Total
328 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-40728 | 1 Siemens | 1 Qms Automotive | 2025-02-27 | 7.3 High |
| A vulnerability has been identified in QMS Automotive (All versions < V12.39). The QMS.Mobile module of the affected application stores sensitive application data in an external insecure storage. This could allow an attacker to alter content, leading to arbitrary code execution or denial-of-service condition. | ||||
| CVE-2024-12315 | 1 Smackcoders | 1 Export All Posts\, Products\, Orders\, Refunds \& Users | 2025-02-25 | 7.5 High |
| The Export All Posts, Products, Orders, Refunds & Users plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.9.3 via the exports directory. This makes it possible for unauthenticated attackers to extract sensitive data stored insecurely in the /wp-content/uploads/smack_uci_uploads/exports/ directory which can contain information like exported user data. | ||||
| CVE-2024-55931 | 2025-02-24 | 6.5 Medium | ||
| Xerox Workplace Suite stores tokens in session storage, which may expose them to potential access if a user's session is compromised. The patch for this vulnerability will be included in a future release of Workplace Suite, and customers will be notified through an update to the security bulletin. | ||||
| CVE-2022-39043 | 1 Juiker | 1 Juiker | 2025-02-19 | 2.4 Low |
| Juiker app stores debug logs which contains sensitive information to mobile external storage. An unauthenticated physical attacker can access these files to acquire partial user information such as personal contacts. | ||||
| CVE-2024-29120 | 2025-02-13 | 5.9 Medium | ||
| In Streampark (version < 2.1.4), when a user logged in successfully, the Backend service would return "Authorization" as the front-end authentication credential. User can use this credential to request other users' information, including the administrator's username, password, salt value, etc. Mitigation: all users should upgrade to 2.1.4 | ||||
| CVE-2023-6253 | 1 Fortra | 1 Digital Guardian Agent | 2025-02-13 | 6.0 Medium |
| A saved encryption key in the Uninstaller in Digital Guardian's Agent before version 7.9.4 allows a local attacker to retrieve the uninstall key and remove the software by extracting the uninstaller key from the memory of the uninstaller file. | ||||
| CVE-2023-50298 | 1 Apache | 1 Solr | 2025-02-13 | 7.5 High |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Solr.This issue affects Apache Solr: from 6.0.0 through 8.11.2, from 9.0.0 before 9.4.1. Solr Streaming Expressions allows users to extract data from other Solr Clouds, using a "zkHost" parameter. When original SolrCloud is setup to use ZooKeeper credentials and ACLs, they will be sent to whatever "zkHost" the user provides. An attacker could setup a server to mock ZooKeeper, that accepts ZooKeeper requests with credentials and ACLs and extracts the sensitive information, then send a streaming expression using the mock server's address in "zkHost". Streaming Expressions are exposed via the "/streaming" handler, with "read" permissions. Users are recommended to upgrade to version 8.11.3 or 9.4.1, which fix the issue. From these versions on, only zkHost values that have the same server address (regardless of chroot), will use the given ZooKeeper credentials and ACLs when connecting. | ||||
| CVE-2024-39459 | 2025-02-13 | 4.3 Medium | ||
| In rare cases Jenkins Plain Credentials Plugin 182.v468b_97b_9dcb_8 and earlier stores secret file credentials unencrypted (only Base64 encoded) on the Jenkins controller file system, where they can be viewed by users with access to the Jenkins controller file system (global credentials) or with Item/Extended Read permission (folder-scoped credentials). | ||||
| CVE-2024-27789 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2025-02-13 | 5.3 Medium |
| A logic issue was addressed with improved checks. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, macOS Monterey 12.7.5, macOS Ventura 13.6.7, macOS Sonoma 14.4. An app may be able to access user-sensitive data. | ||||
| CVE-2024-23290 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2025-02-13 | 5.3 Medium |
| A logic issue was addressed with improved restrictions. This issue is fixed in tvOS 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, watchOS 10.4. An app may be able to access user-sensitive data. | ||||
| CVE-2024-23241 | 1 Apple | 4 Ipad Os, Iphone Os, Macos and 1 more | 2025-02-13 | 6.5 Medium |
| This issue was addressed through improved state management. This issue is fixed in tvOS 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4. An app may be able to leak sensitive user information. | ||||
| CVE-2024-23229 | 1 Apple | 1 Macos | 2025-02-13 | 5.5 Medium |
| This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Monterey 12.7.5, macOS Ventura 13.6.5, macOS Sonoma 14.4. A malicious application may be able to access Find My data. | ||||
| CVE-2024-23205 | 1 Apple | 3 Ipad Os, Iphone Os, Macos | 2025-02-13 | 5.5 Medium |
| A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sonoma 14.4, iOS 17.4 and iPadOS 17.4. An app may be able to access sensitive user data. | ||||
| CVE-2024-36788 | 1 Netgear | 2 Wnr614, Wnr614 Firmware | 2025-02-13 | 5.9 Medium |
| Netgear WNR614 JNR1010V2 N300-V1.1.0.54_1.0.1 does not properly set the HTTPOnly flag for cookies. This allows attackers to possibly intercept and access sensitive communications between the router and connected devices. | ||||
| CVE-2024-35311 | 2025-02-13 | 3.3 Low | ||
| Yubico YubiKey 5 Series before 5.7.0, Security Key Series before 5.7.0, YubiKey Bio Series before 5.6.4, and YubiKey 5 FIPS before 5.7.2 have Incorrect Access Control. | ||||
| CVE-2023-0580 | 1 Abb | 1 My Control System | 2025-02-10 | 5.4 Medium |
| Insecure Storage of Sensitive Information vulnerability in ABB My Control System (on-premise) allows an attacker who successfully exploited this vulnerability to gain access to the secure application data or take control of the application. Of the services that make up the My Control System (on-premise) application, the following ones are affected by this vulnerability: User Interface System Monitoring1 Asset Inventory This issue affects My Control System (on-premise): from 5.0;0 through 5.13. | ||||
| CVE-2023-6962 | 1 Joomunited | 1 Wp Meta Seo | 2025-02-06 | 5.3 Medium |
| The WP Meta SEO plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.5.12 via the meta description. This makes it possible for unauthenticated attackers to disclose potentially sensitive information via the meta description of password-protected posts. | ||||
| CVE-2024-54549 | 1 Apple | 1 Macos | 2025-02-04 | 5.5 Medium |
| This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sequoia 15.2. An app may be able to access user-sensitive data. | ||||
| CVE-2024-29965 | 1 Broadcom | 1 Brocade Sannav | 2025-02-04 | 6.8 Medium |
| In Brocade SANnav before v2.3.1, and v2.3.0a, it is possible to back up the appliance from the web interface or the command line interface ("SSH"). The resulting backups are world-readable. A local attacker can recover backup files, restore them to a new malicious appliance, and retrieve the passwords of all the switches. | ||||
| CVE-2024-29968 | 1 Broadcom | 1 Brocade Sannav | 2025-02-04 | 7.7 High |
| An information disclosure vulnerability exists in Brocade SANnav before v2.3.1 and v2.3.0a when Brocade SANnav instances are configured in disaster recovery mode. SQL Table names, column names, and SQL queries are collected in DR standby Supportsave. This could allow authenticated users to access the database structure and its contents. | ||||