Total
9810 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-12616 | 1 Phpgurukul | 1 News Portal | 2025-11-05 | 3.7 Low |
| A vulnerability was detected in PHPGurukul News Portal 1.0. The impacted element is an unknown function of the file /onps/settings.py. Performing manipulation results in insertion of sensitive information into debugging code. It is possible to initiate the attack remotely. The attack's complexity is rated as high. The exploitability is regarded as difficult. The exploit is now public and may be used. | ||||
| CVE-2025-58458 | 1 Jenkins | 2 Git Client, Git Client Plugin | 2025-11-04 | 4.3 Medium |
| In Jenkins Git client Plugin 6.3.2 and earlier, except 6.1.4 and 6.2.1, Git URL field form validation responses differ based on whether the specified file path exists on the controller when specifying `amazon-s3` protocol for use with JGit, allowing attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system. | ||||
| CVE-2025-55673 | 1 Apache | 1 Superset | 2025-11-04 | 4.3 Medium |
| When a guest user accesses a chart in Apache Superset, the API response from the /chart/data endpoint includes a query field in its payload. This field contains the underlying query, which improperly discloses database schema information, such as table names, to the low-privileged guest user. This issue affects Apache Superset: before 4.1.3. Users are recommended to upgrade to version 4.1.3, which fixes the issue. | ||||
| CVE-2025-48795 | 1 Apache | 1 Cxf | 2025-11-04 | 5.6 Medium |
| Apache CXF stores large stream based messages as temporary files on the local filesystem. A bug was introduced which means that the entire temporary file is read into memory and then logged. An attacker might be able to exploit this to cause a denial of service attack by causing an out of memory exception. In addition, it is possible to configure CXF to encrypt temporary files to prevent sensitive credentials from being cached unencrypted on the local filesystem, however this bug means that the cached files are written out to logs unencrypted. Users are recommended to upgrade to versions 3.5.11, 3.6.6, 4.0.7 or 4.1.1, which fixes this issue. | ||||
| CVE-2025-43356 | 1 Apple | 8 Ios, Ipados, Iphone Os and 5 more | 2025-11-04 | 6.5 Medium |
| The issue was addressed with improved handling of caches. This issue is fixed in Safari 26, tvOS 26, watchOS 26, iOS 26 and iPadOS 26, visionOS 26, iOS 18.7 and iPadOS 18.7. A website may be able to access sensor information without user consent. | ||||
| CVE-2016-5597 | 2 Oracle, Redhat | 6 Jdk, Jre, Enterprise Linux and 3 more | 2025-11-04 | N/A |
| Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE Embedded 8u101 allows remote attackers to affect confidentiality via vectors related to Networking. | ||||
| CVE-2009-2260 | 1 Stardict | 1 Stardict | 2025-11-04 | N/A |
| stardict 3.0.1, when Enable Net Dict is configured, sends the contents of the clipboard to a dictionary server, which allows remote attackers to obtain sensitive information by sniffing the network. | ||||
| CVE-2023-42936 | 1 Apple | 8 Ipados, Iphone Os, Macos and 5 more | 2025-11-04 | 5.5 Medium |
| This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Monterey 12.7.2, macOS Ventura 13.6.3, iOS 17.2 and iPadOS 17.2, tvOS 17.2, watchOS 10.2, macOS Sonoma 14.2. An app may be able to access user-sensitive data. | ||||
| CVE-2023-42934 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2025-11-04 | 4.2 Medium |
| An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14, iOS 17 and iPadOS 17. An app with root privileges may be able to access private information. | ||||
| CVE-2023-42884 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2025-11-04 | 5.5 Medium |
