Total
9172 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-1769 | 1 Ocsinventory-ng | 1 Ocs Inventory Ng | 2025-04-09 | 5.0 MEDIUM | N/A |
| The web interface in Open Computer and Software Inventory Next Generation (OCS Inventory NG) 1.01 generates different error messages depending on whether a username is valid, which allows remote attackers to enumerate valid usernames. | |||||
| CVE-2008-3168 | 1 Empire Server | 1 Empire Server | 2025-04-09 | 5.0 MEDIUM | N/A |
| The files utility in Empire Server before 4.3.15 discloses the world creation time, which makes it easier for attackers to determine the PRNG seed. | |||||
| CVE-2008-1618 | 1 Watchguard | 1 Firebox Pptp Vpn | 2025-04-09 | 5.0 MEDIUM | N/A |
| The PPTP VPN service in Watchguard Firebox before 10, when performing the MS-CHAPv2 authentication handshake, generates different error codes depending on whether the username is valid or invalid, which allows remote attackers to enumerate valid usernames. | |||||
| CVE-2008-2120 | 1 Sun | 2 Java System Application Server, Java System Web Server | 2025-04-09 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Sun Java System Application Server 7 2004Q2 before Update 6, Web Server 6.1 before SP8, and Web Server 7.0 before Update 1 allows remote attackers to obtain source code of JSP files via unknown vectors. | |||||
| CVE-2009-1706 | 1 Apple | 1 Safari | 2025-04-09 | 5.0 MEDIUM | N/A |
| The Private Browsing feature in Apple Safari before 4.0 on Windows does not remove cookies from the alternate cookie store in unspecified circumstances upon (1) disabling of the feature or (2) exit of the application, which makes it easier for remote web servers to track users via a cookie. | |||||
| CVE-2007-0979 | 1 Lifetype | 1 Lifetype | 2025-04-09 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in LifeType before 1.1.6, and 1.2 before 1.2-beta2, allows remote attackers to obtain sensitive information (file contents) via a "crafted URL." | |||||
| CVE-2008-1014 | 1 Apple | 1 Quicktime | 2025-04-09 | 4.3 MEDIUM | N/A |
| Apple QuickTime before 7.4.5 does not properly handle external URLs in movies, which allows remote attackers to obtain sensitive information. | |||||
| CVE-2022-4543 | 1 Linux | 1 Linux Kernel | 2025-04-08 | N/A | 5.5 MEDIUM |
| A flaw named "EntryBleed" was found in the Linux Kernel Page Table Isolation (KPTI). This issue could allow a local attacker to leak KASLR base via prefetch side-channels based on TLB timing for Intel systems. | |||||
| CVE-2025-3403 | 2025-04-08 | 3.3 LOW | 2.7 LOW | ||
| A vulnerability was found in Vivotek NVR ND8422P, NVR ND9525P and NVR ND9541P 2.4.0.204/3.3.0.104/4.2.0.101. It has been classified as problematic. Affected is an unknown function of the component HTML Form Handler. The manipulation leads to inclusion of sensitive information in source code. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-2882 | 2025-04-08 | N/A | 5.3 MEDIUM | ||
| The GreenPay(tm) by Green.Money plugin for WordPress is vulnerable to Sensitive Information Exposure in versions between 3.0.0 and 3.0.9 through the publicly accessible phpinfo.php script. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in the exposed file. | |||||
| CVE-2025-2883 | 2025-04-08 | N/A | 5.3 MEDIUM | ||
| The Accept SagePay Payments Using Contact Form 7 plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.0 through the publicly accessible phpinfo.php script. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in the exposed file. | |||||
| CVE-2024-13820 | 2025-04-08 | N/A | 5.3 MEDIUM | ||
| The Melhor Envio plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.15.9 via the 'run' function, which uses a hardcoded hash. This makes it possible for unauthenticated attackers to extract sensitive data including environment information, plugin tokens, shipping configurations, and limited vendor information. | |||||
| CVE-2025-24279 | 1 Apple | 1 Macos | 2025-04-08 | N/A | 4.3 MEDIUM |
| This issue was addressed with improved file handling. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to access contacts. | |||||
| CVE-2025-24232 | 1 Apple | 1 Macos | 2025-04-07 | N/A | 9.8 CRITICAL |
| This issue was addressed through improved state management. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. A malicious app may be able to access arbitrary files. | |||||
| CVE-2022-41859 | 1 Freeradius | 1 Freeradius | 2025-04-07 | N/A | 7.5 HIGH |
| In freeradius, the EAP-PWD function compute_password_element() leaks information about the password which allows an attacker to substantially reduce the size of an offline dictionary attack. | |||||
| CVE-2022-48258 | 1 Eternal Terminal Project | 1 Eternal Terminal | 2025-04-07 | N/A | 5.3 MEDIUM |
| In Eternal Terminal 6.2.1, etserver and etclient have world-readable logfiles. | |||||
| CVE-2025-31486 | 2025-04-07 | N/A | 5.3 MEDIUM | ||
| Vite is a frontend tooling framework for javascript. The contents of arbitrary files can be returned to the browser. By adding ?.svg with ?.wasm?init or with sec-fetch-dest: script header, the server.fs.deny restriction was able to bypass. This bypass is only possible if the file is smaller than build.assetsInlineLimit (default: 4kB) and when using Vite 6.0+. Only apps explicitly exposing the Vite dev server to the network (using --host or server.host config option) are affected. This vulnerability is fixed in 4.5.12, 5.4.17, 6.0.14, 6.1.4, and 6.2.5. | |||||
| CVE-2025-31126 | 2025-04-07 | N/A | 5.3 MEDIUM | ||
| Element X iOS is a Matrix iOS Client provided by Element. In Element X iOS version between 1.6.13 and 25.03.7, the entity in control of the element.json well-known file is able, under certain conditions, to get access to the media encryption keys used for an Element Call call. This vulnerability is fixed in 25.03.8. | |||||
| CVE-2025-31127 | 2025-04-07 | N/A | 5.3 MEDIUM | ||
| Element X Android is a Matrix Android Client provided by element.io. In Element X Android versions between 0.4.16 and 25.03.3, the entity in control of the element.json well-known file is able, under certain conditions, to get access to the media encryption keys used for an Element Call call. This vulnerability is fixed in 25.03.4. | |||||
| CVE-2024-42208 | 2025-04-07 | N/A | 3.5 LOW | ||
| HCL Connections is vulnerable to an information disclosure vulnerability which could allow a user to obtain sensitive information they are not entitled to, caused by improper handling of request data. | |||||