Total
360 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-8699 | 2026-04-15 | N/A | 9.1 CRITICAL | ||
| Some "Stored Value" Unattended Payment Solutions of KioSoft use vulnerable NFC cards. Attackers could potentially use this vulnerability to change the balance on the cards and generate money. The account balance is stored on an insecure MiFare Classic NFC card and can be read and written back. By carefully observing changes in card dumps, one can identify fields that store the cash value of the card. Additionally, a checksum can be identified, which is created by XOR-ing the cash and an unknown field with a certain value. By updating the fields accordingly, arbitrary amounts of money can be loaded onto the card (up to $655,35) to pay for goods. | |||||
| CVE-2024-54728 | 2026-04-15 | N/A | 6.5 MEDIUM | ||
| Incorrect access control in BYD QIN PLUS DM-i Dilink OS 3.0_13.1.7.2204050.1 allows unauthorized attackers to access system logcat logs. | |||||
| CVE-2024-56113 | 2026-04-15 | N/A | 7.5 HIGH | ||
| Smart Toilet Lab - Motius 1.3.11 is running with debug mode turned on (DEBUG = True) and exposing sensitive information defined in Django settings file through verbose error page. | |||||
| CVE-2024-56968 | 2026-04-15 | N/A | 6.5 MEDIUM | ||
| An issue in Shenzhen Intellirocks Tech Co. Ltd Govee Home iOS 6.5.01 allows attackers to access sensitive user information via supplying a crafted payload. | |||||
| CVE-2021-42718 | 2026-04-15 | N/A | 4.9 MEDIUM | ||
| Information Disclosure in API in Replicated Replicated Classic versions prior to 2.53.1 on all platforms allows authenticated users with Admin Console access to retrieve sensitive data, including application secrets, via accessing container definitions with environment variables through the Admin Console API on port 8800. This CVE was originally reserved in 2021 and later publicly disclosed by Replicated on their website on 21 October 2021. However, it mistakenly remained in the Reserved But Public (RBP) status with the CVE Numbering Authority (CNA). Please note that this product reached its end of life on 31 December 2024. Publishing this CVE with the CNA was required to comply with CNA rules, despite the fact that the issue was disclosed and fixed four years ago, and the affected product is no longer supported as of 2024. Summary of VulnerabilityThis advisory discloses a low severity security vulnerability in the versions of Replicated Classic listed above (“Affected Replicated Classic Versions”) DescriptionReplicated Classic versions prior to 2.53.1 have an authenticated API from the Replicated Admin Console that may expose sensitive data including application secrets, depending on how the application manifests are written. A user with valid credentials and access to the Admin Console port (8800) on the Replicated Classic server can retrieve container definitions including environment variables which may contain passwords and other secrets depending on how the application is configured. This data is shared over authenticated sessions to the Admin Console only, and was never displayed or used in the application processing. To remediate this issue, we removed the sensitive data from the API, sending only the data to the Admin Console that was needed. TimelineThis issue was discovered during a security review on 16 September 2021. Patched versions were released on 23 September 2021. This advisory was published on 21 October 2021. The CVE Numbering Authority (CNA) notified Replicated on 23 January 2025 that the CVE was still in Reserved But Public (RBP) status. Upon discovering the oversight in updating the status to published with the CNA, Replicated submitted the updated report on the same day, 23 January 2025. | |||||
| CVE-2024-56971 | 2026-04-15 | N/A | 6.5 MEDIUM | ||
| An issue in Zhiyuan Yuedu (Guangzhou) Literature Information Technology Co., Ltd Shuqi Novel iOS 5.3.8 allows attackers to access sensitive user information via supplying a crafted link. | |||||
| CVE-2024-56962 | 2026-04-15 | N/A | 6.5 MEDIUM | ||
| An issue in Tencent Technology (Shanghai) Co., Ltd WeSing iOS v9.3.39 allows attackers to access sensitive user information via supplying a crafted link. | |||||
| CVE-2024-56969 | 2026-04-15 | N/A | 6.5 MEDIUM | ||
