Total
728 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-43691 | 1 Concretecms | 1 Concrete Cms | 2025-04-30 | 5.3 Medium |
| Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 inadvertently disclose server-side sensitive information (secrets in environment variables and server information) when Debug Mode is left on in production. | ||||
| CVE-2024-0056 | 2 Microsoft, Redhat | 21 .net, .net Framework, Microsoft.data.sqlclient and 18 more | 2025-04-30 | 8.7 High |
| Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Feature Bypass Vulnerability | ||||
| CVE-2022-44411 | 1 Web Based Quiz System Project | 1 Web Based Quiz System | 2025-04-29 | 7.5 High |
| Web Based Quiz System v1.0 transmits user passwords in plaintext during the authentication process, allowing attackers to obtain users' passwords via a bruteforce attack. | ||||
| CVE-2025-25046 | 1 Ibm | 1 Infosphere Information Server | 2025-04-29 | 3.7 Low |
| IBM InfoSphere Information Server 11.7 DataStage Flow Designer transmits sensitive information via URL or query parameters that could be exposed to an unauthorized actor using man in the middle techniques. | ||||
| CVE-2021-35246 | 1 Solarwinds | 1 Engineer\'s Toolset | 2025-04-25 | 5.3 Medium |
| The application fails to prevent users from connecting to it over unencrypted connections. An attacker able to modify a legitimate user's network traffic could bypass the application's use of SSL/TLS encryption and use the application as a platform for attacks against its users. | ||||
| CVE-2022-45480 | 1 Beappsmobile | 1 Pc Keyboard Wifi \& Bluetooth | 2025-04-24 | 5.9 Medium |
| PC Keyboard WiFi & Bluetooth allows an attacker (in a man-in-the-middle position between the server and a connected device) to see all data (including keypresses) in cleartext. CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N | ||||
| CVE-2022-45483 | 1 Lazy Mouse Project | 1 Lazy Mouse | 2025-04-24 | 5.9 Medium |
| Lazy Mouse allows an attacker (in a man in the middle position between the server and a connected device) to see all data (including keypresses) in cleartext. CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N | ||||
| CVE-2022-45478 | 1 Telepad-app | 1 Telepad | 2025-04-23 | 5.1 Medium |
| Telepad allows an attacker (in a man-in-the-middle position between the server and a connected device) to see all data (including keypresses) in cleartext. CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N | ||||
| CVE-2021-3774 | 1 Meross | 2 Mss550x, Mss550x Firmware | 2025-04-23 | 7.4 High |
| Meross Smart Wi-Fi 2 Way Wall Switch (MSS550X), on its 3.1.3 version and before, creates an open Wi-Fi Access Point without the required security measures in its initial setup. This could allow a remote attacker to obtain the Wi-Fi SSID as well as the password configured by the user from Meross app via Http/JSON plain request. | ||||
| CVE-2022-31046 | 1 Typo3 | 1 Typo3 | 2025-04-23 | 4.3 Medium |
| TYPO3 is an open source web content management system. Prior to versions 7.6.57 ELTS, 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, and 11.5.11, the export functionality fails to limit the result set to allowed columns of a particular database table. This way, authenticated users can export internal details of database tables they already have access to. TYPO3 versions 7.6.57 ELTS, 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, 11.5.11 fix the problem described above. In order to address this issue, access to mentioned export functionality is completely denied for regular backend users. | ||||
| CVE-2022-39269 | 1 Pjsip | 1 Pjsip | 2025-04-23 | 9.1 Critical |
| PJSIP is a free and open source multimedia communication library written in C. When processing certain packets, PJSIP may incorrectly switch from using SRTP media transport to using basic RTP upon SRTP restart, causing the media to be sent insecurely. The vulnerability impacts all PJSIP users that use SRTP. The patch is available as commit d2acb9a in the master branch of the project and will be included in version 2.13. Users are advised to manually patch or to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2022-39287 | 1 Tiny-csrf Project | 1 Tiny-csrf | 2025-04-23 | 8.1 High |
