Total
360 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-48770 | 2026-04-15 | N/A | 8.2 HIGH | ||
| An issue in Plug n Play Camera com.wisdomcity.zwave 1.1.0 allows a remote attacker to obtain sensitive information via the firmware update process. | |||||
| CVE-2024-35526 | 2026-04-15 | N/A | 5.9 MEDIUM | ||
| An issue in Daemon PTY Limited FarCry Core framework before 7.2.14 allows attackers to access sensitive information in the /facade directory. | |||||
| CVE-2025-12539 | 2026-04-15 | N/A | 10.0 CRITICAL | ||
| The TNC Toolbox: Web Performance plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.2. This is due to the plugin storing cPanel API credentials (hostname, username, and API key) in files within the web-accessible wp-content directory without adequate protection in the "Tnc_Wp_Toolbox_Settings::save_settings" function. This makes it possible for unauthenticated attackers to retrieve these credentials and use them to interact with the cPanel API, which can lead to arbitrary file uploads, remote code execution, and full compromise of the hosting environment. | |||||
| CVE-2024-35311 | 2026-04-15 | N/A | 3.3 LOW | ||
| Yubico YubiKey 5 Series before 5.7.0, Security Key Series before 5.7.0, YubiKey Bio Series before 5.6.4, and YubiKey 5 FIPS before 5.7.2 have Incorrect Access Control. | |||||
| CVE-2025-61482 | 2026-04-15 | N/A | 7.2 HIGH | ||
| Improper handling of OTP/TOTP/HOTP values in NetKnights GmbH privacyIDEA Authenticator v.4.3.0 on Android allows local attackers with root access to bypass two factor authentication. By hooking into app crypto routines and intercepting decryption paths, attacker can recover plaintext secrets, enabling generation of valid one-time passwords, and bypassing authentication for enrolled accounts. | |||||
| CVE-2024-5599 | 1 Fileorganizer | 1 Fileorganizer | 2026-04-08 | N/A | 7.5 HIGH |
| The FileOrganizer – Manage WordPress and Website Files plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.7 via the 'fileorganizer_ajax_handler' function. This makes it possible for unauthenticated attackers to extract sensitive data including backups or other sensitive information if the files have been moved to the built-in Trash folder. | |||||
| CVE-2024-5598 | 1 Advancedfilemanager | 1 Advanced File Manager | 2026-04-08 | N/A | 7.5 HIGH |
| The Advanced File Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.2.4 via the 'fma_local_file_system' function. This makes it possible for unauthenticated attackers to extract sensitive data including backups or other sensitive information if the files have been moved to the built-in Trash folder. | |||||
| CVE-2024-3733 | 1 Wpdeveloper | 1 Essential Addons For Elementor | 2026-04-08 | N/A | 5.3 MEDIUM |
| The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.9.15 via the ajax_load_more() , eael_woo_pagination_product_ajax(), and ajax_eael_product_gallery() functions. This makes it possible for unauthenticated attackers to extract posts that may be in private or draft status. | |||||
| CVE-2024-2974 | 1 Wpdeveloper | 1 Essential Addons For Elementor | 2026-04-08 | N/A | 5.3 MEDIUM |
| The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 5.9.13 via the load_more function. This can allow unauthenticated attackers to extract sensitive data including private and draft posts. | |||||
| CVE-2023-6748 | 1 Wpgogo | 1 Custom Field Template | 2026-04-08 | N/A | 4.3 MEDIUM |
| The Custom Field Template plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.1 via the 'cft' shortcode. This makes it possible for authenticated attackers with contributor access and above, to extract sensitive data including arbitrary post metadata. | |||||
| CVE-2024-3717 | 1 Codedropz | 1 Drag And Drop Multiple File Upload - Contact Form 7 | 2026-04-08 | N/A | 5.3 MEDIUM |
| The Drag and Drop Multiple File Upload – Contact Form 7 plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.7.7 via the '/wp-content/uploads/wp_dndcf7_uploads/wpcf7-files' directory. This makes it possible for unauthenticated attackers to extract sensitive data uploaded via this plugin through a form. | |||||
| CVE-2024-3678 | 1 Adenion | 1 Blog2social | 2026-04-08 | N/A | 5.3 MEDIUM |
| The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.4.2. This makes it possible for unauthenticated attackers to view limited information from password protected posts. | |||||
| CVE-2023-6962 | 1 Joomunited | 1 Wp Meta Seo | 2026-04-08 | N/A | 5.3 MEDIUM |
| The WP Meta SEO plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.5.12 via the meta description. This makes it possible for unauthenticated attackers to disclose potentially sensitive information via the meta description of password-protected posts. | |||||
| CVE-2023-6565 | 1 Revmakx | 1 Infinitewp Client | 2026-04-08 | N/A | 5.9 MEDIUM |
| The InfiniteWP Client plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.12.3 via the multi-call backup option. This makes it possible for unauthenticated attackers to extract sensitive data from a temporary SQL file via repeated GET requests during the limited time window of the backup process. | |||||
| CVE-2025-43203 | 1 Apple | 2 Ipados, Iphone Os | 2026-04-02 | N/A | 4.0 MEDIUM |
| The issue was addressed with improved handling of caches. This issue is fixed in iOS 18.7 and iPadOS 18.7, iOS 26 and iPadOS 26. An attacker with physical access to an unlocked device may be able to view an image in the most recently viewed locked note. | |||||
| CVE-2025-24117 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2026-04-02 | N/A | 5.5 MEDIUM |
| This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.4, macOS Sequoia 15.3, visionOS 2.3, watchOS 11.3. An app may be able to fingerprint the user. | |||||
| CVE-2024-54541 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2026-04-02 | N/A | 5.5 MEDIUM |
| This issue was addressed through improved state management. This issue is fixed in iOS 18.2 and iPadOS 18.2, macOS Sequoia 15.2, macOS Sonoma 14.7.2, macOS Ventura 13.7.2, tvOS 18.2, visionOS 2.2, watchOS 11.2. An app may be able to access user-sensitive data. | |||||
| CVE-2024-54485 | 1 Apple | 2 Ipados, Iphone Os | 2026-04-02 | N/A | 2.4 LOW |
| The issue was addressed by adding additional logic. This issue is fixed in iOS 18.2 and iPadOS 18.2, iPadOS 17.7.3, macOS Sequoia 15.2. An attacker with physical access to an iOS device may be able to view notification content from the lock screen. | |||||
| CVE-2024-54477 | 1 Apple | 1 Macos | 2026-04-02 | N/A | 5.5 MEDIUM |
| The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.2, macOS Sonoma 14.7.2, macOS Ventura 13.7.2. An app may be able to access user-sensitive data. | |||||
| CVE-2024-44275 | 1 Apple | 1 Macos | 2026-04-02 | N/A | 5.5 MEDIUM |
| The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.1, macOS Sonoma 14.7.1, macOS Ventura 13.7.1. A malicious application may be able to modify protected parts of the file system. | |||||