Total
8836 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-28235 | 2025-04-22 | N/A | 7.5 HIGH | ||
| An information disclosure vulnerability in the component /socket.io/1/websocket/ of Soundcraft Ui Series Model(s) Ui12 and Ui16 Firmware v1.0.7x and v1.0.5x allows attackers to access Administrator credentials in plaintext. | |||||
| CVE-2022-46355 | 1 Siemens | 10 6gk5204-0ba00-2kb2, 6gk5204-0ba00-2kb2 Firmware, 6gk5204-0ba00-2mb2 and 7 more | 2025-04-22 | N/A | 7.5 HIGH |
| A vulnerability has been identified in SCALANCE X204RNA (HSR) (All versions < V3.2.7), SCALANCE X204RNA (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (HSR) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP/HSR) (All versions < V3.2.7). The affected products are vulnerable to an "Exposure of Sensitive Information to an Unauthorized Actor" vulnerability by leaking sensitive data in the HTTP Referer. | |||||
| CVE-2022-42810 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2025-04-22 | N/A | 5.5 MEDIUM |
| The issue was addressed with improved memory handling. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, tvOS 16.1, iOS 16.1 and iPadOS 16, macOS Ventura 13. Processing a maliciously crafted USD file may disclose memory contents. | |||||
| CVE-2024-49734 | 1 Google | 1 Android | 2025-04-22 | N/A | 7.5 HIGH |
| In multiple functions of ConnectivityService.java, there is a possible way for a Wi-Fi AP to determine what site a device has connected to through a VPN due to side channel information disclosure. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-49733 | 1 Google | 1 Android | 2025-04-22 | N/A | 5.5 MEDIUM |
| In reload of ServiceListing.java , there is a possible way to allow a malicious app to hide an NLS from Settings due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-40108 | 1 Google | 1 Android | 2025-04-22 | N/A | 5.5 MEDIUM |
| In multiple locations, there is a possible way to access media content belonging to another user due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2022-20497 | 1 Google | 1 Android | 2025-04-22 | N/A | 4.6 MEDIUM |
| In updatePublicMode of NotificationLockscreenUserManagerImpl.java, there is a possible way to reveal sensitive notifications on the lockscreen due to an incorrect state transition. This could lead to local information disclosure with physical access required and an app that runs above the lockscreen, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-246301979 | |||||
| CVE-2022-42815 | 1 Apple | 1 Macos | 2025-04-21 | N/A | 5.5 MEDIUM |
| This issue was addressed with improved data protection. This issue is fixed in macOS Ventura 13. An app may be able to access user-sensitive data. | |||||
| CVE-2025-0441 | 1 Google | 1 Chrome | 2025-04-21 | N/A | 6.5 MEDIUM |
| Inappropriate implementation in Fenced Frames in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to obtain potentially sensitive information from the system via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2022-42819 | 1 Apple | 1 Macos | 2025-04-21 | N/A | 5.5 MEDIUM |
| An access issue was addressed with improved access restrictions. This issue is fixed in macOS Big Sur 11.7, macOS Ventura 13, macOS Monterey 12.6. An app may be able to read sensitive location information. | |||||
| CVE-2022-42818 | 1 Apple | 1 Macos | 2025-04-21 | N/A | 5.9 MEDIUM |
| This issue was addressed with improved data protection. This issue is fixed in macOS Ventura 13. A user in a privileged network position may be able to track user activity. | |||||
| CVE-2022-42817 | 1 Apple | 3 Ipados, Iphone Os, Watchos | 2025-04-21 | N/A | 6.5 MEDIUM |
| A logic issue was addressed with improved state management. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, iOS 16.1 and iPadOS 16, watchOS 9.1. Visiting a maliciously crafted website may leak sensitive data. | |||||
| CVE-2025-30724 | 1 Oracle | 1 Bi Publisher | 2025-04-21 | N/A | 7.5 HIGH |
| Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: XML Services). Supported versions that are affected are 7.6.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle BI Publisher. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle BI Publisher accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). | |||||
| CVE-2022-47411 | 1 Fp Newsletter Project | 1 Fp Newsletter | 2025-04-21 | N/A | 9.1 CRITICAL |
| An issue was discovered in the fp_newsletter (aka Newsletter subscriber management) extension before 1.1.1, 1.2.0, 2.x before 2.1.2, 2.2.1 through 2.4.0, and 3.x before 3.2.6 for TYPO3. Data about subscribers may be obtained via unsubscribeAction operations. | |||||
| CVE-2022-47410 | 1 Fp Newsletter Project | 1 Fp Newsletter | 2025-04-21 | N/A | 9.1 CRITICAL |
| An issue was discovered in the fp_newsletter (aka Newsletter subscriber management) extension before 1.1.1, 1.2.0, 2.x before 2.1.2, 2.2.1 through 2.4.0, and 3.x before 3.2.6 for TYPO3. Data about subscribers may be obtained via createAction operations. | |||||
| CVE-2025-30291 | 1 Adobe | 1 Coldfusion | 2025-04-21 | N/A | 5.5 MEDIUM |
| ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Information Exposure vulnerability that could result in a security feature bypass. A low privileged attacker with local access could leverage this vulnerability to gain access to sensitive information which could be used to further compromise the system or bypass security mechanisms. Exploitation of this issue does not require user interaction. | |||||
| CVE-2022-42843 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2025-04-21 | N/A | 5.5 MEDIUM |
| This issue was addressed with improved data protection. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, tvOS 16.2, watchOS 9.2. A user may be able to view sensitive user information. | |||||
| CVE-2022-46702 | 1 Apple | 2 Ipados, Iphone Os | 2025-04-21 | N/A | 5.5 MEDIUM |
| The issue was addressed with improved memory handling. This issue is fixed in iOS 16.2 and iPadOS 16.2. An app may be able to disclose kernel memory. | |||||
| CVE-2022-42866 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2025-04-21 | N/A | 5.5 MEDIUM |
| The issue was addressed with improved handling of caches. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, tvOS 16.2, watchOS 9.2. An app may be able to read sensitive location information. | |||||
| CVE-2022-42854 | 1 Apple | 1 Macos | 2025-04-21 | N/A | 5.5 MEDIUM |
| The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.6.2, macOS Ventura 13.1. An app may be able to disclose kernel memory. | |||||