-08 | N/A | 5.6 MEDIUM | ||
| The GuiXT application, which is integrated with SAP GUI for Windows, uses obfuscation algorithms instead of secure symmetric ciphers for storing the credentials of an RFC user on the client PC. This leads to a high impact on confidentiality because any attacker who gains access to the user hive of this user�s windows registry could recreate the original password. There is no impact on integrity or availability of the application | |||||