Total
648 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2001-0893 | 1 Acme | 1 Mini Httpd | 2025-04-03 | 5.0 MEDIUM | N/A |
| Acme mini_httpd before 1.16 allows remote attackers to view sensitive files under the document root (such as .htpasswd) via a GET request with a trailing /. | |||||
| CVE-2004-1489 | 1 Opera | 1 Opera Browser | 2025-04-03 | 2.6 LOW | N/A |
| Opera 7.54 and earlier does not properly limit an applet's access to internal Java packages from Sun, which allows remote attackers to gain sensitive information, such as user names and the installation directory. | |||||
| CVE-2001-0892 | 1 Acme | 1 Thttpd | 2025-04-03 | 5.0 MEDIUM | N/A |
| Acme Thttpd Secure Webserver before 2.22, with the chroot option enabled, allows remote attackers to view sensitive files under the document root (such as .htpasswd) via a GET request with a trailing /. | |||||
| CVE-2021-41989 | 1 Qlik | 1 Qlikview | 2025-04-01 | N/A | 7.8 HIGH |
| Qlik QlikView through 12.60.20100.0 creates a Temporary File in a Directory with Insecure Permissions. | |||||
| CVE-2021-41988 | 1 Qlik | 1 Nprinting Designer | 2025-04-01 | N/A | 7.8 HIGH |
| Qlik NPrinting Designer through 21.14.3.0 creates a Temporary File in a Directory with Insecure Permissions. | |||||
| CVE-2023-25192 | 1 Ami | 1 Megarac Sp-x | 2025-03-19 | N/A | 5.3 MEDIUM |
| AMI MegaRAC SPX devices allow User Enumeration through Redfish. The fixed versions are SPx12-update-7.00 and SPx13-update-5.00. | |||||
| CVE-2023-26081 | 2 Fedoraproject, Gnome | 2 Fedora, Epiphany | 2025-03-18 | N/A | 7.5 HIGH |
| In Epiphany (aka GNOME Web) through 43.0, untrusted web content can trick users into exfiltrating passwords, because autofill occurs in sandboxed contexts. | |||||
| CVE-2024-40725 | 1 Apache | 1 Http Server | 2025-03-14 | N/A | 5.3 MEDIUM |
| A partial fix for CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some use of the legacy content-type based configuration of handlers. "AddType" and similar configuration, under some circumstances where files are requested indirectly, result in source code disclosure of local content. For example, PHP scripts may be served instead of interpreted. Users are recommended to upgrade to version 2.4.62, which fixes this issue. | |||||
| CVE-2023-0481 | 1 Quarkus | 1 Quarkus | 2025-03-12 | N/A | 3.3 LOW |
| In RestEasy Reactive implementation of Quarkus the insecure File.createTempFile() is used in the FileBodyHandler class which creates temp files with insecure permissions that could be read by a local user. | |||||
| CVE-2022-44310 | 1 Ecdh Project | 1 Ecdh | 2025-03-12 | N/A | 7.5 HIGH |
| In Development IL ecdh before 0.2.0, an attacker can send an invalid point (not on the curve) as the public key, and obtain the derived shared secret. | |||||
| CVE-2023-22777 | 1 Arubanetworks | 2 Arubaos, Sd-wan | 2025-03-07 | N/A | 4.9 MEDIUM |
| An authenticated information disclosure vulnerability exists in the ArubaOS web-based management interface. Successful exploitation of this vulnerability results in the ability to read arbitrary files in the underlying operating system. | |||||
| CVE-2023-22775 | 1 Arubanetworks | 2 Arubaos, Sd-wan | 2025-03-07 | N/A | 6.5 MEDIUM |
| A vulnerability exists which allows an authenticated attacker to access sensitive information on the ArubaOS command line interface. Successful exploitation could allow access to data beyond what is authorized by the users existing privilege level. | |||||
| CVE-2023-22892 | 1 Smartbear | 1 Zephyr Enterprise | 2025-03-04 | N/A | 7.5 HIGH |
| There exists an information disclosure vulnerability in SmartBear Zephyr Enterprise through 7.15.0 that could be exploited by unauthenticated users to read arbitrary files from Zephyr instances. | |||||
| CVE-2020-22647 | 1 Smartconrtactgames Project | 1 Smartconrtactgames | 2025-02-26 | N/A | 9.1 CRITICAL |
| An issue found in DepositGame v.1.0 allows an attacker to gain sensitive information via the GetBonusWithdraw and withdraw functions. | |||||
| CVE-2025-21608 | 2025-02-18 | N/A | N/A | ||
| Meshtastic is an open source mesh networking solution. In affected firmware versions crafted packets over MQTT are able to appear as a DM in client to a node even though they were not decoded with PKC. This issue has been addressed in version 2.5.19 and all users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2024-27906 | 2025-02-13 | N/A | 5.9 MEDIUM | ||
| Apache Airflow, versions before 2.8.2, has a vulnerability that allows authenticated users to view DAG code and import errors of DAGs they do not have permission to view through the API and the UI. Users of Apache Airflow are recommended to upgrade to version 2.8.2 or newer to mitigate the risk associated with this vulnerability | |||||
| CVE-2024-22049 | 1 John Nunemaker | 1 Httparty | 2025-02-13 | N/A | 5.3 MEDIUM |
| httparty before 0.21.0 is vulnerable to an assumed-immutable web parameter vulnerability. A remote and unauthenticated attacker can provide a crafted filename parameter during multipart/form-data uploads which could result in attacker controlled filenames being written. | |||||
| CVE-2023-42792 | 1 Apache | 1 Airflow | 2025-02-13 | N/A | 6.5 MEDIUM |
| Apache Airflow, in versions prior to 2.7.2, contains a security vulnerability that allows an authenticated user with limited access to some DAGs, to craft a request that could give the user write access to various DAG resources for DAGs that the user had no access to, thus, enabling the user to clear DAGs they shouldn't. Users of Apache Airflow are strongly advised to upgrade to version 2.7.2 or newer to mitigate the risk associated with this vulnerability. | |||||
| CVE-2023-34189 | 1 Apache | 1 Inlong | 2025-02-13 | N/A | 6.5 MEDIUM |
| Exposure of Resource to Wrong Sphere Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.7.0. The attacker could use general users to delete and update the process, which only the admin can operate occurrences. Users are advised to upgrade to Apache InLong's 1.8.0 or cherry-pick https://github.com/apache/inlong/pull/8109 to solve it. | |||||
| CVE-2022-43684 | 1 Servicenow | 1 Servicenow | 2025-02-13 | N/A | 9.9 CRITICAL |
| ServiceNow has released patches and an upgrade that address an Access Control List (ACL) bypass issue in ServiceNow Core functionality. Additional Details This issue is present in the following supported ServiceNow releases: * Quebec prior to Patch 10 Hot Fix 8b * Rome prior to Patch 10 Hot Fix 1 * San Diego prior to Patch 7 * Tokyo prior to Tokyo Patch 1; and * Utah prior to Utah General Availability If this ACL bypass issue were to be successfully exploited, it potentially could allow an authenticated user to obtain sensitive information from tables missing authorization controls. | |||||