Total
9170 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-26281 | 2024-12-17 | N/A | 5.5 MEDIUM | ||
| Some parameters of the alarm clock module are improperly stored, leaking some sensitive information. | |||||
| CVE-2021-26279 | 2024-12-17 | N/A | 5.9 MEDIUM | ||
| Some parameters of the weather module are improperly stored, leaking some sensitive information. | |||||
| CVE-2024-55951 | 2024-12-16 | N/A | N/A | ||
| Metabase is an open-source data analytics platform. For new sandboxing configurations created in 1.52.0 till 1.52.2.4, sandboxed users are able to see field filter values from other sandboxed users. This is fixed in 1.52.2.5. Users on 1.52.0 or 1.52.1 or 1.5.2 should upgrade to 1.52.2.5. There are no workarounds for this issue aside from upgrading. | |||||
| CVE-2024-12578 | 2024-12-14 | N/A | 5.3 MEDIUM | ||
| The Tickera – WordPress Event Ticketing plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.5.4.8 via the 'tickera_tickets_info' endpoint. This makes it possible for unauthenticated attackers to extract sensitive data from bookings like full names, email addresses, check-in/out timestamps and more. | |||||
| CVE-2024-55946 | 2024-12-13 | N/A | N/A | ||
| Playloom Engine is an open-source, high-performance game development engine. Engine Beta v0.0.1 has a security vulnerability related to data storage, specifically when using the collaboration features. When collaborating with another user, they may have access to personal information you have entered into the software. This poses a risk to user privacy. The maintainers of Playloom Engine have temporarily disabled the collaboration feature until a fix can be implemented. When Engine Beta v0.0.2 is released, it is expected to contain a patch addressing this issue. Users should refrain from using the collaboration feature in the meantime. | |||||
| CVE-2024-26119 | 1 Adobe | 1 Experience Manager | 2024-12-13 | N/A | 5.3 MEDIUM |
| Adobe Experience Manager versions 6.5.19 and earlier are affected by an Information Exposure vulnerability that could result in a security feature bypass. An attacker could leverage this vulnerability to achieve a low-confidentiality impact within the application. Exploitation of this issue does not require user interaction. | |||||
| CVE-2024-1952 | 1 Mattermost | 1 Mattermost Server | 2024-12-13 | N/A | 3.1 LOW |
| Mattermost version 8.1.x before 8.1.9 fails to sanitize data associated with permalinks when a plugin updates an ephemeral post, allowing an authenticated attacker who can control the ephemeral post update to access individual posts' contents in channels they are not a member of. | |||||
| CVE-2024-1949 | 1 Mattermost | 1 Mattermost Server | 2024-12-13 | N/A | 2.6 LOW |
| A race condition in Mattermost versions 8.1.x before 8.1.9, and 9.4.x before 9.4.2 allows an authenticated attacker to gain unauthorized access to individual posts' contents via carefully timed post creation while another user deletes posts. | |||||
| CVE-2024-55875 | 2024-12-13 | N/A | 9.8 CRITICAL | ||
| http4k is a functional toolkit for Kotlin HTTP applications. Prior to version 5.41.0.0, there is a potential XXE (XML External Entity Injection) vulnerability when http4k handling malicious XML contents within requests, which might allow attackers to read local sensitive information on server, trigger Server-side Request Forgery and even execute code under some circumstances. Version 5.41.0.0 contains a patch for the issue. | |||||
| CVE-2023-43804 | 3 Debian, Fedoraproject, Python | 3 Debian Linux, Fedora, Urllib3 | 2024-12-13 | N/A | 5.9 MEDIUM |
| urllib3 is a user-friendly HTTP client library for Python. urllib3 doesn't treat the `Cookie` HTTP header special or provide any helpers for managing cookies over HTTP, that is the responsibility of the user. However, it is possible for a user to specify a `Cookie` header and unknowingly leak information via HTTP redirects to a different origin if that user doesn't disable redirects explicitly. This issue has been patched in urllib3 version 1.26.17 or 2.0.5. | |||||
| CVE-2021-32007 | 2024-12-13 | N/A | 3.5 LOW | ||
| This issue affects: Secomea GateManager Version 9.5 and all prior versions. Protection Mechanism Failure vulnerability in web server of Secomea GateManager to potentially leak information to remote servers. | |||||
| CVE-2024-54117 | 1 Huawei | 1 Harmonyos | 2024-12-12 | N/A | 6.2 MEDIUM |
| Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2024-54103 | 1 Huawei | 1 Harmonyos | 2024-12-12 | N/A | 6.1 MEDIUM |
| Vulnerability of improper access control in the album module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2024-40862 | 1 Apple | 1 Xcode | 2024-12-12 | N/A | 5.3 MEDIUM |
| A privacy issue was addressed by removing sensitive data. This issue is fixed in Xcode 16. An attacker may be able to determine the Apple ID of the owner of the computer. | |||||
| CVE-2024-23228 | 1 Apple | 2 Ipados, Iphone Os | 2024-12-12 | N/A | 3.3 LOW |
| This issue was addressed through improved state management. This issue is fixed in iOS 17.3 and iPadOS 17.3. Locked Notes content may have been unexpectedly unlocked. | |||||
| CVE-2023-29348 | 1 Microsoft | 5 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 2 more | 2024-12-12 | N/A | 7.5 HIGH |
| Windows Remote Desktop Gateway (RD Gateway) Information Disclosure Vulnerability | |||||
| CVE-2024-11961 | 1 Huayi-tec | 1 Jeewms | 2024-12-11 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability was found in Guangzhou Huayi Intelligent Technology Jeewms 3.7. It has been rated as problematic. This issue affects the function preHandle of the file src/main/java/com/zzjee/wm/controller/WmOmNoticeHController.java. The manipulation of the argument request leads to information disclosure. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-23662 | 1 Fortinet | 1 Fortios | 2024-12-11 | N/A | 5.3 MEDIUM |
| An exposure of sensitive information to an unauthorized actor in Fortinet FortiOS at least version at least 7.4.0 through 7.4.1 and 7.2.0 through 7.2.5 and 7.0.0 through 7.0.15 and 6.4.0 through 6.4.15 allows attacker to information disclosure via HTTP requests. | |||||
| CVE-2024-11351 | 2024-12-11 | N/A | 5.3 MEDIUM | ||
| The Restrict – membership, site, content and user access restrictions for WordPress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2.8 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as administrator. | |||||
| CVE-2024-11008 | 2024-12-11 | N/A | 5.3 MEDIUM | ||
| The Members – Membership & User Role Editor Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.2.10 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as administrator. | |||||