Total
9647 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-54473 | 1 Apple | 1 Macos | 2025-03-14 | 5.5 Medium |
| This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sequoia 15. An app may be able to access user-sensitive data. | ||||
| CVE-2024-40798 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2025-03-13 | 3.3 Low |
| This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sonoma 14.6, iOS 16.7.9 and iPadOS 16.7.9, macOS Monterey 12.7.6, macOS Ventura 13.6.8. An app may be able to read Safari's browsing history. | ||||
| CVE-2024-40836 | 1 Apple | 5 Ipad Os, Ipados, Iphone Os and 2 more | 2025-03-13 | 7.5 High |
| A logic issue was addressed with improved checks. This issue is fixed in watchOS 10.6, macOS Sonoma 14.6, iOS 17.6 and iPadOS 17.6, iOS 16.7.9 and iPadOS 16.7.9. A shortcut may be able to use sensitive data with certain actions without prompting the user. | ||||
| CVE-2023-42936 | 1 Apple | 8 Ipados, Iphone Os, Macos and 5 more | 2025-03-13 | 5.5 Medium |
| This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Monterey 12.7.2, macOS Ventura 13.6.3, iOS 17.2 and iPadOS 17.2, tvOS 17.2, watchOS 10.2, macOS Sonoma 14.2. An app may be able to access user-sensitive data. | ||||
| CVE-2025-24134 | 1 Apple | 1 Macos | 2025-03-13 | 5.5 Medium |
| An information disclosure issue was addressed with improved privacy controls. This issue is fixed in macOS Sequoia 15.3. An app may be able to access user-sensitive data. | ||||
| CVE-2024-27830 | 1 Apple | 7 Ipados, Iphone Os, Macos and 4 more | 2025-03-13 | 6.5 Medium |
| This issue was addressed through improved state management. This issue is fixed in tvOS 17.5, visionOS 1.2, Safari 17.5, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. A maliciously crafted webpage may be able to fingerprint the user. | ||||
| CVE-2024-27884 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2025-03-13 | 5.5 Medium |
| This issue was addressed with a new entitlement. This issue is fixed in macOS Sonoma 14.5, watchOS 10.5, visionOS 1.2, tvOS 17.5, iOS 17.5 and iPadOS 17.5. An app may be able to access user-sensitive data. | ||||
| CVE-2024-31869 | 1 Apache | 1 Airflow | 2025-03-13 | 5.3 Medium |
| Airflow versions 2.7.0 through 2.8.4 have a vulnerability that allows an authenticated user to see sensitive provider configuration via the "configuration" UI page when "non-sensitive-only" was set as "webserver.expose_config" configuration (The celery provider is the only community provider currently that has sensitive configurations). You should migrate to Airflow 2.9 or change your "expose_config" configuration to False as a workaround. This is similar, but different to CVE-2023-46288 https://github.com/advisories/GHSA-9qqg-mh7c-chfq which concerned API, not UI configuration page. | ||||
| CVE-2024-21209 | 1 Oracle | 2 Mysql, Mysql Client | 2025-03-13 | 2 Low |
| Vulnerability in the MySQL Client product of Oracle MySQL (component: Client: mysqldump). Supported versions that are affected are 8.4.2 and prior and 9.0.1 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Client accessible data. CVSS 3.1 Base Score 2.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N). | ||||
| CVE-2024-27897 | 1 Huawei | 2 Emui, Harmonyos | 2025-03-13 | 7.5 High |
| Input verification vulnerability in the call module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2024-48796 | 1 Eques | 1 Eques | 2025-03-13 | 7.5 High |
| An issue in EQUES com.eques.plug 1.0.1 allows a remote attacker to obtain sensitive information via the firmware update process. | ||||
| CVE-2024-44180 | 1 Apple | 2 Ipados, Iphone Os | 2025-03-13 | 2.4 Low |
| The issue was addressed with improved checks. This issue is fixed in iOS 18 and iPadOS 18. An attacker with physical access may be able to access contacts from the lock screen. | ||||
| CVE-2023-52097 | 1 Huawei | 2 Emui, Harmonyos | 2025-03-13 | 7.5 High |
| Vulnerability of foreground service restrictions being bypassed in the NMS module.Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2025-27604 | 1 Xwiki | 1 Confluence Migrator | 2025-03-13 | 7.5 High |
| XWiki Confluence Migrator Pro helps admins to import confluence packages into their XWiki instance. The homepage of the application is public which enables a guest to download the package which might contain sensitive information. This vulnerability is fixed in 1.11.7. | ||||
| CVE-2024-54475 | 1 Apple | 1 Macos | 2025-03-13 | 3.3 Low |
| A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sonoma 14.7.2, macOS Sequoia 15.2, macOS Ventura 13.7.2. An app may be able to determine a user’s current location. | ||||
| CVE-2024-21205 | 1 Oracle | 2 Fusion Middleware, Service Bus | 2025-03-13 | 6.5 Medium |
| Vulnerability in the Oracle Service Bus product of Oracle Fusion Middleware (component: OSB Core Functionality). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Service Bus. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Service Bus accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). | ||||
| CVE-2024-10321 | 1 Themesgrove | 1 All-in-one Addons For Elementor | 2025-03-13 | 4.3 Medium |
| The All-in-One Addons for Elementor – WidgetKit plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.5.4 in elements/advanced-tab/template/view.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft template data. | ||||
| CVE-2025-1322 | 1 Plechevandrey | 1 Wp-recall | 2025-03-13 | 4.3 Medium |
| The WP-Recall – Registration, Profile, Commerce & More plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 16.26.10 via the 'feed' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for unauthenticated attackers to view data from password protected, private, or draft posts that they should not have access to. | ||||
| CVE-2023-0597 | 2 Linux, Redhat | 4 Linux Kernel, Enterprise Linux, Rhel Eus and 1 more | 2025-03-12 | 5.5 Medium |
| A flaw possibility of memory leak in the Linux kernel cpu_entry_area mapping of X86 CPU data to memory was found in the way user can guess location of exception stack(s) or other important data. A local user could use this flaw to get access to some important data with expected location in memory. | ||||
| CVE-2022-43930 | 2 Ibm, Microsoft | 2 Db2, Windows | 2025-03-12 | 6.2 Medium |
| IBM Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 is vulnerable to an Information Disclosure as sensitive information may be included in a log file. IBM X-Force ID: 241677. | ||||