| tiny-csrf is a Node.js cross site request forgery (CSRF) protection middleware. In versions prior to 1.1.0 cookies were not encrypted and thus CSRF tokens were transmitted in the clear. This issue has been addressed in commit `8eead6d` and the patch with be included in version 1.1.0. Users are advised to upgrade. There are no known workarounds for this issue. | ||||
| CVE-2022-39339 | 1 Nextcloud | 1 Openid Connect User Backend | 2025-04-23 | 4.3 Medium |
| user_oidc is an OpenID Connect user backend for Nextcloud. In versions prior to 1.2.1 sensitive information such as the OIDC client credentials and tokens are sent in plain text of HTTP without TLS. Any malicious actor with access to monitor user traffic may have been able to compromise account security. This issue has been addressed in in user_oidc v1.2.1. Users are advised to upgrade. Users unable to upgrade may use https to access Nextcloud. Set an HTTPS discovery URL in the provider settings (in Nextcloud OIDC admin settings). | ||||
| CVE-2025-43013 | 1 Jetbrains | 1 Toolbox | 2025-04-23 | 6.9 Medium |
| In JetBrains Toolbox App before 2.6 unencrypted credential transmission during SSH authentication was possible | ||||
| CVE-2022-46685 | 1 Gitea | 1 Gitea | 2025-04-23 | 4.3 Medium |
| In Jenkins Gitea Plugin 1.4.4 and earlier, the implementation of Gitea personal access tokens did not support credentials masking, potentially exposing them through the build log. | ||||
| CVE-2025-42603 | 2025-04-23 | N/A | ||
| This vulnerability exists in the Meon KYC solutions due to transmission of sensitive data in plain text within the response payloads of certain API endpoints. An authenticated remote attacker could exploit this vulnerability by intercepting API response that contains unencrypted sensitive information belonging to other users. Successful exploitation of this vulnerability could allow remote attacker to impersonate the target user and gain unauthorized access to the user account. | ||||
| CVE-2025-32793 | 2025-04-23 | 4 Medium | ||
| Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Versions 1.15.0 to 1.15.15, 1.16.0 to 1.16.8, and 1.17.0 to 1.17.2, are vulnerable when using Wireguard transparent encryption in a Cilium cluster, packets that originate from a terminating endpoint can leave the source node without encryption due to a race condition in how traffic is processed by Cilium. This issue has been patched in versions 1.15.16, 1.16.9, and 1.17.3. There are no workarounds available for this issue. | ||||
| CVE-2022-40939 | 1 Secu | 2 Secustation, Secustation Firmware | 2025-04-22 | 4.9 Medium |
| In certain Secustation products the administrator account password can be read. This affects V2.5.5.3116-S50-SMA-B20171107A, V2.3.4.1301-M20-TSA-B20150617A, V2.5.5.3116-S50-RXA-B20180502A, V2.5.5.3116-S50-SMA-B20190723A, V2.5.5.3116-S50-SMB-B20161012A, V2.3.4.2103-S50-NTD-B20170508B, V2.5.5.3116-S50-SMB-B20160601A, V2.5.5.2601-S50-TSA-B20151229A, and V2.5.5.3116-S50-SMA-B20170217. | ||||
| CVE-2022-43724 | 1 Siemens | 1 Sicam Pas\/pqs | 2025-04-22 | 9.8 Critical |
| A vulnerability has been identified in SICAM PAS/PQS (All versions < V7.0). Affected software transmits the database credentials for the inbuilt SQL server in cleartext. In combination with the by default enabled xp_cmdshell feature unauthenticated remote attackers could execute custom OS commands. At the time of assigning the CVE, the affected firmware version of the component has already been superseded by succeeding mainline versions. | ||||
| CVE-2020-9420 | 1 Arcadyan | 2 Vrv9506jac23, Vrv9506jac23 Firmware | 2025-04-22 | 6.5 Medium |
| The login password of the web administrative dashboard in Arcadyan Wifi routers VRV9506JAC23 is sent in cleartext, allowing an attacker to sniff and intercept traffic to learn the administrative credentials to the router. | ||||