Total
368 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-26152 | 1 Microsoft | 29 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 26 more | 2026-04-20 | 7 High |
| Insecure storage of sensitive information in Windows Cryptographic Services allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-20629 | 1 Apple | 1 Macos | 2026-04-16 | 5.5 Medium |
| A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Tahoe 26.3. An app may be able to access user-sensitive data. | ||||
| CVE-2024-56965 | 2026-04-15 | 6.5 Medium | ||
| An issue in Shanghai Shizhi Information Technology Co., Ltd Shihuo iOS 8.16.0 allows attackers to access sensitive user information via supplying a crafted link. | ||||
| CVE-2024-49201 | 2026-04-15 | 4.3 Medium | ||
| Keyfactor Remote File Orchestrator (aka remote-file-orchestrator) 2.8 before 2.8.1 allows Information Disclosure: sensitive information could be exposed at the debug logging level. | ||||
| CVE-2025-53507 | 2026-04-15 | N/A | ||
| Multiple products provided by iND Co.,Ltd contain an insecure storage of sensitive information vulnerability. If exploited, configuration information, such as admin password, may be disclosed. As for the details of affected product names and versions, refer to the information under [Product Status]. | ||||
| CVE-2025-10971 | 3 Apple, Fermax, Google | 3 Ios, Meetme, Android | 2026-04-15 | N/A |
| Insecure Storage of Sensitive Information vulnerability in MeetMe on iOS, Android allows Retrieve Embedded Sensitive Data. This issue affects MeetMe: through v2.2.5. | ||||
| CVE-2024-56953 | 2026-04-15 | 6.5 Medium | ||
| An issue in Baidu (China) Co Ltd Baidu Input Method (iOS version) v12.6.13 allows attackers to access user information via supplying a crafted link. | ||||
| CVE-2025-60856 | 1 Reolink | 2 Reolink, Video Doorbell | 2026-04-15 | 6.8 Medium |
| Reolink Video Doorbell WiFi DB_566128M5MP_W allows root shell access through an unsecured UART/serial console. An attacker with physical access can connect to the exposed interface and execute arbitrary commands with root privileges. NOTE: this is disputed by the Supplier because of "certain restrictions on users privately connecting serial port cables" and because "the root user has a password and it meets the requirements of password security complexity." | ||||
| CVE-2024-56952 | 2026-04-15 | 6.5 Medium | ||
| An issue in Beijing Baidu Netcom Science & Technology Co Ltd Baidu Lite app (iOS version) 6.40.0 allows attackers to access user information via supplying a crafted link. | ||||
| CVE-2024-39339 | 1 Globalsuzuki | 1 Smartplay Headunit Firmware | 2026-04-15 | 7.5 High |
| A vulnerability has been discovered in all versions of Smartplay headunits, which are widely used in Suzuki and Toyota cars. This misconfiguration can lead to information disclosure, leaking sensitive details such as diagnostic log traces, system logs, headunit passwords, and personally identifiable information (PII). The exposure of such information may have serious implications for user privacy and system integrity. | ||||
| CVE-2024-56967 | 2026-04-15 | 6.5 Medium | ||
| An issue in Cloud Whale Interactive Technology LLC. PolyBuzz iOS 2.0.20 allows attackers to access sensitive user information via supplying a crafted link. | ||||
| CVE-2024-35526 | 2026-04-15 | 5.9 Medium | ||
| An issue in Daemon PTY Limited FarCry Core framework before 7.2.14 allows attackers to access sensitive information in the /facade directory. | ||||
| CVE-2020-10368 | 2026-04-15 | 3.5 Low | ||
| Certain Cypress (and Broadcom) Wireless Combo chips, when a January 2021 firmware update is not present, allow memory read access via a "Spectra" attack. | ||||
| CVE-2024-38453 | 1 Avalara | 1 Avalara For Salesforce Cpq | 2026-04-15 | 7.5 High |
| The Avalara for Salesforce CPQ app before 7.0 for Salesforce allows attackers to read an API key. NOTE: the current version is 11 as of mid-2024. | ||||
| CVE-2025-2489 | 2026-04-15 | N/A | ||
| Insecure information storage vulnerability in NTFS Tools version 3.5.1. Exploitation of this vulnerability could allow an attacker to know the application password, stored in /Users/user/Library/Application Support/ntfs-tool/config.json. | ||||
| CVE-2024-54728 | 2026-04-15 | 6.5 Medium | ||
| Incorrect access control in BYD QIN PLUS DM-i Dilink OS 3.0_13.1.7.2204050.1 allows unauthorized attackers to access system logcat logs. | ||||
| CVE-2024-48939 | 1 Paxton-access | 1 Net2 | 2026-04-15 | 7.5 High |
| Insufficient validation performed on the REST API License file in Paxton Net2 before 6.07.14023.5015 (SR4) enables use of the REST API with an invalid License File. Attackers may be able to retrieve access-log data. | ||||
| CVE-2024-56949 | 2026-04-15 | 6.5 Medium | ||
| An issue in Guangzhou Polar Future Culture Technology Co., Ltd University Search iOS 2.27.0 allows attackers to access sensitive user information via supplying a crafted link. | ||||
| CVE-2024-56954 | 2026-04-15 | 6.5 Medium | ||
| An issue in Beijing Baidu Netcom Science & Technology Co Ltd Haokan Video iOS 7.70.0 allows attackers to access sensitive user information via supplying a crafted link. | ||||
| CVE-2024-56955 | 2026-04-15 | 6.5 Medium | ||
| An issue in Tencent Technology (Shenzhen) Company Limited QQMail iOS 6.6.4 allows attackers to access sensitive user information via supplying a crafted link. | ||||