Total
9792 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-42925 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2025-03-20 | 3.3 Low |
| The issue was addressed with improved restriction of data container access. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to access Notes attachments. | ||||
| CVE-2023-31346 | 2 Amd, Redhat | 128 Epyc 7203 Firmware, Epyc 7203p, Epyc 7203p Firmware and 125 more | 2025-03-20 | 6 Medium |
| Failure to initialize memory in SEV Firmware may allow a privileged attacker to access stale data from other guests. | ||||
| CVE-2023-0020 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2025-03-20 | 8.5 High |
| SAP BusinessObjects Business Intelligence platform - versions 420, 430, allows an authenticated attacker to access sensitive information which is otherwise restricted. On successful exploitation, there could be a high impact on confidentiality and limited impact on integrity of the application. | ||||
| CVE-2024-38970 | 1 Vaethink | 1 Vaethink | 2025-03-20 | 4.9 Medium |
| vaeThink 1.0.2 is vulnerable to Information Disclosure via the system backend,access management administrator function. | ||||
| CVE-2024-27362 | 1 Samsung | 10 Exynos 1280, Exynos 1280 Firmware, Exynos 1330 and 7 more | 2025-03-20 | 4.4 Medium |
| A vulnerability was discovered in Samsung Mobile Processors Exynos 1280, Exynos 2200, Exynos 1330, Exynos 1380, and Exynos 2400 where they do not properly check the length of the data, which can lead to a Information disclosure. | ||||
| CVE-2023-23458 | 1 Sunellsecurity | 14 Sn-adr3804e1, Sn-adr3804e1 Firmware, Sn-adr3808e1 and 11 more | 2025-03-19 | 6.5 Medium |
| Sunell DVR, latest version, CWE-200: Exposure of Sensitive Information to an Unauthorized Actor through an unspecified request. | ||||
| CVE-2024-33880 | 2 Microsoft, Virtosoftware | 2 Sharepoint Server, Sharepoint Bulk File Download | 2025-03-19 | 5.3 Medium |
| An issue was discovered in VirtoSoftware Virto Bulk File Download 5.5.44 for SharePoint 2019. It discloses full pathnames via Virto.SharePoint.FileDownloader/Api/Download.ashx?action=archive. | ||||
| CVE-2024-22260 | 1 Vmware | 1 Workspace One Uem | 2025-03-19 | 6.8 Medium |
| VMware Workspace One UEM update addresses an information exposure vulnerability. A malicious actor with network access to the Workspace One UEM may be able to perform an attack resulting in an information exposure. | ||||
| CVE-2020-12413 | 1 Mozilla | 2 Firefox, Firefox Esr | 2025-03-19 | 5.9 Medium |
| The Raccoon attack is a timing attack on DHE ciphersuites inherit in the TLS specification. To mitigate this vulnerability, Firefox disabled support for DHE ciphersuites. | ||||
| CVE-2025-26263 | 2025-03-19 | 5.1 Medium | ||
| GeoVision ASManager Windows desktop application with the version 6.1.2.0 or less (fixed in 6.2.0), is vulnerable to credentials disclosure due to improper memory handling in the ASManagerService.exe process. | ||||
| CVE-2024-48789 | 1 Inatronic | 1 Drivedeck | 2025-03-19 | 7.5 High |
| An issue in INATRONIC com.inatronic.drivedeck.home 2.6.23 allows a remote attacker to obtain sensitve information via the firmware update process. | ||||
| CVE-2024-0020 | 1 Google | 1 Android | 2025-03-19 | 5.5 Medium |
| In onActivityResult of NotificationSoundPreference.java, there is a possible way to hear audio files belonging to a different user due to a confused deputy. This could lead to local information disclosure across users of a device with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2024-39817 | 1 Cybozu | 1 Office | 2025-03-18 | 6.5 Medium |
| Insertion of sensitive information into sent data issue exists in Cybozu Office 10.0.0 to 10.8.6, which may allow a user who can login to the product to view data that the user does not have access by conducting 'search' under certain conditions in Custom App. | ||||
| CVE-2024-34897 | 2025-03-18 | 7.5 High | ||
| Nedis SmartLife android app v1.4.0 was discovered to contain an API key disclosure vulnerability. | ||||
| CVE-2018-13873 | 1 Hdfgroup | 1 Hdf5 | 2025-03-18 | 9.8 Critical |
| An issue was discovered in the HDF HDF5 1.8.20 library. There is a buffer over-read in H5O_chunk_deserialize in H5Ocache.c. | ||||
| CVE-2024-42006 | 1 Keyfactor | 1 Aws Orchestrator | 2025-03-18 | 7.5 High |
| Keyfactor AWS Orchestrator through 2.0 allows Information Disclosure. | ||||
| CVE-2025-22918 | 2025-03-18 | 7.5 High | ||
| Polycom RealPresence Group 500 <=20 has Insecure Permissions due to automatically loaded cookies. This allows for the use of administrator functions, resulting in the leakage of sensitive user information. | ||||
| CVE-2024-51163 | 1 Vegam Solutions | 1 Vegam 4i | 2025-03-18 | 7.5 High |
| A Local File Inclusion vulnerability in Vegam Solutions Vegam 4i versions 6.3.47.0 and earlier allows a remote attacker to obtain sensitive information through the print label function. Specifically, the filePathList parameter is susceptible to LFI, enabling a malicious user to include files from the web server, such as web.config or /etc/host, leading to the disclosure of sensitive information. | ||||
| CVE-2024-26312 | 1 Archerirm | 1 Archer | 2025-03-18 | 4.3 Medium |
| Archer Platform 6 before 2024.03 contains a sensitive information disclosure vulnerability. An authenticated attacker could potentially obtain access to sensitive information via a popup warning message. | ||||
| CVE-2022-32933 | 2 Apple, Redhat | 3 Macos, Enterprise Linux, Rhel Els | 2025-03-18 | 5.3 Medium |
| An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed in macOS Monterey 12.5. A website may be able to track the websites a user visited in Safari private browsing mode. | ||||