Total
9058 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-28340 | 1 Netgear | 6 Cbk40, Cbk40 Firmware, Cbk43 and 3 more | 2025-05-27 | N/A | 7.5 HIGH |
| An information leak in the currentsetting.htm component of Netgear CBR40 2.5.0.28, Netgear CBK40 2.5.0.28, and Netgear CBK43 2.5.0.28 allows attackers to obtain sensitive information without any authentication required. | |||||
| CVE-2025-31207 | 1 Apple | 2 Ipados, Iphone Os | 2025-05-27 | N/A | 7.7 HIGH |
| A logic issue was addressed with improved checks. This issue is fixed in iOS 18.5 and iPadOS 18.5. An app may be able to enumerate a user's installed apps. | |||||
| CVE-2025-24142 | 1 Apple | 1 Macos | 2025-05-27 | N/A | 5.5 MEDIUM |
| A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.7.6, macOS Sequoia 15.5, macOS Sonoma 14.7.6. An app may be able to access sensitive user data. | |||||
| CVE-2025-24144 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2025-05-27 | N/A | 5.5 MEDIUM |
| An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.3, macOS Sonoma 14.7.6, visionOS 2.3, iPadOS 17.7.7, watchOS 11.3, macOS Ventura 13.7.6, iOS 18.3 and iPadOS 18.3, tvOS 18.3. An app may be able to leak sensitive kernel state. | |||||
| CVE-2025-24155 | 1 Apple | 1 Macos | 2025-05-27 | N/A | 5.5 MEDIUM |
| The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.3, macOS Ventura 13.7.6, macOS Sonoma 14.7.6. An app may be able to disclose kernel memory. | |||||
| CVE-2025-24220 | 1 Apple | 2 Ipados, Iphone Os | 2025-05-27 | N/A | 5.5 MEDIUM |
| A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 18.4 and iPadOS 18.4. An app may be able to read a persistent device identifier. | |||||
| CVE-2024-13568 | 1 Wpmanageninja | 1 Fluent Support | 2025-05-26 | N/A | 7.5 HIGH |
| The Fluent Support – Helpdesk & Customer Support Ticket System plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.8.5 via the 'fluent-support' directory. This makes it possible for unauthenticated attackers to extract sensitive data stored insecurely in the /wp-content/uploads/fluent-support directory which can contain file attachments included in support tickets. | |||||
| CVE-2024-13611 | 1 Wordplus | 1 Better Messages | 2025-05-26 | N/A | 7.5 HIGH |
| The Better Messages – Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.9 via the 'bp-better-messages' directory. This makes it possible for unauthenticated attackers to extract sensitive data stored insecurely in the /wp-content/uploads/bp-better-messages directory which can contain file attachments included in chat messages. | |||||
| CVE-2016-3674 | 4 Debian, Fedoraproject, Redhat and 1 more | 4 Debian Linux, Fedora, Jboss Middleware and 1 more | 2025-05-23 | 5.0 MEDIUM | 7.5 HIGH |
| Multiple XML external entity (XXE) vulnerabilities in the (1) Dom4JDriver, (2) DomDriver, (3) JDomDriver, (4) JDom2Driver, (5) SjsxpDriver, (6) StandardStaxDriver, and (7) WstxDriver drivers in XStream before 1.4.9 allow remote attackers to read arbitrary files via a crafted XML document. | |||||
| CVE-2025-5098 | 2025-05-23 | N/A | 9.1 CRITICAL | ||
| PrinterShare Android application allows the capture of Gmail authentication tokens that can be reused to access a user's Gmail account without proper authorization. | |||||
| CVE-2022-35246 | 1 Rocket.chat | 1 Rocket.chat | 2025-05-22 | N/A | 4.3 MEDIUM |
| A NoSQL-Injection information disclosure vulnerability vulnerability exists in Rocket.Chat <v5, <v4.8.2 and <v4.7.5 in the getS3FileUrl Meteor server method that can disclose arbitrary file upload URLs to users that should not be able to access. | |||||
| CVE-2022-35249 | 1 Rocket.chat | 1 Rocket.chat | 2025-05-22 | N/A | 4.3 MEDIUM |
| A information disclosure vulnerability exists in Rocket.Chat <v5 where the getUserMentionsByChannel meteor server method discloses messages from private channels and direct messages regardless of the users access permission to the room. | |||||
| CVE-2022-32818 | 1 Apple | 1 Macos | 2025-05-22 | N/A | 5.5 MEDIUM |
| The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.5. An app may be able to leak sensitive kernel state. | |||||
| CVE-2022-32228 | 1 Rocket.chat | 1 Rocket.chat | 2025-05-22 | N/A | 4.3 MEDIUM |
| An information disclosure vulnerability exists in Rocket.Chat <v5, <v4.8.2 and <v4.7.5 since the getReadReceipts Meteor server method does not properly filter user inputs that are passed to MongoDB queries, allowing $regex queries to enumerate arbitrary Message IDs. | |||||
| CVE-2022-32218 | 1 Rocket.chat | 1 Rocket.chat | 2025-05-22 | N/A | 4.3 MEDIUM |
| An information disclosure vulnerability exists in Rocket.Chat <v5, <v4.8.2 and <v4.7.5 due to the actionLinkHandler method was found to allow Message ID Enumeration with Regex MongoDB queries. | |||||
| CVE-2022-23952 | 1 Keylime | 1 Keylime | 2025-05-22 | N/A | 7.5 HIGH |
| In Keylime before 6.3.0, current keylime installer installs the keylime.conf file, which can contain sensitive data, as world-readable. | |||||
| CVE-2022-35247 | 1 Rocket.chat | 1 Rocket.chat | 2025-05-22 | N/A | 4.3 MEDIUM |
| A information disclosure vulnerability exists in Rocket.chat <v5, <v4.8.2 and <v4.7.5 where the lack of ACL checks in the getRoomRoles Meteor method leak channel members with special roles to unauthorized clients. | |||||
| CVE-2022-32229 | 1 Rocket.chat | 1 Rocket.chat | 2025-05-22 | N/A | 4.3 MEDIUM |
| A information disclosure vulnerability exists in Rockert.Chat <v5 due to /api/v1/chat.getThreadsList lack of sanitization of user inputs and can therefore leak private thread messages to unauthorized users via Mongo DB injection. | |||||
| CVE-2018-10596 | 1 Medtronic | 2 2090 Carelink Programmer, 2090 Carelink Programmer Firmware | 2025-05-22 | 5.2 MEDIUM | 7.1 HIGH |
| Medtronic 2090 CareLink Programmer uses a virtual private network connection to securely download updates. It does not verify it is still connected to this virtual private network before downloading updates. The affected products initially establish an encapsulated IP-based VPN connection to a Medtronic-hosted update network. Once the VPN is established, it makes a request to a HTTP (non-TLS) server across the VPN for updates, which responds and provides any available updates. The programmer-side (client) service responsible for this HTTP request does not check to ensure it is still connected to the VPN before making the HTTP request. Thus, an attacker could cause the VPN connection to terminate (through various methods and attack points) and intercept the HTTP request, responding with malicious updates via a man-in-the-middle attack. The affected products do not verify the origin or integrity of these updates, as it insufficiently relied on the security of the VPN. An attacker with remote network access to the programmer could influence these communications. | |||||
| CVE-2025-27980 | 1 Oldmoon | 1 Cashbook | 2025-05-22 | N/A | 6.5 MEDIUM |
| cashbook v4.0.3 has an arbitrary file read vulnerability in /api/entry/flow/invoice/show?invoice=. | |||||