ReportizFlow
Filtered by vendor
Subscriptions
Total
342 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-56952 | 2025-01-28 | 6.5 Medium | ||
| An issue in Beijing Baidu Netcom Science & Technology Co Ltd Baidu Lite app (iOS version) 6.40.0 allows attackers to access user information via supplying a crafted link. | ||||
| CVE-2024-56951 | 2025-01-28 | 6.5 Medium | ||
| An issue in Hangzhou Bobo Technology Co Ltd UU Game Booster iOS 10.6.13 allows attackers to access sensitive user information via supplying a crafted link. | ||||
| CVE-2024-56950 | 2025-01-28 | 6.5 Medium | ||
| An issue in KuGou Technology Co., Ltd KuGou Concept iOS 4.0.61 allows attackers to access sensitive user information via supplying a crafted link. | ||||
| CVE-2024-56949 | 2025-01-28 | 6.5 Medium | ||
| An issue in Guangzhou Polar Future Culture Technology Co., Ltd University Search iOS 2.27.0 allows attackers to access sensitive user information via supplying a crafted link. | ||||
| CVE-2024-56948 | 2025-01-28 | 6.5 Medium | ||
| An issue in KuGou Technology CO. LTD KuGou Music iOS v20.0.0 allows attackers to access sensitive user information via supplying a crafted link. | ||||
| CVE-2024-56947 | 2025-01-28 | 6.5 Medium | ||
| An issue in Xiamen Meitu Technology Co., Ltd. BeautyCam iOS v12.3.60 allows attackers to access sensitive user information via supplying a crafted link. | ||||
| CVE-2022-38090 | 1 Intel | 454 Celeron J1750, Celeron J1750 Firmware, Celeron J1800 and 451 more | 2025-01-28 | 6 Medium |
| Improper isolation of shared resources in some Intel(R) Processors when using Intel(R) Software Guard Extensions may allow a privileged user to potentially enable information disclosure via local access. | ||||
| CVE-2023-31150 | 1 Selinc | 20 Sel-2241 Rtac Module, Sel-2241 Rtac Module Firmware, Sel-3350 and 17 more | 2025-01-27 | 8 High |
| A Storing Passwords in a Recoverable Format vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) database system could allow an authenticated attacker to retrieve passwords. See SEL Service Bulletin dated 2022-11-15 for more details. | ||||
| CVE-2022-44619 | 1 Intel | 1 Data Center Manager | 2025-01-27 | 8.2 High |
| Insecure storage of sensitive information in the Intel(R) DCM software before version 5.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2022-43475 | 1 Intel | 1 Data Center Manager | 2025-01-27 | 6 Medium |
| Insecure storage of sensitive information in the Intel(R) DCM software before version 5.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2023-2665 | 1 Rosariosis | 1 Rosariosis | 2025-01-24 | 7.5 High |
| Storage of Sensitive Data in a Mechanism without Access Control in GitHub repository francoisjacquet/rosariosis prior to 11.0. | ||||
| CVE-2024-56113 | 2025-01-23 | 7.5 High | ||
| Smart Toilet Lab - Motius 1.3.11 is running with debug mode turned on (DEBUG = True) and exposing sensitive information defined in Django settings file through verbose error page. | ||||
| CVE-2024-53932 | 2025-01-23 | 9.1 Critical | ||
| The com.remi.colorphone.callscreen.calltheme.callerscreen (aka Color Phone: Call Screen Theme) application through 21.1.9 for Android enables any application (with no permissions) to place phone calls without user interaction by sending a crafted intent via the com.remi.colorphone.callscreen.calltheme.callerscreen.dialer.DialerActivity component. | ||||
| CVE-2024-53931 | 2025-01-23 | 9.1 Critical | ||
| The com.glitter.caller.screen (aka iCaller, Caller Theme & Dialer) application through 1.1 for Android enables any application (with no permissions) to place phone calls without user interaction by sending a crafted intent via the com.glitter.caller.screen.DialerActivity component. | ||||
| CVE-2024-52519 | 1 Nextcloud | 1 Nextcloud Server | 2025-01-23 | 2.7 Low |
| Nextcloud Server is a self hosted personal cloud system. The OAuth2 client secrets were stored in a recoverable way, so that an attacker that got access to a backup of the database and the Nextcloud config file, would be able to decrypt them. It is recommended that the Nextcloud Server is upgraded to 28.0.10 or 29.0.7 and Nextcloud Enterprise Server is upgraded to 27.1.11.8, 28.0.10 or 29.0.7. | ||||
| CVE-2023-29727 | 1 Applika | 1 Call Blocker | 2025-01-13 | 9.8 Critical |
| The Call Blocker application 6.6.3 for Android allows unauthorized applications to use exposed components to delete data stored in its database that is related to user privacy settings and affects the implementation of the normal functionality of the application. An attacker can use this to cause an escalation of privilege attack. | ||||
| CVE-2024-3733 | 1 Wpdeveloper | 1 Essential Addons For Elementor | 2025-01-11 | 5.3 Medium |
| The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.9.15 via the ajax_load_more() , eael_woo_pagination_product_ajax(), and ajax_eael_product_gallery() functions. This makes it possible for unauthenticated attackers to extract posts that may be in private or draft status. | ||||
| CVE-2023-22687 | 1 Freesoul Deactivate Plugins - Plugin Manager And Cleanup Project | 1 Freesoul Deactivate Plugins - Plugin Manager And Cleanup | 2025-01-10 | 3.7 Low |
| Insecure Storage of Sensitive Information vulnerability in Jose Mortellaro Freesoul Deactivate Plugins – Plugin manager and cleanup plugin <= 1.9.4.0 versions. | ||||
| CVE-2024-8899 | 1 Jegtheme | 1 Jeg Elementor Kit | 2025-01-09 | 4.3 Medium |
| The Jeg Elementor Kit plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.9 via the render_content function in class/elements/views/class-tabs-view.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft template data. | ||||
| CVE-2024-31278 | 1 Leap13 | 1 Premium Addons For Elementor | 2025-01-09 | 4.3 Medium |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Leap13 Premium Addons for Elementor.This issue affects Premium Addons for Elementor: from n/a through 4.10.22. | ||||