Total
360 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-6295 | 2026-04-15 | N/A | 3.9 LOW | ||
| udn News Android APP stores the unencrypted user session in the local database when user log into the application. A malicious APP or an attacker with physical access to the Android device can retrieve this session and use it to log into the news APP and other services provided by udn. | |||||
| CVE-2024-38496 | 2026-04-15 | N/A | N/A | ||
| The vulnerability allows a malicious low-privileged PAM user to access information about other PAM users and their group memberships. | |||||
| CVE-2024-56952 | 2026-04-15 | N/A | 6.5 MEDIUM | ||
| An issue in Beijing Baidu Netcom Science & Technology Co Ltd Baidu Lite app (iOS version) 6.40.0 allows attackers to access user information via supplying a crafted link. | |||||
| CVE-2024-48939 | 2026-04-15 | N/A | 7.5 HIGH | ||
| Insufficient validation performed on the REST API License file in Paxton Net2 before 6.07.14023.5015 (SR4) enables use of the REST API with an invalid License File. Attackers may be able to retrieve access-log data. | |||||
| CVE-2024-56949 | 2026-04-15 | N/A | 6.5 MEDIUM | ||
| An issue in Guangzhou Polar Future Culture Technology Co., Ltd University Search iOS 2.27.0 allows attackers to access sensitive user information via supplying a crafted link. | |||||
| CVE-2025-37100 | 2026-04-15 | N/A | 7.7 HIGH | ||
| A vulnerability in the APIs of HPE Aruba Networking Private 5G CoreĀ could potentially expose sensitive information to unauthorized users. A successful exploitation could allow an attacker to iteratively navigate through the filesystem and ultimately download protected system files containing sensitive information. | |||||
| CVE-2024-56960 | 2026-04-15 | N/A | 6.5 MEDIUM | ||
| An issue in Tianjin Xiaowu Information technology Co., Ltd BeiKe Holdings iOS 1.3.50 allows attackers to access sensitive user information via supplying a crafted link. | |||||
| CVE-2024-4213 | 2026-04-15 | N/A | 5.3 MEDIUM | ||
| The Shopping Cart & eCommerce Store plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.6.4 via the order report functionality. This makes it possible for unauthenticated attackers to extract sensitive data including order details such as payment details, addresses and other PII. | |||||
| CVE-2025-60856 | 2026-04-15 | N/A | 6.8 MEDIUM | ||
| Reolink Video Doorbell WiFi DB_566128M5MP_W allows root shell access through an unsecured UART/serial console. An attacker with physical access can connect to the exposed interface and execute arbitrary commands with root privileges. NOTE: this is disputed by the Supplier because of "certain restrictions on users privately connecting serial port cables" and because "the root user has a password and it meets the requirements of password security complexity." | |||||
| CVE-2024-37728 | 2026-04-15 | N/A | 7.5 HIGH | ||
| Arbitrary File Read vulnerability in Xi'an Daxi Information Technology Co., Ltd OfficeWeb365 v.7.18.23.0 and v8.6.1.0 allows a remote attacker to obtain sensitive information via the "Pic/Indexes" interface | |||||
| CVE-2024-56953 | 2026-04-15 | N/A | 6.5 MEDIUM | ||
| An issue in Baidu (China) Co Ltd Baidu Input Method (iOS version) v12.6.13 allows attackers to access user information via supplying a crafted link. | |||||
| CVE-2024-56963 | 2026-04-15 | N/A | 6.5 MEDIUM | ||
| An issue in Beijing Sogou Technology Development Co., Ltd Sogou Input iOS 12.2.0 allows attackers to access sensitive user information via supplying a crafted link. | |||||
| CVE-2024-56955 | 2026-04-15 | N/A | 6.5 MEDIUM | ||
| An issue in Tencent Technology (Shenzhen) Company Limited QQMail iOS 6.6.4 allows attackers to access sensitive user information via supplying a crafted link. | |||||
| CVE-2025-2489 | 2026-04-15 | N/A | N/A | ||
| Insecure information storage vulnerability in NTFS Tools version 3.5.1. Exploitation of this vulnerability could allow an attacker to know the application password, stored in /Users/user/Library/Application Support/ntfs-tool/config.json. | |||||
| CVE-2024-56966 | 2026-04-15 | N/A | 6.5 MEDIUM | ||
| An issue in Shanghai Xuan Ting Entertainment Information & Technology Co., Ltd Qidian Reader iOS 5.9.384 allows attackers to access sensitive user information via supplying a crafted link. | |||||
| CVE-2024-53932 | 2026-04-15 | N/A | 9.1 CRITICAL | ||
| The com.remi.colorphone.callscreen.calltheme.callerscreen (aka Color Phone: Call Screen Theme) application through 21.1.9 for Android enables any application (with no permissions) to place phone calls without user interaction by sending a crafted intent via the com.remi.colorphone.callscreen.calltheme.callerscreen.dialer.DialerActivity component. | |||||
| CVE-2025-10971 | 2026-04-15 | N/A | N/A | ||
| Insecure Storage of Sensitive Information vulnerability in MeetMe on iOS, Android allows Retrieve Embedded Sensitive Data. This issue affects MeetMe: through v2.2.5. | |||||
| CVE-2019-20469 | 2026-04-15 | N/A | 4.6 MEDIUM | ||
| An issue was discovered on One2Track 2019-12-08 devices. Confidential information is needlessly stored on the smartwatch. Audio files are stored in .amr format, in the audior directory. An attacker who has physical access can retrieve all audio files by connecting via a USB cable. | |||||
| CVE-2025-22492 | 2026-04-15 | N/A | 6.3 MEDIUM | ||
| The connection string visible to users with access to FRSCore database on Foreseer Reporting Software (FRS) VM, this string can be used for gaining administrative access to the 4crXref database. This vulnerability has been resolved in the latest version 1.5.100 of FRS. | |||||
| CVE-2024-56947 | 2026-04-15 | N/A | 6.5 MEDIUM | ||
| An issue in Xiamen Meitu Technology Co., Ltd. BeautyCam iOS v12.3.60 allows attackers to access sensitive user information via supplying a crafted link. | |||||