Export limit exceeded: 352298 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (608 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-29120 | 1 Apache | 1 Streampark | 2025-06-23 | 5.9 Medium |
| In Streampark (version < 2.1.4), when a user logged in successfully, the Backend service would return "Authorization" as the front-end authentication credential. User can use this credential to request other users' information, including the administrator's username, password, salt value, etc. Mitigation: all users should upgrade to 2.1.4 | ||||
| CVE-2021-38487 | 1 Rti | 3 Connext Dds Micro, Connext Professional, Connext Secure | 2025-06-23 | 8.2 High |
| RTI Connext Professional versions 4.1 to 6.1.0, and Connext Micro versions 2.4 and later are vulnerable when an attacker sends a specially crafted packet to flood target devices with unwanted traffic. This may result in a denial-of-service condition and information exposure. | ||||
| CVE-2023-47889 | 1 Binhdrm26 | 1 Super Reboot | 2025-06-20 | 7.8 High |
| The Android application BINHDRM26 com.bdrm.superreboot 1.0.3, exposes several critical actions through its exported broadcast receivers. These exposed actions can allow any app on the device to send unauthorized broadcasts, leading to unintended consequences. The vulnerability is particularly concerning because these actions include powering off, system reboot & entering recovery mode. | ||||
| CVE-2025-32886 | 1 Gotenna | 3 Gotenna, Mesh, Mesh Firmware | 2025-06-20 | 4 Medium |
| An issue was discovered on goTenna v1 devices with app 5.5.3 and firmware 0.25.5. All packets sent over RF are also sent over UART with USB Shell, allowing someone with local access to gain information about the protocol and intercept sensitive data. | ||||
| CVE-2024-48883 | 1 Samsung | 38 Exynos 1080, Exynos 1080 Firmware, Exynos 1280 and 35 more | 2025-06-20 | 4.3 Medium |
| An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 9820, 9825, 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, W920, W930, W1000, Modem 5123, and Modem 5300. The UE incorrectly handles a malformed uplink scheduling message, resulting in an information leak of the UE. | ||||
| CVE-2023-42429 | 1 Intel | 12 Nuc 7 Essential Nuc7cjysal, Nuc 7 Essential Nuc7cjysamn, Nuc 7 Essential Nuc7cjysamn Firmware and 9 more | 2025-06-17 | 7.5 High |
| Improper buffer restrictions in some Intel NUC BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access. | ||||
| CVE-2024-30917 | 1 Eprosima | 1 Fast Dds | 2025-06-17 | 5.5 Medium |
| An issue was discovered in eProsima FastDDS v.2.14.0 and before, allows a local attacker to cause a denial of service (DoS) and obtain sensitive information via a crafted history_depth parameter in DurabilityService QoS component. | ||||
| CVE-2024-27232 | 1 Google | 1 Android | 2025-06-17 | 5.5 Medium |
| In asn1_ec_pkey_parse of asn1_common.c, there is a possible OOB read due to a missing null check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2023-5879 | 1 Geniecompany | 1 Aladdin Connect | 2025-06-17 | 6.8 Medium |
| Users’ product account authentication data was stored in clear text in The Genie Company Aladdin Connect Mobile Application Version 5.65 Build 2075 (and below) on Android Devices. This allows the attacker, with access to the android device, to potentially retrieve users' clear text authentication credentials. | ||||
| CVE-2025-45242 | 1 Rhymix | 1 Rhymix | 2025-06-17 | 7.7 High |
| Rhymix v2.1.22 was discovered to contain an arbitrary file deletion vulnerability via the procFileAdminEditImage method in /file/file.admin.controller.php. | ||||
| CVE-2024-22193 | 1 Vantage6 | 1 Vantage6 | 2025-06-17 | 3.5 Low |
| The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning (FL) and Multi-Party Computation (MPC). There are no checks on whether the input is encrypted if a task is created in an encrypted collaboration. Therefore, a user may accidentally create a task with sensitive input data that will then be stored unencrypted in a database. Users should ensure they set the encryption setting correctly. This vulnerability is patched in 4.2.0. | ||||
| CVE-2024-22773 | 1 Intelbras | 2 Action Rf 1200, Action Rf 1200 Firmware | 2025-06-05 | 8.1 High |
| Intelbras Action RF 1200 routers 1.2.2 and earlier and Action RG 1200 routers 2.1.7 and earlier expose the Password in Cookie resulting in Login Bypass. | ||||
| CVE-2025-48999 | 1 Dataease | 1 Dataease | 2025-06-05 | 8.8 High |
| DataEase is an open source business intelligence and data visualization tool. A bypass of CVE-2025-46566's patch exists in versions prior to 2.10.10. In a malicious payload, `getUrlType()` retrieves `hostName`. Since the judgment statement returns false, it will not enter the if statement and will not be filtered. The payload can be directly concatenated at the replace location to construct a malicious JDBC statement. Version 2.10.10 contains a patch for the issue. | ||||
| CVE-2024-25940 | 1 Freebsd | 1 Freebsd | 2025-06-04 | 6.3 Medium |
| `bhyveload -h <host-path>` may be used to grant loader access to the <host-path> directory tree on the host. Affected versions of bhyveload(8) do not make any attempt to restrict loader's access to <host-path>, allowing the loader to read any file the host user has access to. In the bhyveload(8) model, the host supplies a userboot.so to boot with, but the loader scripts generally come from the guest image. A maliciously crafted script could be used to exfiltrate sensitive data from the host accessible to the user running bhyhveload(8), which is often the system root. | ||||
| CVE-2024-28069 | 1 Mitel | 1 Micontact Center Business | 2025-06-02 | 7.5 High |
| A vulnerability in the legacy chat component of Mitel MiContact Center Business through 10.0.0.4 could allow an unauthenticated attacker to conduct an information disclosure attack due to improper configuration. A successful exploit could allow an attacker to access sensitive information and potentially conduct unauthorized actions within the vulnerable component. | ||||
| CVE-2024-28808 | 1 Nokia | 2 Hit 7300, Hit 7300 Firmware | 2025-05-30 | 2.7 Low |
| An issue was discovered in Infinera hiT 7300 5.60.50. Hidden functionality in the web interface allows a remote authenticated attacker to access reserved information by accessing undocumented web applications. | ||||
| CVE-2022-44581 | 1 Wpmudev | 1 Defender | 2025-05-28 | 5 Medium |
| Insecure Storage of Sensitive Information vulnerability in WPMU DEV Defender Security allows : Screen Temporary Files for Sensitive Information.This issue affects Defender Security: from n/a through 3.3.2. | ||||
| CVE-2024-31404 | 1 Cybozu | 1 Garoon | 2025-05-28 | 4.3 Medium |
| Insertion of sensitive information into sent data issue exists in Cybozu Garoon 5.5.0 to 6.0.0, which may allow a user who can log in to the product to view the data of Scheduler. | ||||
| CVE-2025-46566 | 1 Dataease | 1 Dataease | 2025-05-28 | 9.8 Critical |
| DataEase is an open-source BI tool alternative to Tableau. Prior to version 2.10.9, authenticated users can complete RCE through the backend JDBC link. This issue has been patched in version 2.10.9. | ||||
| CVE-2022-41320 | 1 Veritas | 1 System Recovery | 2025-05-27 | 6.5 Medium |
| Veritas System Recovery (VSR) versions 18 and 21 store a network destination password in the Windows registry during configuration of the backup configuration. This vulnerability could provide a Windows user (who has sufficient privileges) to access a network file system that they were not authorized to access. | ||||