Vulnerabilities (CVE)

Filtered by CWE-922
Total 320 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-29953 1 Broadcom 1 Fabric Operating System 2025-02-04 N/A 4.3 MEDIUM
A vulnerability in the web interface in Brocade Fabric OS before v9.2.1, v9.2.0b, and v9.1.1d prints encoded session passwords on session storage for Virtual Fabric platforms. This could allow an authenticated user to view other users' session encoded passwords.
CVE-2024-54728 2025-02-03 N/A 6.5 MEDIUM
Incorrect access control in BYD QIN PLUS DM-i Dilink OS 3.0_13.1.7.2204050.1 allows unauthorized attackers to access system logcat logs.
CVE-2025-24117 1 Apple 5 Ipados, Iphone Os, Macos and 2 more 2025-01-31 N/A 5.5 MEDIUM
This issue was addressed with improved redaction of sensitive information. This issue is fixed in iPadOS 17.7.4, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3. An app may be able to fingerprint the user.
CVE-2024-3502 1 Lunary 1 Lunary 2025-01-30 N/A 8.1 HIGH
In lunary-ai/lunary versions up to and including 1.2.5, an information disclosure vulnerability exists where account recovery hashes of users are inadvertently exposed to unauthorized actors. This issue occurs when authenticated users inspect responses from `GET /v1/users/me` and `GET /v1/users/me/org` endpoints. The exposed account recovery hashes, while not directly related to user passwords, represent sensitive information that should not be accessible to unauthorized parties. Exposing these hashes could potentially facilitate account recovery attacks or other malicious activities. The vulnerability was addressed in version 1.2.6.
CVE-2024-3501 1 Lunary 1 Lunary 2025-01-30 N/A 8.1 HIGH
In lunary-ai/lunary versions up to and including 1.2.5, an information disclosure vulnerability exists due to the inclusion of single-use tokens in the responses of `GET /v1/users/me` and `GET /v1/users/me/org` API endpoints. These tokens, intended for sensitive operations such as password resets or account verification, are exposed to unauthorized actors, potentially allowing them to perform actions on behalf of the user. This issue was addressed in version 1.2.6, where the exposure of single-use tokens in user-facing queries was mitigated.
CVE-2022-33973 2 Intel, Microsoft 3 Wlan Authentication And Privacy Infrastructure, Windows 10, Windows 11 2025-01-29 N/A 3.3 LOW
Improper access control in the Intel(R) WAPI Security software for Windows 10/11 before version 22.2150.0.1 may allow an authenticated user to potentially enable information disclosure via local access.
CVE-2023-6748 1 Wpgogo 1 Custom Field Template 2025-01-29 N/A 4.3 MEDIUM
The Custom Field Template plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.1 via the 'cft' shortcode. This makes it possible for authenticated attackers with contributor access and above, to extract sensitive data including arbitrary post metadata.
CVE-2024-57436 2025-01-29 N/A 7.2 HIGH
RuoYi v4.8.0 was discovered to allow unauthorized attackers to view the session ID of the admin in the system monitoring. This issue can allow attackers to impersonate Admin users via using a crafted cookie.
CVE-2023-27942 1 Apple 5 Ipados, Iphone Os, Macos and 2 more 2025-01-29 N/A 5.5 MEDIUM
The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, macOS Big Sur 11.7.5, macOS Monterey 12.6.4, tvOS 16.4, watchOS 9.4. An app may be able to access user-sensitive data.
CVE-2023-23542 1 Apple 1 Macos 2025-01-29 N/A 5.5 MEDIUM
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, macOS Big Sur 11.7.5. An app may be able to access user-sensitive data.
CVE-2023-23541 1 Apple 2 Ipados, Iphone Os 2025-01-29 N/A 3.3 LOW
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 15.7.4 and iPadOS 15.7.4, iOS 16.4 and iPadOS 16.4. An app may be able to access information about a user’s contacts.
CVE-2022-43877 1 Ibm 1 Urbancode Deploy 2025-01-29 N/A 5.1 MEDIUM
IBM UrbanCode Deploy (UCD) versions up to 7.3.0.1 could disclose sensitive password information during a manual edit of the agentrelay.properties file. IBM X-Force ID: 240148.
CVE-2024-56972 2025-01-28 N/A 6.5 MEDIUM
An issue in Midea Group Co., Ltd Midea Home iOS 9.3.12 allows attackers to access sensitive user information via supplying a crafted link.
CVE-2024-56971 2025-01-28 N/A 6.5 MEDIUM
An issue in Zhiyuan Yuedu (Guangzhou) Literature Information Technology Co., Ltd Shuqi Novel iOS 5.3.8 allows attackers to access sensitive user information via supplying a crafted link.
CVE-2024-56969 2025-01-28 N/A 6.5 MEDIUM
An issue in Pixocial Technology (Singapore) Pte. Ltd BeautyPlus iOS 7.8.010 allows attackers to access sensitive user information via supplying a crafted link.
CVE-2024-56968 2025-01-28 N/A 6.5 MEDIUM
An issue in Shenzhen Intellirocks Tech Co. Ltd Govee Home iOS 6.5.01 allows attackers to access sensitive user information via supplying a crafted payload.
CVE-2024-56967 2025-01-28 N/A 6.5 MEDIUM
An issue in Cloud Whale Interactive Technology LLC. PolyBuzz iOS 2.0.20 allows attackers to access sensitive user information via supplying a crafted link.
CVE-2024-56966 2025-01-28 N/A 6.5 MEDIUM
An issue in Shanghai Xuan Ting Entertainment Information & Technology Co., Ltd Qidian Reader iOS 5.9.384 allows attackers to access sensitive user information via supplying a crafted link.
CVE-2024-56965 2025-01-28 N/A 6.5 MEDIUM
An issue in Shanghai Shizhi Information Technology Co., Ltd Shihuo iOS 8.16.0 allows attackers to access sensitive user information via supplying a crafted link.
CVE-2024-56964 2025-01-28 N/A 6.5 MEDIUM
An issue in Che Hao Duo Used Automobile Agency (Beijing) Co., Ltd Guazi Used Car iOS 10.15.1 allows attackers to access sensitive user information via supplying a crafted link.