Total
8787 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-2840 | 2025-03-29 | N/A | 5.3 MEDIUM | ||
| The DAP to Autoresponders Email Syncing plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0 through the publicly accessible phpinfo.php script. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in the exposed file. | |||||
| CVE-2024-33437 | 2025-03-29 | N/A | 7.5 HIGH | ||
| An issue in CSS Exfil Protection v.1.1.0 allows a remote attacker to obtain sensitive information due to missing support for CSS Style Rules. | |||||
| CVE-2024-27814 | 1 Apple | 1 Watchos | 2025-03-29 | N/A | 2.4 LOW |
| This issue was addressed through improved state management. This issue is fixed in watchOS 10.5. A person with physical access to a device may be able to view contact information from the lock screen. | |||||
| CVE-2023-28826 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2025-03-28 | N/A | 5.5 MEDIUM |
| This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, macOS Monterey 12.7.4, macOS Sonoma 14.1, macOS Ventura 13.6.5. An app may be able to access sensitive user data. | |||||
| CVE-2024-30571 | 2025-03-28 | N/A | 7.5 HIGH | ||
| An information leak in the BRS_top.html component of Netgear R6850 v1.1.0.88 allows attackers to obtain sensitive information without any authentication required. | |||||
| CVE-2024-21077 | 1 Oracle | 1 Trade Management | 2025-03-28 | N/A | 7.5 HIGH |
| Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite (component: GL Accounts LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Trade Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Trade Management accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). | |||||
| CVE-2025-2860 | 2025-03-28 | N/A | N/A | ||
| SaTECH BCU in its firmware version 2.1.3, allows an authenticated attacker to access information about the credentials that users have within the web (.xml file). In order to exploit this vulnerability, the attacker must know the path, regardless of the user's privileges on the website. | |||||
| CVE-2021-24008 | 2025-03-28 | N/A | 5.3 MEDIUM | ||
| An exposure of sensitive system information to an unauthorized control sphere vulnerability [CWE-497] in FortiDDoS version 5.4.0, version 5.3.2 and below, version 5.2.0, version 5.1.0, version 5.0.0, version 4.7.0, version 4.6.0, version 4.5.0, version 4.4.2 and below, FortiDDoS-CM version 5.3.0, version 5.2.0, version 5.1.0, version 5.0.0, version 4.7.0, FortiVoice version 6.0.6 and below, FortiRecorder version 6.0.3 and below and FortiMail version 6.4.1 and below, version 6.2.4 and below, version 6.0.9 and below may allow a remote, unauthenticated attacker to obtain potentially sensitive software-version information by reading a JavaScript file. | |||||
| CVE-2025-2578 | 2025-03-28 | N/A | 5.3 MEDIUM | ||
| The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.2.19 via the 'wpAmeliaApiCall' function. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website. | |||||
| CVE-2025-2277 | 1 Devolutions | 1 Devolutions Server | 2025-03-28 | N/A | 7.5 HIGH |
| Exposure of password in web-based SSH authentication component in Devolutions Server 2024.3.13 and earlier allows a user to unadvertently leak his SSH password due to missing password masking. | |||||
| CVE-2025-1635 | 1 Devolutions | 1 Remote Desktop Manager | 2025-03-28 | N/A | 6.5 MEDIUM |
| Exposure of sensitive information in hub data source export feature in Devolutions Remote Desktop Manager 2024.3.29 and earlier on Windows allows a user exporting a hub data source to include his authenticated session in the export due to faulty business logic. | |||||
| CVE-2025-1636 | 1 Devolutions | 1 Remote Desktop Manager | 2025-03-28 | N/A | 6.5 MEDIUM |
| Exposure of sensitive information in My Personal Credentials password history component in Devolutions Remote Desktop Manager 2024.3.29 and earlier on Windows allows an authenticated user to inadvertently leak the My Personal Credentials in a shared vault via the clear history feature due to faulty business logic. | |||||
| CVE-2025-29497 | 2025-03-28 | N/A | 6.5 MEDIUM | ||
| libming v0.4.8 was discovered to contain a memory leak via the parseSWF_MORPHFILLSTYLES function. | |||||
| CVE-2025-29489 | 2025-03-28 | N/A | 6.5 MEDIUM | ||
| libming v0.4.8 was discovered to contain a memory leak via the parseSWF_MORPHLINESTYLES function. | |||||
| CVE-2025-29488 | 2025-03-28 | N/A | 6.5 MEDIUM | ||
| libming v0.4.8 was discovered to contain a memory leak via the parseSWF_INITACTION function. | |||||
| CVE-2025-29486 | 2025-03-28 | N/A | 6.5 MEDIUM | ||
| libming v0.4.8 was discovered to contain a memory leak via the parseSWF_PLACEOBJECT3 function. | |||||
| CVE-2024-34004 | 2025-03-27 | N/A | 6.5 MEDIUM | ||
| In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user with both access to restore wiki modules and direct access to the web server outside of the Moodle webroot could execute a local file include. | |||||
| CVE-2024-20937 | 1 Oracle | 1 Jd Edwards Enterpriseone Tools | 2025-03-27 | N/A | 4.3 MEDIUM |
| Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Monitoring and Diagnostics SEC). Supported versions that are affected are Prior to 9.2.8.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks of this vulnerability can result in unauthorized read access to a subset of JD Edwards EnterpriseOne Tools accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N). | |||||
| CVE-2024-23292 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2025-03-27 | N/A | 3.3 LOW |
| This issue was addressed with improved data protection. This issue is fixed in macOS Sonoma 14.4, iOS 17.4 and iPadOS 17.4. An app may be able to access information about a user's contacts. | |||||
| CVE-2024-21073 | 1 Oracle | 1 Trade Management | 2025-03-27 | N/A | 7.5 HIGH |
| Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite (component: Claim LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Trade Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Trade Management accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). | |||||