Total
313 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-21117 | 1 Oracle | 1 Outside In Technology | 2025-05-21 | N/A | 5.3 MEDIUM |
| Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Core). Supported versions that are affected are 8.5.6 and 8.5.7. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Outside In Technology executes to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data as well as unauthorized read access to a subset of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. CVSS 3.1 Base Score 5.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L). | |||||
| CVE-2024-23217 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2025-05-15 | N/A | 3.3 LOW |
| A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Sonoma 14.3, watchOS 10.3, iOS 17.3 and iPadOS 17.3. An app may be able to bypass certain Privacy preferences. | |||||
| CVE-2024-57436 | 1 Ruoyi | 1 Ruoyi | 2025-05-14 | N/A | 7.2 HIGH |
| RuoYi v4.8.0 was discovered to allow unauthorized attackers to view the session ID of the admin in the system monitoring. This issue can allow attackers to impersonate Admin users via using a crafted cookie. | |||||
| CVE-2022-44581 | 1 Wmpudev | 1 Defender Security | 2025-05-13 | N/A | 5.0 MEDIUM |
| Insecure Storage of Sensitive Information vulnerability in WPMU DEV Defender Security allows : Screen Temporary Files for Sensitive Information.This issue affects Defender Security: from n/a through 3.3.2. | |||||
| CVE-2023-45859 | 1 Hazelcast | 1 Hazelcast | 2025-05-13 | N/A | 7.6 HIGH |
| In Hazelcast through 4.1.10, 4.2 through 4.2.8, 5.0 through 5.0.5, 5.1 through 5.1.7, 5.2 through 5.2.4, and 5.3 through 5.3.2, some client operations don't check permissions properly, allowing authenticated users to access data stored in the cluster. | |||||
| CVE-2022-28170 | 1 Broadcom | 1 Fabric Operating System | 2025-05-09 | N/A | 6.5 MEDIUM |
| Brocade Fabric OS Web Application services before Brocade Fabric v9.1.0, v9.0.1e, v8.2.3c, v7.4.2j store server and user passwords in the debug statements. This could allow a local user to extract the passwords from a debug file. | |||||
| CVE-2024-26559 | 1 Dagg | 1 Uverif | 2025-05-08 | N/A | 5.3 MEDIUM |
| An issue in uverif v.2.0 allows a remote attacker to obtain sensitive information. | |||||
| CVE-2022-32867 | 1 Apple | 2 Iphone Os, Macos | 2025-05-06 | N/A | 2.4 LOW |
| This issue was addressed with improved data protection. This issue is fixed in iOS 16, macOS Ventura 13. A user with physical access to an iOS device may be able to read past diagnostic logs. | |||||
| CVE-2025-45242 | 2025-05-05 | N/A | 7.7 HIGH | ||
| Rhymix v2.1.22 was discovered to contain an arbitrary file deletion vulnerability via the procFileAdminEditImage method in /file/file.admin.controller.php. | |||||
| CVE-2025-46627 | 2025-05-02 | N/A | 8.2 HIGH | ||
| Use of weak credentials in the Tenda RX2 Pro 16.03.30.14 allows an unauthenticated attacker to authenticate to the telnet service by calculating the root password based on easily-obtained device information. The password is based on the last two digits/octets of the MAC address. | |||||
| CVE-2024-43427 | 1 Moodle | 1 Moodle | 2025-05-01 | N/A | 3.7 LOW |
| A flaw was found in moodle. When creating an export of site administration presets, some sensitive secrets and keys are not being excluded from the export, which could result in them unintentionally being leaked if the presets are shared with a third party. | |||||
| CVE-2024-22371 | 1 Apache | 1 Camel | 2025-04-25 | N/A | 2.9 LOW |
| Exposure of sensitive data by by crafting a malicious EventFactory and providing a custom ExchangeCreatedEvent that exposes sensitive data. Vulnerability in Apache Camel.This issue affects Apache Camel: from 3.21.X through 3.21.3, from 3.22.X through 3.22.0, from 4.0.X through 4.0.3, from 4.X through 4.3.0. Users are recommended to upgrade to version 3.21.4, 3.22.1, 4.0.4 or 4.4.0, which fixes the issue. | |||||
| CVE-2024-20050 | 5 Google, Linuxfoundation, Mediatek and 2 more | 47 Android, Yocto, Mt2713 and 44 more | 2025-04-23 | N/A | 4.4 MEDIUM |
| In flashc, there is a possible information disclosure due to an uncaught exception. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541757; Issue ID: ALPS08541757. | |||||
| CVE-2022-32833 | 1 Apple | 3 Iphone Os, Macos, Safari | 2025-04-21 | N/A | 5.3 MEDIUM |
| An issue existed with the file paths used to store website data. The issue was resolved by improving how website data is stored. This issue is fixed in iOS 16. An unauthorized user may be able to access browsing history. | |||||
| CVE-2025-22983 | 1 Thecosy | 1 Icecms | 2025-04-21 | N/A | 7.5 HIGH |
| An access control issue in the component /square/getAllSquare/circle of iceCMS v2.2.0 allows unauthenticated attackers to access sensitive information. | |||||
| CVE-2017-6911 | 1 Usb Pratirodh Project | 1 Usb Pratirodh | 2025-04-20 | 2.1 LOW | 6.6 MEDIUM |
| USB Pratirodh is prone to sensitive information disclosure. It stores sensitive information such as username and password in simple usb.xml. An attacker with physical access to the system can modify the file according his own requirements that may aid in further attack. | |||||
| CVE-2017-16560 | 1 Sandisk | 1 Secureaccess | 2025-04-20 | 2.1 LOW | 4.3 MEDIUM |
| SanDisk Secure Access 3.01 vault decrypts and copies encrypted files to a temporary folder, where they can remain indefinitely in certain situations, such as if the file is being edited when the user exits the application or if the application crashes. | |||||
| CVE-2017-7253 | 1 Dahuasecurity | 2 Ip Camera, Ip Camera Firmware | 2025-04-20 | 9.0 HIGH | 8.8 HIGH |
| Dahua IP Camera devices 3.200.0001.6 can be exploited via these steps: 1. Use the default low-privilege credentials to list all users via a request to a certain URI. 2. Login to the IP camera with admin credentials so as to obtain full control of the target IP camera. During exploitation, the first JSON object encountered has a "Component error: login challenge!" message. The second JSON object encountered has a result indicating a successful admin login. | |||||
| CVE-2017-0493 | 1 Google | 1 Android | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
| An information disclosure vulnerability in File-Based Encryption could enable a local malicious attacker to bypass operating system protections for the lock screen. This issue is rated as Moderate due to the possibility of bypassing the lock screen. Product: Android. Versions: 7.0, 7.1.1. Android ID: A-32793550. | |||||
| CVE-2025-22984 | 1 Thecosy | 1 Icecms | 2025-04-18 | N/A | 7.5 HIGH |
| An access control issue in the component /api/squareComment/DelectSquareById of iceCMS v2.2.0 allows unauthenticated attackers to access sensitive information. | |||||