Total
328 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-32867 | 1 Apple | 2 Iphone Os, Macos | 2025-05-06 | 2.4 Low |
| This issue was addressed with improved data protection. This issue is fixed in iOS 16, macOS Ventura 13. A user with physical access to an iOS device may be able to read past diagnostic logs. | ||||
| CVE-2025-45242 | 2025-05-05 | 7.7 High | ||
| Rhymix v2.1.22 was discovered to contain an arbitrary file deletion vulnerability via the procFileAdminEditImage method in /file/file.admin.controller.php. | ||||
| CVE-2024-43427 | 1 Moodle | 1 Moodle | 2025-05-01 | 3.7 Low |
| A flaw was found in moodle. When creating an export of site administration presets, some sensitive secrets and keys are not being excluded from the export, which could result in them unintentionally being leaked if the presets are shared with a third party. | ||||
| CVE-2022-34312 | 1 Ibm | 1 Cics Tx | 2025-04-30 | 4 Medium |
| IBM CICS TX 11.1 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 229447. | ||||
| CVE-2022-34354 | 2 Ibm, Linux | 2 Partner Engagement Manager, Linux Kernel | 2025-04-25 | 4 Medium |
| IBM Sterling Partner Engagement Manager 2.0 allows encrypted storage of client data to be stored locally which can be read by another user on the system. IBM X-Force ID: 230424. | ||||
| CVE-2024-22371 | 2 Apache, Redhat | 2 Camel, Openshift Serverless | 2025-04-25 | 2.9 Low |
| Exposure of sensitive data by by crafting a malicious EventFactory and providing a custom ExchangeCreatedEvent that exposes sensitive data. Vulnerability in Apache Camel.This issue affects Apache Camel: from 3.21.X through 3.21.3, from 3.22.X through 3.22.0, from 4.0.X through 4.0.3, from 4.X through 4.3.0. Users are recommended to upgrade to version 3.21.4, 3.22.1, 4.0.4 or 4.4.0, which fixes the issue. | ||||
| CVE-2022-41876 | 1 Ibexa | 1 Ezplatform-graphql | 2025-04-23 | 7.5 High |
| ezplatform-graphql is a GraphQL server implementation for Ibexa DXP and Ibexa Open Source. Versions prior to 2.3.12 and 1.0.13 are subject to Insecure Storage of Sensitive Information. Unauthenticated GraphQL queries for user accounts can expose password hashes of users that have created or modified content, typically administrators and editors. This issue has been patched in versions 2.3.12, and 1.0.13 on the 1.X branch. Users unable to upgrade can remove the "passwordHash" entry from "src/bundle/Resources/config/graphql/User.types.yaml" in the GraphQL package, and other properties like hash type, email, login if you prefer. | ||||
| CVE-2024-20050 | 5 Google, Linuxfoundation, Mediatek and 2 more | 47 Android, Yocto, Mt2713 and 44 more | 2025-04-23 | 4.4 Medium |
| In flashc, there is a possible information disclosure due to an uncaught exception. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541757; Issue ID: ALPS08541757. | ||||
| CVE-2022-32833 | 1 Apple | 3 Iphone Os, Macos, Safari | 2025-04-21 | 5.3 Medium |
| An issue existed with the file paths used to store website data. The issue was resolved by improving how website data is stored. This issue is fixed in iOS 16. An unauthorized user may be able to access browsing history. | ||||
| CVE-2025-22983 | 1 Thecosy | 1 Icecms | 2025-04-21 | 7.5 High |
| An access control issue in the component /square/getAllSquare/circle of iceCMS v2.2.0 allows unauthenticated attackers to access sensitive information. | ||||
| CVE-2017-7253 | 1 Dahuasecurity | 2 Ip Camera, Ip Camera Firmware | 2025-04-20 | N/A |
| Dahua IP Camera devices 3.200.0001.6 can be exploited via these steps: 1. Use the default low-privilege credentials to list all users via a request to a certain URI. 2. Login to the IP camera with admin credentials so as to obtain full control of the target IP camera. During exploitation, the first JSON object encountered has a "Component error: login challenge!" message. The second JSON object encountered has a result indicating a successful admin login. | ||||
| CVE-2017-16560 | 1 Sandisk | 1 Secureaccess | 2025-04-20 | N/A |
| SanDisk Secure Access 3.01 vault decrypts and copies encrypted files to a temporary folder, where they can remain indefinitely in certain situations, such as if the file is being edited when the user exits the application or if the application crashes. | ||||
| CVE-2017-6911 | 1 Usb Pratirodh Project | 1 Usb Pratirodh | 2025-04-20 | N/A |
| USB Pratirodh is prone to sensitive information disclosure. It stores sensitive information such as username and password in simple usb.xml. An attacker with physical access to the system can modify the file according his own requirements that may aid in further attack. | ||||
| CVE-2017-0493 | 1 Google | 1 Android | 2025-04-20 | N/A |
| An information disclosure vulnerability in File-Based Encryption could enable a local malicious attacker to bypass operating system protections for the lock screen. This issue is rated as Moderate due to the possibility of bypassing the lock screen. Product: Android. Versions: 7.0, 7.1.1. Android ID: A-32793550. | ||||
| CVE-2025-22984 | 1 Thecosy | 1 Icecms | 2025-04-18 | 7.5 High |
| An access control issue in the component /api/squareComment/DelectSquareById of iceCMS v2.2.0 allows unauthenticated attackers to access sensitive information. | ||||
| CVE-2021-27456 | 1 Phillips | 22 Gemini 882160, Gemini 882160 Firmware, Gemini 882300 and 19 more | 2025-04-16 | 2.4 Low |
| Philips Gemini PET/CT family software stores sensitive information in a removable media device that does not have built-in access control. | ||||
| CVE-2024-57546 | 1 Cmsimple | 1 Cmsimple | 2025-04-16 | 7.5 High |
| An issue in CMSimple v.5.16 allows a remote attacker to obtain sensitive information via a crafted script to the validate link function. | ||||
| CVE-2023-41965 | 1 Socomec | 2 Modulys Gp, Modulys Gp Firmware | 2025-04-15 | 7.5 High |
| Sending some requests in the web application of the vulnerable device allows information to be obtained due to the lack of security in the authentication process. | ||||
| CVE-2022-40959 | 2 Mozilla, Redhat | 6 Firefox, Firefox Esr, Thunderbird and 3 more | 2025-04-15 | 6.5 Medium |
| During iframe navigation, certain pages did not have their FeaturePolicy fully initialized leading to a bypass that leaked device permissions into untrusted subdocuments. This vulnerability affects Firefox ESR < 102.3, Thunderbird < 102.3, and Firefox < 105. | ||||
| CVE-2024-32236 | 1 Cmseasy | 1 Cmseasy | 2025-04-14 | 3.5 Low |
| An issue in CmsEasy v.7.7 and before allows a remote attacker to obtain sensitive information via the update function in the index.php component. | ||||