Total
640 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-1489 | 1 Opera | 1 Opera Browser | 2025-04-03 | 2.6 LOW | N/A |
| Opera 7.54 and earlier does not properly limit an applet's access to internal Java packages from Sun, which allows remote attackers to gain sensitive information, such as user names and the installation directory. | |||||
| CVE-2001-0893 | 1 Acme | 1 Mini Httpd | 2025-04-03 | 5.0 MEDIUM | N/A |
| Acme mini_httpd before 1.16 allows remote attackers to view sensitive files under the document root (such as .htpasswd) via a GET request with a trailing /. | |||||
| CVE-2021-41989 | 1 Qlik | 1 Qlikview | 2025-04-01 | N/A | 7.8 HIGH |
| Qlik QlikView through 12.60.20100.0 creates a Temporary File in a Directory with Insecure Permissions. | |||||
| CVE-2021-41988 | 1 Qlik | 1 Nprinting Designer | 2025-04-01 | N/A | 7.8 HIGH |
| Qlik NPrinting Designer through 21.14.3.0 creates a Temporary File in a Directory with Insecure Permissions. | |||||
| CVE-2023-25192 | 1 Ami | 1 Megarac Sp-x | 2025-03-19 | N/A | 5.3 MEDIUM |
| AMI MegaRAC SPX devices allow User Enumeration through Redfish. The fixed versions are SPx12-update-7.00 and SPx13-update-5.00. | |||||
| CVE-2023-26081 | 2 Fedoraproject, Gnome | 2 Fedora, Epiphany | 2025-03-18 | N/A | 7.5 HIGH |
| In Epiphany (aka GNOME Web) through 43.0, untrusted web content can trick users into exfiltrating passwords, because autofill occurs in sandboxed contexts. | |||||
| CVE-2024-40725 | 1 Apache | 1 Http Server | 2025-03-14 | N/A | 5.3 MEDIUM |
| A partial fix for CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some use of the legacy content-type based configuration of handlers. "AddType" and similar configuration, under some circumstances where files are requested indirectly, result in source code disclosure of local content. For example, PHP scripts may be served instead of interpreted. Users are recommended to upgrade to version 2.4.62, which fixes this issue. | |||||
| CVE-2023-0481 | 1 Quarkus | 1 Quarkus | 2025-03-12 | N/A | 3.3 LOW |
| In RestEasy Reactive implementation of Quarkus the insecure File.createTempFile() is used in the FileBodyHandler class which creates temp files with insecure permissions that could be read by a local user. | |||||
| CVE-2022-44310 | 1 Ecdh Project | 1 Ecdh | 2025-03-12 | N/A | 7.5 HIGH |
| In Development IL ecdh before 0.2.0, an attacker can send an invalid point (not on the curve) as the public key, and obtain the derived shared secret. | |||||
| CVE-2023-22777 | 1 Arubanetworks | 2 Arubaos, Sd-wan | 2025-03-07 | N/A | 4.9 MEDIUM |
| An authenticated information disclosure vulnerability exists in the ArubaOS web-based management interface. Successful exploitation of this vulnerability results in the ability to read arbitrary files in the underlying operating system. | |||||
| CVE-2023-22775 | 1 Arubanetworks | 2 Arubaos, Sd-wan | 2025-03-07 | N/A | 6.5 MEDIUM |
| A vulnerability exists which allows an authenticated attacker to access sensitive information on the ArubaOS command line interface. Successful exploitation could allow access to data beyond what is authorized by the users existing privilege level. | |||||
| CVE-2023-22892 | 1 Smartbear | 1 Zephyr Enterprise | 2025-03-04 | N/A | 7.5 HIGH |
| There exists an information disclosure vulnerability in SmartBear Zephyr Enterprise through 7.15.0 that could be exploited by unauthenticated users to read arbitrary files from Zephyr instances. | |||||
| CVE-2020-22647 | 1 Smartconrtactgames Project | 1 Smartconrtactgames | 2025-02-26 | N/A | 9.1 CRITICAL |
