Total
9077 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-43992 | 1 Linecorp | 1 Line | 2025-06-20 | N/A | 5.4 MEDIUM |
| An issue in STOCKMAN GROUP mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | |||||
| CVE-2020-36771 | 1 Cloudlinux | 1 Cagefs | 2025-06-20 | N/A | 7.8 HIGH |
| CloudLinux CageFS 7.1.1-1 or below passes the authentication token as a command line argument. In some configurations this allows local users to view the authentication token via the process list and gain code execution as another user. | |||||
| CVE-2024-38467 | 1 Guoxinled | 1 Synthesis Image System | 2025-06-20 | N/A | 7.5 HIGH |
| Shenzhen Guoxin Synthesis image system before 8.3.0 allows unauthorized user information retrieval via the queryUser API. | |||||
| CVE-2024-20920 | 1 Oracle | 1 Solaris | 2025-06-20 | N/A | 3.8 LOW |
| Vulnerability in the Oracle Solaris product of Oracle Systems (component: Filesystem). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Solaris accessible data. CVSS 3.1 Base Score 3.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N). | |||||
| CVE-2023-52101 | 1 Huawei | 2 Emui, Harmonyos | 2025-06-20 | N/A | 9.1 CRITICAL |
| Component exposure vulnerability in the Wi-Fi module. Successful exploitation of this vulnerability may affect service availability and integrity. | |||||
| CVE-2023-51142 | 1 Zkteco | 1 Biotime | 2025-06-20 | N/A | 7.5 HIGH |
| An issue in ZKTeco BioTime v.8.5.4 and before allows a remote attacker to obtain sensitive information. | |||||
| CVE-2023-42934 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2025-06-20 | N/A | 4.2 MEDIUM |
| An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14, iOS 17 and iPadOS 17. An app with root privileges may be able to access private information. | |||||
| CVE-2024-54961 | 1 Nagios | 1 Nagios Xi | 2025-06-18 | N/A | 6.5 MEDIUM |
| Nagios XI 2024R1.2.2 has an Information Disclosure vulnerability, which allows unauthenticated users to access multiple pages displaying the usernames and email addresses of all current users. | |||||
| CVE-2025-22973 | 1 Qibosoft | 1 Qibocms X1 | 2025-06-18 | N/A | 7.5 HIGH |
| An issue in QiboSoft QiboCMS X1.0 allows a remote attacker to obtain sensitive information via the http_curl() function in the '/application/common. php' file that directly retrieves the URL request response content. | |||||
| CVE-2024-53011 | 1 Qualcomm | 166 Fastconnect 6700, Fastconnect 6700 Firmware, Fastconnect 6900 and 163 more | 2025-06-18 | N/A | 7.9 HIGH |
| Information disclosure may occur due to improper permission and access controls to Video Analytics engine. | |||||
| CVE-2024-21095 | 1 Oracle | 1 Primavera P6 Enterprise Project Portfolio Management | 2025-06-18 | N/A | 8.2 HIGH |
| Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construction and Engineering (component: Web Access). Supported versions that are affected are 19.12.0-19.12.22, 20.12.0-20.12.21, 21.12.0-21.12.18, 22.12.0-22.12.12 and 23.12.0-23.12.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera P6 Enterprise Project Portfolio Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Primavera P6 Enterprise Project Portfolio Management accessible data as well as unauthorized update, insert or delete access to some of Primavera P6 Enterprise Project Portfolio Management accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N). | |||||
| CVE-2024-1102 | 2 Jberet, Redhat | 2 Jberet, Jboss Enterprise Application Platform | 2025-06-18 | N/A | 6.5 MEDIUM |
| A vulnerability was found in jberet-core logging. An exception in 'dbProperties' might display user credentials such as the username and password for the database-connection. | |||||
| CVE-2024-33669 | 1 Passbolt | 1 Passbolt Browser Extension | 2025-06-18 | N/A | 6.1 MEDIUM |
| An issue was discovered in Passbolt Browser Extension before 4.6.2. It can send multiple requests to HaveIBeenPwned while a password is being typed, which results in an information leak. This allows an attacker capable of observing Passbolt's HTTPS queries to the Pwned Password API to more easily brute force passwords that are manually typed by the user. | |||||
| CVE-2024-29384 | 1 Mikegualtieri | 1 Css Exfil Protection | 2025-06-18 | N/A | 7.5 HIGH |
| An issue in CSS Exfil Protection v.1.1.0 allows a remote attacker to obtain sensitive information via the content.js and parseCSSRules functions. | |||||
| CVE-2024-33436 | 1 Mikegualtieri | 1 Css Exfil Protection | 2025-06-18 | N/A | 5.3 MEDIUM |
| An issue in CSS Exfil Protection v.1.1.0 allows a remote attacker to obtain sensitive information due to missing support for CSS variables | |||||
| CVE-2024-33437 | 1 Mikegualtieri | 1 Css Exfil Protection | 2025-06-18 | N/A | 7.5 HIGH |
| An issue in CSS Exfil Protection v.1.1.0 allows a remote attacker to obtain sensitive information due to missing support for CSS Style Rules. | |||||
| CVE-2023-51154 | 2025-06-18 | N/A | 9.8 CRITICAL | ||
| Jizhicms v2.5 was discovered to contain an arbitrary file download vulnerability via the component /admin/c/PluginsController.php. | |||||
| CVE-2023-50346 | 2025-06-18 | N/A | 3.1 LOW | ||
| HCL DRYiCE MyXalytics is impacted by an information disclosure vulnerability. Certain endpoints within the application disclose detailed file information. | |||||
| CVE-2024-23937 | 1 Silabs | 1 Gecko Os | 2025-06-18 | N/A | 6.5 MEDIUM |
| This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Silicon Labs Gecko OS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the debug interface. The issue results from the lack of proper validation of a user-supplied string before using it as a format specifier. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the device. | |||||
| CVE-2025-49824 | 2025-06-18 | N/A | N/A | ||
| conda-smithy is a tool for combining a conda recipe with configurations to build using freely hosted CI services into a single repository. Prior to version 3.47.1, the travis_encrypt_binstar_token implementation in the conda-smithy package has been identified as vulnerable to an Oracle Padding Attack. This vulnerability results from the use of an outdated and insecure padding scheme during RSA encryption. A malicious actor with access to an oracle system can exploit this flaw by iteratively submitting modified ciphertexts and analyzing responses to infer the plaintext without possessing the private key. This issue has been patched in version 3.47.1. | |||||