Total
9641 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-27362 | 1 Samsung | 10 Exynos 1280, Exynos 1280 Firmware, Exynos 1330 and 7 more | 2025-03-20 | 4.4 Medium |
| A vulnerability was discovered in Samsung Mobile Processors Exynos 1280, Exynos 2200, Exynos 1330, Exynos 1380, and Exynos 2400 where they do not properly check the length of the data, which can lead to a Information disclosure. | ||||
| CVE-2024-54467 | 2 Apple, Redhat | 12 Ipados, Iphone Os, Macos and 9 more | 2025-03-20 | 6.5 Medium |
| A cookie management issue was addressed with improved state management. This issue is fixed in watchOS 11, macOS Sequoia 15, Safari 18, visionOS 2, iOS 18 and iPadOS 18, tvOS 18. A malicious website may exfiltrate data cross-origin. | ||||
| CVE-2023-23458 | 1 Sunellsecurity | 14 Sn-adr3804e1, Sn-adr3804e1 Firmware, Sn-adr3808e1 and 11 more | 2025-03-19 | 6.5 Medium |
| Sunell DVR, latest version, CWE-200: Exposure of Sensitive Information to an Unauthorized Actor through an unspecified request. | ||||
| CVE-2024-33880 | 2 Microsoft, Virtosoftware | 2 Sharepoint Server, Sharepoint Bulk File Download | 2025-03-19 | 5.3 Medium |
| An issue was discovered in VirtoSoftware Virto Bulk File Download 5.5.44 for SharePoint 2019. It discloses full pathnames via Virto.SharePoint.FileDownloader/Api/Download.ashx?action=archive. | ||||
| CVE-2024-22260 | 1 Vmware | 1 Workspace One Uem | 2025-03-19 | 6.8 Medium |
| VMware Workspace One UEM update addresses an information exposure vulnerability. A malicious actor with network access to the Workspace One UEM may be able to perform an attack resulting in an information exposure. | ||||
| CVE-2020-12413 | 1 Mozilla | 2 Firefox, Firefox Esr | 2025-03-19 | 5.9 Medium |
| The Raccoon attack is a timing attack on DHE ciphersuites inherit in the TLS specification. To mitigate this vulnerability, Firefox disabled support for DHE ciphersuites. | ||||
| CVE-2024-44158 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2025-03-19 | 5.5 Medium |
| This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 17.7 and iPadOS 17.7, macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. A shortcut may output sensitive user data without consent. | ||||
| CVE-2025-26263 | 2025-03-19 | 5.1 Medium | ||
| GeoVision ASManager Windows desktop application with the version 6.1.2.0 or less (fixed in 6.2.0), is vulnerable to credentials disclosure due to improper memory handling in the ASManagerService.exe process. | ||||
| CVE-2025-24109 | 1 Apple | 1 Macos | 2025-03-19 | 9.8 Critical |
| A downgrade issue was addressed with additional code-signing restrictions. This issue is fixed in macOS Ventura 13.7.3, macOS Sequoia 15.3, macOS Sonoma 14.7.3. An app may be able to access sensitive user data. | ||||
| CVE-2024-48789 | 1 Inatronic | 1 Drivedeck | 2025-03-19 | 7.5 High |
| An issue in INATRONIC com.inatronic.drivedeck.home 2.6.23 allows a remote attacker to obtain sensitve information via the firmware update process. | ||||
| CVE-2024-44152 | 1 Apple | 1 Macos | 2025-03-19 | 7.5 High |
| A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sequoia 15. An app may be able to access user-sensitive data. | ||||
| CVE-2024-0020 | 1 Google | 1 Android | 2025-03-19 | 5.5 Medium |
| In onActivityResult of NotificationSoundPreference.java, there is a possible way to hear audio files belonging to a different user due to a confused deputy. This could lead to local information disclosure across users of a device with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2024-44163 | 1 Apple | 1 Macos | 2025-03-18 | 5.5 Medium |
| The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. A malicious application may be able to access private information. | ||||
| CVE-2024-39817 | 1 Cybozu | 1 Office | 2025-03-18 | 6.5 Medium |
| Insertion of sensitive information into sent data issue exists in Cybozu Office 10.0.0 to 10.8.6, which may allow a user who can login to the product to view data that the user does not have access by conducting 'search' under certain conditions in Custom App. | ||||
| CVE-2024-34897 | 2025-03-18 | 7.5 High | ||
| Nedis SmartLife android app v1.4.0 was discovered to contain an API key disclosure vulnerability. | ||||
| CVE-2018-13873 | 1 Hdfgroup | 1 Hdf5 | 2025-03-18 | 9.8 Critical |
| An issue was discovered in the HDF HDF5 1.8.20 library. There is a buffer over-read in H5O_chunk_deserialize in H5Ocache.c. | ||||
| CVE-2024-42006 | 1 Keyfactor | 1 Aws Orchestrator | 2025-03-18 | 7.5 High |
| Keyfactor AWS Orchestrator through 2.0 allows Information Disclosure. | ||||
| CVE-2024-40842 | 1 Apple | 1 Macos | 2025-03-18 | 5.5 Medium |
| An issue was addressed with improved validation of environment variables. This issue is fixed in macOS Sequoia 15. An app may be able to access user-sensitive data. | ||||
| CVE-2025-22918 | 2025-03-18 | 7.5 High | ||
| Polycom RealPresence Group 500 <=20 has Insecure Permissions due to automatically loaded cookies. This allows for the use of administrator functions, resulting in the leakage of sensitive user information. | ||||
| CVE-2024-51163 | 1 Vegam Solutions | 1 Vegam 4i | 2025-03-18 | 7.5 High |
| A Local File Inclusion vulnerability in Vegam Solutions Vegam 4i versions 6.3.47.0 and earlier allows a remote attacker to obtain sensitive information through the print label function. Specifically, the filePathList parameter is susceptible to LFI, enabling a malicious user to include files from the web server, such as web.config or /etc/host, leading to the disclosure of sensitive information. | ||||