| An issue found in DepositGame v.1.0 allows an attacker to gain sensitive information via the GetBonusWithdraw and withdraw functions. | |||||
| CVE-2023-42792 | 1 Apache | 1 Airflow | 2025-02-13 | N/A | 6.5 MEDIUM |
| Apache Airflow, in versions prior to 2.7.2, contains a security vulnerability that allows an authenticated user with limited access to some DAGs, to craft a request that could give the user write access to various DAG resources for DAGs that the user had no access to, thus, enabling the user to clear DAGs they shouldn't. Users of Apache Airflow are strongly advised to upgrade to version 2.7.2 or newer to mitigate the risk associated with this vulnerability. | |||||
| CVE-2023-34189 | 1 Apache | 1 Inlong | 2025-02-13 | N/A | 6.5 MEDIUM |
| Exposure of Resource to Wrong Sphere Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.7.0. The attacker could use general users to delete and update the process, which only the admin can operate occurrences. Users are advised to upgrade to Apache InLong's 1.8.0 or cherry-pick https://github.com/apache/inlong/pull/8109 to solve it. | |||||
| CVE-2022-43684 | 1 Servicenow | 1 Servicenow | 2025-02-13 | N/A | 9.9 CRITICAL |
| ServiceNow has released patches and an upgrade that address an Access Control List (ACL) bypass issue in ServiceNow Core functionality. Additional Details This issue is present in the following supported ServiceNow releases: * Quebec prior to Patch 10 Hot Fix 8b * Rome prior to Patch 10 Hot Fix 1 * San Diego prior to Patch 7 * Tokyo prior to Tokyo Patch 1; and * Utah prior to Utah General Availability If this ACL bypass issue were to be successfully exploited, it potentially could allow an authenticated user to obtain sensitive information from tables missing authorization controls. | |||||
| CVE-2023-26588 | 1 Buffalo | 32 Bs-gs2008, Bs-gs2008 Firmware, Bs-gs2008p and 29 more | 2025-02-11 | N/A | 7.5 HIGH |
| Use of hard-coded credentials vulnerability in Buffalo network devices allows an attacker to access the debug function of the product. The affected products and versions are as follows: BS-GSL2024 firmware Ver. 1.10-0.03 and earlier, BS-GSL2016P firmware Ver. 1.10-0.03 and earlier, BS-GSL2016 firmware Ver. 1.10-0.03 and earlier, BS-GS2008 firmware Ver. 1.0.10.01 and earlier, BS-GS2016 firmware Ver. 1.0.10.01 and earlier, BS-GS2024 firmware Ver. 1.0.10.01 and earlier, BS-GS2048 firmware Ver. 1.0.10.01 and earlier, BS-GS2008P firmware Ver. 1.0.10.01 and earlier, BS-GS2016P firmware Ver. 1.0.10.01 and earlier, and BS-GS2024P firmware Ver. 1.0.10.01 and earlier | |||||
| CVE-2023-25409 | 1 Aten | 2 Pe8108, Pe8108 Firmware | 2025-02-11 | N/A | 8.1 HIGH |
| Aten PE8108 2.4.232 is vulnerable to Incorrect Access Control. Restricted users have access to other users outlets. | |||||
| CVE-2022-47338 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-02-10 | N/A | 7.1 HIGH |
| In telecom service, there is a missing permission check. This could lead to local denial of service in telecom service. | |||||
| CVE-2023-25954 | 3 Kyocera, Olivetti, Triumph-adler | 3 Mobile Print, Mobile Print, Mobile Print | 2025-02-07 | N/A | 5.5 MEDIUM |
| KYOCERA Mobile Print' v3.2.0.230119 and earlier, 'UTAX/TA MobilePrint' v3.2.0.230119 and earlier, and 'Olivetti Mobile Print' v3.2.0.230119 and earlier are vulnerable to improper intent handling. When a malicious app is installed on the victim user's Android device, the app may send an intent and direct the affected app to download malicious files or apps to the device without notification. | |||||