| This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sonoma 14.2, iOS 17.2 and iPadOS 17.2, macOS Ventura 13.6.3, tvOS 17.2, iOS 16.7.3 and iPadOS 16.7.3. An app may be able to disclose kernel memory. | ||||
| CVE-2023-41987 | 1 Apple | 1 Macos | 2025-11-04 | 5.5 Medium |
| This issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. An app may be able to access sensitive user data. | ||||
| CVE-2023-41260 | 2 Best Practical Solutions, Bestpractical | 2 Request Tracker, Request Tracker | 2025-11-04 | 7.5 High |
| Best Practical Request Tracker (RT) before 4.4.7 and 5.x before 5.0.5 allows Information Exposure in responses to mail-gateway REST API calls. | ||||
| CVE-2023-41259 | 1 Bestpractical | 1 Request Tracker | 2025-11-04 | 7.5 High |
| Best Practical Request Tracker (RT) before 4.4.7 and 5.x before 5.0.5 allows Information Disclosure via fake or spoofed RT email headers in an email message or a mail-gateway REST API call. | ||||
| CVE-2023-40411 | 1 Apple | 1 Macos | 2025-11-04 | 5.5 Medium |
| This issue was addressed with improved data protection. This issue is fixed in macOS Sonoma 14. An app may be able to access user-sensitive data. | ||||
| CVE-2023-40403 | 2 Apple, Redhat | 7 Ipados, Iphone Os, Macos and 4 more | 2025-11-04 | 6.5 Medium |
| The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6, tvOS 17, iOS 16.7 and iPadOS 16.7, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. Processing web content may disclose sensitive information. | ||||
| CVE-2023-28708 | 2 Apache, Redhat | 3 Tomcat, Enterprise Linux, Jboss Enterprise Web Server | 2025-11-04 | 4.3 Medium |
| When using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https, session cookies created by Apache Tomcat 11.0.0-M1 to 11.0.0.-M2, 10.1.0-M1 to 10.1.5, 9.0.0-M1 to 9.0.71 and 8.5.0 to 8.5.85 did not include the secure attribute. This could result in the user agent transmitting the session cookie over an insecure channel. Older, EOL versions may also be affected. | ||||
| CVE-2025-1115 | 1 Rt-thread | 1 Rt-thread | 2025-11-04 | 3.3 Low |
| A vulnerability classified as problematic was found in RT-Thread up to 5.1.0. Affected by this vulnerability is the function sys_device_close/sys_device_control/sys_device_find/sys_device_init/sys_device_open/sys_device_read/sys_device_register/sys_device_write/sys_event_delete/sys_event_recv/sys_event_send/sys_mb_delete/sys_mb_recv/sys_mb_send/sys_mb_send_wait/sys_mq_recv/sys_mq_send/sys_mq_urgent/sys_mutex_delete/sys_mutex_release/sys_mutex_take/sys_rt_timer_control/sys_rt_timer_delete/sys_rt_timer_start/sys_rt_timer_stop/sys_sem_delete/sys_sem_release/sys_sem_take/sys_shmat/sys_shmdt/sys_thread_create/sys_thread_delete/sys_thread_startup/sys_timer_delete/sys_timer_gettime/sys_timer_settime of the file rt-thread/components/lwp/lwp_syscall.c. The manipulation of the argument arg[0] leads to information disclosure. An attack has to be approached locally. | ||||
| CVE-2024-25734 | 1 Wyrestorm | 2 Apollo Vx20, Apollo Vx20 Firmware | 2025-11-04 | 7.5 High |
| An issue was discovered on WyreStorm Apollo VX20 devices before 1.3.58. The TELNET service prompts for a password only after a valid username is entered, which might make it easier for remote attackers to enumerate user accounts. | ||||
| CVE-2024-23292 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2025-11-04 | 3.3 Low |
| This issue was addressed with improved data protection. This issue is fixed in macOS Sonoma 14.4, iOS 17.4 and iPadOS 17.4. An app may be able to access information about a user's contacts. | ||||
| CVE-2024-23235 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2025-11-04 | 4.7 Medium |
| A race condition was addressed with additional validation. This issue is fixed in macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6, tvOS 17.4. An app may be able to access user-sensitive data. | ||||