Total
9170 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-20990 | 1 Oracle | 1 Applications Technology Stack | 2025-03-25 | N/A | 5.3 MEDIUM |
| Vulnerability in the Oracle Applications Technology product of Oracle E-Business Suite (component: Templates). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Applications Technology. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Applications Technology accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N). | |||||
| CVE-2024-48797 | 2025-03-25 | N/A | 7.5 HIGH | ||
| An issue in PCS Engineering Preston Cinema (com.prestoncinema.app) 0.2.0 allows a remote attacker to obtain sensitive information via the firmware update process. | |||||
| CVE-2021-39019 | 3 Ibm, Linux, Microsoft | 4 Engineering Lifecycle Optimization - Publishing, Engineering Lifecycle Optimization Publishing, Linux Kernel and 1 more | 2025-03-25 | N/A | 6.5 MEDIUM |
| IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could disclose highly sensitive information through an HTTP GET request to an authenticated user. IBM X-Force ID: 213728. | |||||
| CVE-2024-48310 | 2025-03-25 | N/A | 7.5 HIGH | ||
| AutoLib Software Systems OPAC v20.10 was discovered to have multiple API keys exposed within the source code. Attackers may use these keys to access the backend API or other sensitive information. | |||||
| CVE-2023-23592 | 1 Wallix | 1 Bastion Access Manager | 2025-03-24 | N/A | 7.5 HIGH |
| WALLIX Access Manager 3.x through 4.0.x allows a remote attacker to access sensitive information. | |||||
| CVE-2024-48798 | 2025-03-24 | N/A | 7.5 HIGH | ||
| An issue in Hubble Connected (com.hubbleconnected.vervelife) 2.00.81 allows a remote attacker to obtain sensitive information via the firmware update process. | |||||
| CVE-2024-40823 | 1 Apple | 1 Macos | 2025-03-24 | N/A | 5.5 MEDIUM |
| The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.6, macOS Monterey 12.7.6, macOS Ventura 13.6.8. An app may be able to access user-sensitive data. | |||||
| CVE-2024-31817 | 1 Totolink | 2 Ex200, Ex200 Firmware | 2025-03-24 | N/A | 7.5 HIGH |
| In TOTOLINK EX200 V4.0.3c.7646_B20201211, an attacker can obtain sensitive information without authorization through the function getSysStatusCfg. | |||||
| CVE-2025-24138 | 1 Apple | 1 Macos | 2025-03-24 | N/A | 5.5 MEDIUM |
| This issue was addressed through improved state management. This issue is fixed in macOS Ventura 13.7.3, macOS Sequoia 15.3, macOS Sonoma 14.7.3. A malicious application may be able to leak sensitive user information. | |||||
| CVE-2024-48799 | 2025-03-24 | N/A | 7.5 HIGH | ||
| An issue in LOREX TECHNOLOGY INC com.lorexcorp.lorexping 1.4.22 allows a remote attacker to obtain sensitive information via the firmware update process. | |||||
| CVE-2024-40838 | 1 Apple | 1 Macos | 2025-03-24 | N/A | 3.3 LOW |
| A privacy issue was addressed by moving sensitive data to a protected location. This issue is fixed in macOS Sequoia 15. A malicious app may be able to access notifications from the user's device. | |||||
| CVE-2024-40775 | 1 Apple | 1 Macos | 2025-03-24 | N/A | 5.5 MEDIUM |
| A downgrade issue was addressed with additional code-signing restrictions. This issue is fixed in macOS Sonoma 14.6, macOS Monterey 12.7.6, macOS Ventura 13.6.8. An app may be able to leak sensitive user information. | |||||
| CVE-2022-46650 | 1 Sierrawireless | 9 Aleos, Es450, Gx450 and 6 more | 2025-03-24 | N/A | 4.9 MEDIUM |
| Acemanager in ALEOS before version 4.16 allows a user with valid credentials to reconfigure the device to expose the ACEManager credentials on the pre-login status page. | |||||
| CVE-2024-30469 | 1 Wpexperts | 1 Wholesale For Woocommerce | 2025-03-24 | N/A | 5.3 MEDIUM |
| Missing Authorization vulnerability in WPExperts Wholesale For WooCommerce.This issue affects Wholesale For WooCommerce: from n/a through 2.3.0. | |||||
| CVE-2024-27356 | 2025-03-24 | N/A | 7.5 HIGH | ||
| An issue was discovered on certain GL-iNet devices. Attackers can download files such as logs via commands, potentially obtaining critical user information. This affects MT6000 4.5.5, XE3000 4.4.4, X3000 4.4.5, MT3000 4.5.0, MT2500 4.5.0, AXT1800 4.5.0, AX1800 4.5.0, A1300 4.5.0, S200 4.1.4-0300, X750 4.3.7, SFT1200 4.3.7, XE300 4.3.7, MT1300 4.3.10, AR750 4.3.10, AR750S 4.3.10, AR300M 4.3.10, AR300M16 4.3.10, B1300 4.3.10, MT300N-v2 4.3.10, X300B 3.217, S1300 3.216, SF1200 3.216, MV1000 3.216, N300 3.216, B2200 3.216, and X1200 3.203. | |||||
| CVE-2022-48610 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2025-03-24 | N/A | 5.5 MEDIUM |
| This issue was addressed through improved state management. This issue is fixed in macOS Ventura 13.1, watchOS 9.2, iOS 16.2 and iPadOS 16.2. An app may be able to access user-sensitive data. | |||||
| CVE-2025-24146 | 1 Apple | 1 Macos | 2025-03-24 | N/A | 9.8 CRITICAL |
| This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Ventura 13.7.3, macOS Sequoia 15.3, macOS Sonoma 14.7.3. Deleting a conversation in Messages may expose user contact information in system logging. | |||||
| CVE-2024-44179 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2025-03-24 | N/A | 2.4 LOW |
| This issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 17.7 and iPadOS 17.7, iOS 18 and iPadOS 18, macOS Sequoia 15. An attacker with physical access to a device may be able to read contact numbers from the lock screen. | |||||
| CVE-2024-20292 | 1 Cisco | 1 Duo Authentication For Windows Logon And Rdp | 2025-03-24 | N/A | 4.4 MEDIUM |
| A vulnerability in the logging component of Cisco Duo Authentication for Windows Logon and RDP could allow an authenticated, local attacker to view sensitive information in clear text on an affected system. This vulnerability is due to improper storage of an unencrypted registry key in certain logs. An attacker could exploit this vulnerability by accessing the logs on an affected system. A successful exploit could allow the attacker to view sensitive information in clear text. | |||||
| CVE-2024-51123 | 2025-03-22 | N/A | 7.5 HIGH | ||
| An issue in Zertificon Z1 SecureMail Z1 SecureMail Gateway 4.44.2-7240-debian12 allows a remote attacker to obtain sensitive information via the /compose-pdf.xhtml?convid=[id] component. | |||||