Search Results (621 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-37728 1 Officeweb365 1 Officeweb365 2026-04-15 7.5 High
Arbitrary File Read vulnerability in Xi'an Daxi Information Technology Co., Ltd OfficeWeb365 v.7.18.23.0 and v8.6.1.0 allows a remote attacker to obtain sensitive information via the "Pic/Indexes" interface
CVE-2024-3723 1 Vsourz 1 Advanced Cf7 Db 2026-04-15 5.3 Medium
The Advanced Contact form 7 DB plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.0.2 via the wp-content/uploads/advanced-cf7-upload directory. This makes it possible for unauthenticated attackers to extract sensitive data uploaded via this plugin through a form.
CVE-2023-38655 2026-04-15 6.8 Medium
Improper buffer restrictions in firmware for some Intel(R) AMT and Intel(R) Standard Manageability may allow a privileged user to potentially enable denial of service via network access.
CVE-2025-42979 2026-04-15 5.6 Medium
The GuiXT application, which is integrated with SAP GUI for Windows, uses obfuscation algorithms instead of secure symmetric ciphers for storing the credentials of an RFC user on the client PC. This leads to a high impact on confidentiality because any attacker who gains access to the user hive of this user�s windows registry could recreate the original password. There is no impact on integrity or availability of the application
CVE-2024-39339 1 Globalsuzuki 1 Smartplay Headunit Firmware 2026-04-15 7.5 High
A vulnerability has been discovered in all versions of Smartplay headunits, which are widely used in Suzuki and Toyota cars. This misconfiguration can lead to information disclosure, leaking sensitive details such as diagnostic log traces, system logs, headunit passwords, and personally identifiable information (PII). The exposure of such information may have serious implications for user privacy and system integrity.
CVE-2025-2241 1 Redhat 2 Acm, Multicluster Engine 2026-04-15 8.2 High
A flaw was found in Hive, a component of Multicluster Engine (MCE) and Advanced Cluster Management (ACM). This vulnerability causes VCenter credentials to be exposed in the ClusterProvision object after provisioning a VSphere cluster. Users with read access to ClusterProvision objects can extract sensitive credentials even if they do not have direct access to Kubernetes Secrets. This issue can lead to unauthorized VCenter access, cluster management, and privilege escalation.
CVE-2020-10368 2026-04-15 3.5 Low
Certain Cypress (and Broadcom) Wireless Combo chips, when a January 2021 firmware update is not present, allow memory read access via a "Spectra" attack.
CVE-2025-24870 2026-04-15 6 Medium
SAP GUI for Windows & RFC service credentials are incorrectly stored in the memory of the program allowing an unauthenticated attacker to access information within systems, resulting in privilege escalation. On successful exploitation, this could result in disclosure of highly sensitive information. This has no impact on integrity, and availability.
CVE-2024-3108 2026-04-15 5.5 Medium
An implicit intent vulnerability was reported for Motorola’s Time Weather Widget application that could allow a local application to acquire the location of the device without authorization. 
CVE-2024-35311 2026-04-15 3.3 Low
Yubico YubiKey 5 Series before 5.7.0, Security Key Series before 5.7.0, YubiKey Bio Series before 5.6.4, and YubiKey 5 FIPS before 5.7.2 have Incorrect Access Control.
CVE-2024-56962 2026-04-15 6.5 Medium
An issue in Tencent Technology (Shanghai) Co., Ltd WeSing iOS v9.3.39 allows attackers to access sensitive user information via supplying a crafted link.
CVE-2023-41817 2026-04-15 2.8 Low
An improper export vulnerability was reported in the Motorola Phone Calls application that could allow a local attacker to read unauthorized information.
CVE-2023-41818 2026-04-15 5 Medium
An improper use of the SD card for sensitive data vulnerability was reported in the Motorola Device Help application that could allow a local attacker to read system logs. 
CVE-2023-41821 2026-04-15 5 Medium
A an improper export vulnerability was reported in the Motorola Setup application that could allow a local attacker to read sensitive user information. 
CVE-2023-41822 2026-04-15 4.8 Medium
An improper export vulnerability was reported in the Motorola Interface Test Tool application that could allow a malicious local application to execute OS commands. 
CVE-2023-41823 2026-04-15 4.4 Medium
An improper export vulnerability was reported in the Motorola Phone Extension application, that could allow a local attacker to execute unauthorized Activities. 
CVE-2023-41824 2026-04-15 2.8 Low
An implicit intent vulnerability was reported in the Motorola Phone Calls application that could allow a local attacker to read the calling phone number and calling data.
CVE-2023-41829 2026-04-15 5 Medium
An improper export vulnerability was reported in the Motorola Carrier Services application that could allow a malicious, local application to read files without authorization.
CVE-2024-56113 2026-04-15 7.5 High
Smart Toilet Lab - Motius 1.3.11 is running with debug mode turned on (DEBUG = True) and exposing sensitive information defined in Django settings file through verbose error page.
CVE-2025-0592 2026-04-15 8.8 High
The vulnerability may allow a remote low priviledged attacker to run arbitrary shell commands by manipulating the firmware file and uploading it to the device.