Total
328 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-23561 | 1 Hcltechsw | 2 Hcl Devops Deploy, Hcl Launch | 2025-04-11 | 4.3 Medium |
| HCL DevOps Deploy / HCL Launch is vulnerable to sensitive information disclosure vulnerability due to insufficient obfuscation of sensitive values. | ||||
| CVE-2025-2440 | 2025-04-09 | 4.2 Medium | ||
| CWE-922: Insecure Storage of Sensitive Information vulnerability exists that could potentially lead to unauthorized access of confidential data when a malicious user, having physical access and advanced information on the file system, sets the radio in factory default mode. | ||||
| CVE-2022-2815 | 1 Publify Project | 1 Publify | 2025-04-07 | 6.5 Medium |
| Insecure Storage of Sensitive Information in GitHub repository publify/publify prior to 9.2.10. | ||||
| CVE-2024-11702 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-04-05 | 7.5 High |
| Copying sensitive information from Private Browsing tabs on Android, such as passwords, may have inadvertently stored data in the cloud-based clipboard history if enabled. This vulnerability affects Firefox < 133 and Thunderbird < 133. | ||||
| CVE-2025-21299 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2025-04-02 | 7.1 High |
| Windows Kerberos Security Feature Bypass Vulnerability | ||||
| CVE-2024-23232 | 1 Apple | 1 Macos | 2025-03-27 | 3.3 Low |
| A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Sonoma 14.4. An app may be able to capture a user's screen. | ||||
| CVE-2021-36546 | 1 Kitesky | 1 Kitecms | 2025-03-26 | 7.5 High |
| Incorrect Access Control issue discovered in KiteCMS 1.1 allows remote attackers to view sensitive information via path in application URL. | ||||
| CVE-2025-20886 | 1 Samsung | 1 Android | 2025-03-25 | 4.1 Medium |
| Inclusion of sensitive information in test code in softsim trustlet prior to SMR Jan-2025 Release 1 allows local privileged attackers to get test key. | ||||
| CVE-2025-24101 | 1 Apple | 1 Macos | 2025-03-24 | 5.5 Medium |
| This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sequoia 15.3. An app may be able to access user-sensitive data. | ||||
| CVE-2024-38312 | 1 Mozilla | 1 Firefox | 2025-03-19 | 6.5 Medium |
| When browsing private tabs, some data related to location history or webpage thumbnails could be persisted incorrectly within the sandboxed app bundle after app termination This vulnerability affects Firefox for iOS < 127. | ||||
| CVE-2024-54541 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2025-03-18 | 5.5 Medium |
| This issue was addressed through improved state management. This issue is fixed in macOS Ventura 13.7.2, visionOS 2.2, tvOS 18.2, watchOS 11.2, iOS 18.2 and iPadOS 18.2, macOS Sonoma 14.7.2, macOS Sequoia 15.2. An app may be able to access user-sensitive data. | ||||
| CVE-2025-2489 | 2025-03-18 | N/A | ||
| Insecure information storage vulnerability in NTFS Tools version 3.5.1. Exploitation of this vulnerability could allow an attacker to know the application password, stored in /Users/user/Library/Application Support/ntfs-tool/config.json. | ||||
| CVE-2024-47197 | 1 Apache | 1 Maven Archetype | 2025-03-17 | 7.5 High |
| Exposure of Sensitive Information to an Unauthorized Actor, Insecure Storage of Sensitive Information vulnerability in Maven Archetype Plugin. This issue affects Maven Archetype Plugin: from 3.2.1 before 3.3.0. Users are recommended to upgrade to version 3.3.0, which fixes the issue. Archetype integration testing creates a file called ./target/classes/archetype-it/archetype-settings.xml This file contains all the content from the users ~/.m2/settings.xml file, which often contains information they do not want to publish. We expect that on many developer machines, this also contains credentials. When the user runs mvn verify again (without a mvn clean), this file becomes part of the final artifact. If a developer were to publish this into Maven Central or any other remote repository (whether as a release or a snapshot) their credentials would be published without them knowing. | ||||
| CVE-2024-54504 | 1 Apple | 1 Macos | 2025-03-13 | 5.5 Medium |
| A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sequoia 15.2. An app may be able to access user-sensitive data. | ||||
| CVE-2024-45374 | 1 Gotenna | 1 Gotenna | 2025-03-12 | 5.3 Medium |
| The goTenna Pro ATAK plugin uses a weak password for sharing encryption keys via the key broadcast method. If the broadcasted encryption key is captured over RF, and password is cracked via brute force attack, it is possible to decrypt it and use it to decrypt all future and past messages sent via encrypted broadcast with that particular key. This only applies when the key is broadcasted over RF. This is an optional feature, so it is advised to use local QR encryption key sharing for additional security on this and previous versions. | ||||
| CVE-2023-23522 | 1 Apple | 1 Macos | 2025-03-11 | 5.5 Medium |
| A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Ventura 13.2.1. An app may be able to observe unprotected user data. | ||||
| CVE-2023-22469 | 1 Nextcloud | 1 Deck | 2025-03-10 | 5.8 Medium |
| Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. When getting the reference preview for Deck cards the user has no access to, unauthorized user could eventually get the cached data of a user that has access. There are currently no known workarounds. It is recommended that the Nextcloud app Deck is upgraded to 1.8.2. | ||||
| CVE-2024-48353 | 1 Yealink | 2 Meeting Server, Yealink Meeting Server | 2025-03-07 | 7.5 High |
| Yealink Meeting Server before V26.0.0.67 allows attackers to obtain static key information from a front-end JS file and decrypt the plaintext passwords based on the obtained key information. | ||||
| CVE-2025-21098 | 2025-03-04 | 5.5 Medium | ||
| in OpenHarmony v5.0.2 and prior versions allow a local attacker cause information leak through out-of-bounds read bypass permission check. | ||||
| CVE-2025-22492 | 2025-02-28 | 6.3 Medium | ||
| The connection string visible to users with access to FRSCore database on Foreseer Reporting Software (FRS) VM, this string can be used for gaining administrative access to the 4crXref database. This vulnerability has been resolved in the latest version 1.5.100 of FRS. | ||||