Total
124 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-66035 | 2025-11-26 | N/A | N/A | ||
| Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.16, 20.3.14, and 21.0.1, there is a XSRF token leakage via protocol-relative URLs in angular HTTP clients. The vulnerability is a Credential Leak by App Logic that leads to the unauthorized disclosure of the Cross-Site Request Forgery (XSRF) token to an attacker-controlled domain. Angular's HttpClient has a built-in XSRF protection mechanism that works by checking if a request URL starts with a protocol (http:// or https://) to determine if it is cross-origin. If the URL starts with protocol-relative URL (//), it is incorrectly treated as a same-origin request, and the XSRF token is automatically added to the X-XSRF-TOKEN header. This issue has been patched in versions 19.2.16, 20.3.14, and 21.0.1. A workaround for this issue involves avoiding using protocol-relative URLs (URLs starting with //) in HttpClient requests. All backend communication URLs should be hardcoded as relative paths (starting with a single /) or fully qualified, trusted absolute URLs. | |||||
| CVE-2025-36131 | 1 Ibm | 1 Db2 | 2025-11-19 | N/A | 4.6 MEDIUM |
| IBM Db2 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes Db2 Connect Server) clpplus command exposes user credentials to the terminal which could be obtained by a third party with physical access to the system. | |||||
| CVE-2023-45720 | 1 Hcltech | 1 Hcl Leap | 2025-11-17 | N/A | 5.3 MEDIUM |
| Insufficient default configuration in HCL Leap allows anonymous access to directory information. | |||||
| CVE-2025-12536 | 2025-11-14 | N/A | 5.3 MEDIUM | ||
| The SureForms plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.13.1 via the '_srfm_email_notification' post meta registration. This is due to setting the 'auth_callback' parameter to '__return_true', which allows unauthenticated access to the metadata. This makes it possible for unauthenticated attackers to extract sensitive data including email notification configurations, which frequently contain vendor-provided CRM/help desk dropbox addresses, CC/BCC recipients, and notification templates that can be abused to inject malicious data into downstream systems. | |||||
| CVE-2024-7697 | 1 Transsion | 1 Carlcare | 2025-11-13 | N/A | 7.5 HIGH |
| Logical vulnerability in the mobile application (com.transsion.carlcare) may lead to user information leakage risks. | |||||
| CVE-2025-11959 | 2025-11-12 | N/A | 8.1 HIGH | ||
| Files or Directories Accessible to External Parties, Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Premierturk Information Technologies Inc. Excavation Management Information System allows Footprinting, Functionality Misuse.This issue affects Excavation Management Information System: before v.10.2025.01. | |||||
| CVE-2025-52602 | 2025-11-06 | N/A | 4.2 MEDIUM | ||
| HCL BigFix Query is affected by a sensitive information disclosure in the WebUI Query application. An HTTP GET endpoint request returns discoverable responses that may disclose: group names, active user names (or IDs). An attacker can use that information to target individuals with phishing or other social-engineering attacks. | |||||
| CVE-2025-43496 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2025-11-05 | N/A | 7.5 HIGH |
| The issue was addressed by adding additional logic. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2. Remote content may be loaded even when the 'Load Remote Images' setting is turned off. | |||||
| CVE-2025-43439 | 1 Apple | 2 Ipados, Iphone Os | 2025-11-05 | N/A | 5.5 MEDIUM |
| A privacy issue was addressed by removing sensitive data. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2. An app may be able to fingerprint the user. | |||||
| CVE-2025-43399 | 1 Apple | 1 Macos | 2025-11-05 | N/A | 7.5 HIGH |
| This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2. An app may be able to access protected user data. | |||||
| CVE-2025-43389 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2025-11-05 | N/A | 5.5 MEDIUM |
| A privacy issue was addressed by removing the vulnerable code. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2. An app may be able to access sensitive user data. | |||||
| CVE-2025-43469 | 1 Apple | 1 Macos | 2025-11-05 | N/A | 5.5 MEDIUM |
| A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.8.2, macOS Sequoia 15.7.2. An app may be able to access sensitive user data. | |||||
| CVE-2025-43452 | 1 Apple | 2 Ipados, Iphone Os | 2025-11-05 | N/A | 4.6 MEDIUM |
| This issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 26.1 and iPadOS 26.1. Keyboard suggestions may display sensitive information on the lock screen. | |||||
| CVE-2025-43409 | 1 Apple | 1 Macos | 2025-11-05 | N/A | 5.5 MEDIUM |
| A permissions issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sequoia 15.7.2. An app may be able to access sensitive user data. | |||||
| CVE-2025-43227 | 1 Apple | 7 Ipados, Iphone Os, Macos and 4 more | 2025-11-04 | N/A | 7.5 HIGH |
| This issue was addressed through improved state management. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, watchOS 11.6, visionOS 2.6. Processing maliciously crafted web content may disclose sensitive user information. | |||||
| CVE-2024-23211 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2025-11-04 | N/A | 3.3 LOW |
| A privacy issue was addressed with improved handling of user preferences. This issue is fixed in watchOS 10.3, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, iOS 16.7.5 and iPadOS 16.7.5, Safari 17.3. A user's private browsing activity may be visible in Settings. | |||||
| CVE-2025-43405 | 1 Apple | 1 Macos | 2025-11-04 | N/A | 7.5 HIGH |
| A permissions issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sonoma 14.8.2, macOS Sequoia 15.7.2. An app may be able to access user-sensitive data. | |||||
| CVE-2025-43500 | 1 Apple | 4 Ipados, Iphone Os, Visionos and 1 more | 2025-11-04 | N/A | 7.5 HIGH |
| A privacy issue was addressed with improved handling of user preferences. This issue is fixed in watchOS 26.1, iOS 26.1 and iPadOS 26.1, visionOS 26.1. An app may be able to access sensitive user data. | |||||
| CVE-2024-40796 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2025-11-04 | N/A | 5.3 MEDIUM |
| A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sonoma 14.6, iOS 16.7.9 and iPadOS 16.7.9, macOS Monterey 12.7.6, macOS Ventura 13.6.8. Private browsing may leak some browsing history. | |||||
| CVE-2024-27881 | 1 Apple | 1 Macos | 2025-11-04 | N/A | 5.3 MEDIUM |
| A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sonoma 14.6, macOS Monterey 12.7.6, macOS Ventura 13.6.8. An app may be able to access information about a user’s contacts. | |||||