Total
10445 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-5524 | 1 Oracle | 1 Agile Product Lifecycle Management | 2025-05-08 | N/A |
| Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote attackers to affect confidentiality via unknown vectors, a different vulnerability than CVE-2016-5527. | ||||
| CVE-2016-5522 | 1 Oracle | 1 Agile Product Lifecycle Management | 2025-05-08 | N/A |
| Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote authenticated users to affect confidentiality via unknown vectors. | ||||
| CVE-2016-5510 | 1 Oracle | 1 Agile Product Lifecycle Management | 2025-05-08 | N/A |
| Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote attackers to affect confidentiality via unknown vectors. | ||||
| CVE-2016-5513 | 1 Oracle | 1 Agile Product Lifecycle Management | 2025-05-08 | N/A |
| Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote authenticated users to affect confidentiality via vectors related to File Manager. | ||||
| CVE-2017-10299 | 1 Oracle | 1 Agile Product Lifecycle Management | 2025-05-08 | N/A |
| Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain Products Suite (subcomponent: Security). Supported versions that are affected are 9.3.5 and 9.3.6. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Agile PLM. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Agile PLM accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N). | ||||
| CVE-2022-43890 | 1 Ibm | 1 Security Verify Privilege On-premises | 2025-05-08 | 5.3 Medium |
| IBM Security Verify Privilege On-Premises 11.5 could disclose sensitive information through an HTTP request that could aid an attacker in further attacks against the system. IBM X-Force ID: 240453. | ||||
| CVE-2024-21064 | 1 Oracle | 1 Business Intelligence | 2025-05-08 | 5.4 Medium |
| Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Web Answers). Supported versions that are affected are 7.0.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Business Intelligence Enterprise Edition, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N). | ||||
| CVE-2024-24309 | 1 Ecomiz | 2 Ecomiz Survey Tma, Survey Tma | 2025-05-08 | 7.5 High |
| In the module "Survey TMA" (ecomiz_survey_tma) up to version 2.0.0 from Ecomiz for PrestaShop, a guest can download personal information without restriction. | ||||
| CVE-2023-27317 | 1 Netapp | 1 Ontap | 2025-05-07 | 4.3 Medium |
| ONTAP 9 versions 9.12.1P8, 9.13.1P4, and 9.13.1P5 are susceptible to a vulnerability which will cause all SAS-attached FIPS 140-2 drives to become unlocked after a system reboot or power cycle or a single SAS-attached FIPS 140-2 drive to become unlocked after reinsertion. This could lead to disclosure of sensitive information to an attacker with physical access to the unlocked drives. | ||||
| CVE-2023-6894 | 1 Hikvision | 30 Ds-kd-bk, Ds-kd-dis, Ds-kd-e and 27 more | 2025-05-07 | 4.3 Medium |
| A vulnerability was found in Hikvision Intercom Broadcasting System 3.0.3_20201113_RELEASE(HIK). It has been classified as problematic. This affects an unknown part of the file access/html/system.html of the component Log File Handler. The manipulation leads to information disclosure. The exploit has been disclosed to the public and may be used. Upgrading to version 4.1.0 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-248253 was assigned to this vulnerability. | ||||
| CVE-2025-4271 | 1 Totolink | 2 A720r, A720r Firmware | 2025-05-07 | 5.3 Medium |
| A vulnerability was found in TOTOLINK A720R 4.1.5cu.374. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument topicurl with the input showSyslog leads to information disclosure. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-4270 | 1 Totolink | 2 A720r, A720r Firmware | 2025-05-07 | 5.3 Medium |
| A vulnerability was found in TOTOLINK A720R 4.1.5cu.374. It has been classified as problematic. Affected is an unknown function of the file /cgi-bin/cstecgi.cgi of the component Config Handler. The manipulation of the argument topicurl with the input getInitCfg/getSysStatusCfg leads to information disclosure. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-0472 | 1 Sigb | 1 Pmb | 2025-05-07 | 7.5 High |
| Information exposure in the PMB platform affecting versions 4.2.13 and earlier. This vulnerability allows an attacker to upload a file to the environment and enumerate the internal files of a machine by looking at the request response. | ||||
| CVE-2020-10195 | 1 Sygnoos | 1 Popup Builder | 2025-05-07 | 6.3 Medium |
| The popup-builder plugin before 3.64.1 for WordPress allows information disclosure and settings modification, leading to in-scope privilege escalation via admin-post actions to com/classes/Actions.php. By sending a POST request to wp-admin/admin-post.php, an authenticated attacker with minimal (subscriber-level) permissions can modify the plugin's settings to allow arbitrary roles (including subscribers) access to plugin functionality by setting the action parameter to sgpbSaveSettings, export a list of current newsletter subscribers by setting the action parameter to csv_file, or obtain system configuration information including webserver configuration and a list of installed plugins by setting the action parameter to sgpb_system_info. | ||||
| CVE-2022-33181 | 1 Broadcom | 1 Fabric Operating System | 2025-05-07 | 5.5 Medium |
| An information disclosure vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, 7.4.2.j could allow a local authenticated attacker to read sensitive files using switch commands “configshow” and “supportlink”. | ||||
| CVE-2022-32913 | 1 Apple | 4 Iphone Os, Macos, Tvos and 1 more | 2025-05-06 | 3.3 Low |
| The issue was addressed with additional restrictions on the observability of app states. This issue is fixed in macOS Big Sur 11.7, macOS Ventura 13, iOS 16, watchOS 9, macOS Monterey 12.6, tvOS 16. A sandboxed app may be able to determine which app is currently using the camera. | ||||
| CVE-2022-32862 | 1 Apple | 1 Macos | 2025-05-06 | 5.5 Medium |
| This issue was addressed with improved data protection. This issue is fixed in macOS Big Sur 11.7.1, macOS Ventura 13, macOS Monterey 12.6.1. An app with root privileges may be able to access private information. | ||||
| CVE-2022-32858 | 1 Apple | 3 Iphone Os, Macos, Watchos | 2025-05-06 | 5.5 Medium |
| The issue was addressed with improved memory handling. This issue is fixed in iOS 16, macOS Ventura 13, watchOS 9. An app may be able to leak sensitive kernel state. | ||||
| CVE-2022-32835 | 1 Apple | 2 Iphone Os, Watchos | 2025-05-06 | 3.3 Low |
| This issue was addressed with improved entitlements. This issue is fixed in iOS 16, watchOS 9. An app may be able to read a persistent device identifier. | ||||
| CVE-2022-23738 | 1 Github | 1 Enterprise Server | 2025-05-06 | 5.7 Medium |
| An improper cache key vulnerability was identified in GitHub Enterprise Server that allowed an unauthorized actor to access private repository files through a public repository. To exploit this, an actor would need to already be authorized on the GitHub Enterprise Server instance, be able to create a public repository, and have a site administrator visit a specially crafted URL. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.6 and was fixed in versions 3.2.20, 3.3.15, 3.4.10, 3.5.7, 3.6.3. This vulnerability was reported via the GitHub Bug Bounty program. | ||||