| An issue in Pixocial Technology (Singapore) Pte. Ltd BeautyPlus iOS 7.8.010 allows attackers to access sensitive user information via supplying a crafted link. | |||||
| CVE-2024-49201 | 2026-04-15 | N/A | 4.3 MEDIUM | ||
| Keyfactor Remote File Orchestrator (aka remote-file-orchestrator) 2.8 before 2.8.1 allows Information Disclosure: sensitive information could be exposed at the debug logging level. | |||||
| CVE-2024-53931 | 2026-04-15 | N/A | 9.1 CRITICAL | ||
| The com.glitter.caller.screen (aka iCaller, Caller Theme & Dialer) application through 1.1 for Android enables any application (with no permissions) to place phone calls without user interaction by sending a crafted intent via the com.glitter.caller.screen.DialerActivity component. | |||||
| CVE-2024-56957 | 2026-04-15 | N/A | 6.5 MEDIUM | ||
| An issue in Kingsoft Office Software Corporation Limited WPS Office iOS 12.20.0 allows attackers to access sensitive user information via supplying a crafted link. | |||||
| CVE-2024-30896 | 2026-04-15 | N/A | 9.1 CRITICAL | ||
| InfluxDB OSS 2.x through 2.7.11 stores the administrative operator token under the default organization which allows authorized users with read access to the authorization resource of the default organization to retrieve the operator token. InfluxDB OSS 1.x, Enterprise, Cloud, Cloud Dedicated and Clustered are not affected. NOTE: The researcher states that InfluxDB allows allAccess administrators to retrieve all raw tokens via an "influx auth ls" command. The supplier indicates that the organizations feature is operating as intended and that users may choose to add users to non-default organizations. A future release of InfluxDB 2.x will remove the ability to retrieve tokens from the API. The supplier has stated that InfluxDB 2.8.0 has addressed this issue. | |||||
| CVE-2024-46635 | 2026-04-15 | N/A | 5.9 MEDIUM | ||
| An issue in the API endpoint /AccountMaster/GetCurrentUserInfo of INROAD before v202402060 allows attackers to access sensitive information via a crafted payload to the UserNameOrPhoneNumber parameter. | |||||
| CVE-2020-10368 | 2026-04-15 | N/A | 3.5 LOW | ||
| Certain Cypress (and Broadcom) Wireless Combo chips, when a January 2021 firmware update is not present, allow memory read access via a "Spectra" attack. | |||||
| CVE-2025-54083 | 2026-04-15 | N/A | N/A | ||
| Insecure Storage of Sensitive Information vulnerability in Calix GigaCenter ONT (Quantenna SoC modules) allows admin access to the web interface.This issue affects GigaCenter ONT: 844E, 844G, 844GE, 854GE. | |||||
| CVE-2025-53507 | 2026-04-15 | N/A | 6.5 MEDIUM | ||
| Multiple products provided by iND Co.,Ltd contain an insecure storage of sensitive information vulnerability. If exploited, configuration information, such as admin password, may be disclosed. As for the details of affected product names and versions, refer to the information under [Product Status]. | |||||
| CVE-2024-13954 | 2026-04-15 | N/A | 6.5 MEDIUM | ||
| Serialized configuration information may be disclosed during device commissioning while using ASPECT's configuration toolsetThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*. | |||||
| CVE-2024-56950 | 2026-04-15 | N/A | 6.5 MEDIUM | ||
| An issue in KuGou Technology Co., Ltd KuGou Concept iOS 4.0.61 allows attackers to access sensitive user information via supplying a crafted link. | |||||
| CVE-2025-42979 | 2026-04-15 | N/A | 5.6 MEDIUM | ||
| The GuiXT application, which is integrated with SAP GUI for Windows, uses obfuscation algorithms instead of secure symmetric ciphers for storing the credentials of an RFC user on the client PC. This leads to a high impact on confidentiality because any attacker who gains access to the user hive of this user�s windows registry could recreate the original password. There is no impact on integrity or availability of the application | |||||
| CVE-2025-10464 | 2026-04-15 | N/A | 6.5 MEDIUM | ||
| Insecure Storage of Sensitive Information vulnerability in Birtech Information Technologies Industry and Trade Ltd. Co. Senseway allows Retrieve Embedded Sensitive Data.This issue affects Senseway: through 09022026. NOTE: Because the product was developed using outdated technology, the manufacturer is unable to fix the relevant vulnerabilities. Users of the Sensaway application are advised to contact the manufacturer and review updated products developed with newer technology. | |||||