Total
348 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-53931 | 2025-01-23 | 9.1 Critical | ||
| The com.glitter.caller.screen (aka iCaller, Caller Theme & Dialer) application through 1.1 for Android enables any application (with no permissions) to place phone calls without user interaction by sending a crafted intent via the com.glitter.caller.screen.DialerActivity component. | ||||
| CVE-2024-52519 | 1 Nextcloud | 1 Nextcloud Server | 2025-01-23 | 2.7 Low |
| Nextcloud Server is a self hosted personal cloud system. The OAuth2 client secrets were stored in a recoverable way, so that an attacker that got access to a backup of the database and the Nextcloud config file, would be able to decrypt them. It is recommended that the Nextcloud Server is upgraded to 28.0.10 or 29.0.7 and Nextcloud Enterprise Server is upgraded to 27.1.11.8, 28.0.10 or 29.0.7. | ||||
| CVE-2023-29727 | 1 Applika | 1 Call Blocker | 2025-01-13 | 9.8 Critical |
| The Call Blocker application 6.6.3 for Android allows unauthorized applications to use exposed components to delete data stored in its database that is related to user privacy settings and affects the implementation of the normal functionality of the application. An attacker can use this to cause an escalation of privilege attack. | ||||
| CVE-2024-3733 | 1 Wpdeveloper | 1 Essential Addons For Elementor | 2025-01-10 | 5.3 Medium |
| The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.9.15 via the ajax_load_more() , eael_woo_pagination_product_ajax(), and ajax_eael_product_gallery() functions. This makes it possible for unauthenticated attackers to extract posts that may be in private or draft status. | ||||
| CVE-2023-22687 | 1 Freesoul Deactivate Plugins - Plugin Manager And Cleanup Project | 1 Freesoul Deactivate Plugins - Plugin Manager And Cleanup | 2025-01-10 | 3.7 Low |
| Insecure Storage of Sensitive Information vulnerability in Jose Mortellaro Freesoul Deactivate Plugins – Plugin manager and cleanup plugin <= 1.9.4.0 versions. | ||||
| CVE-2024-8899 | 1 Jegtheme | 1 Jeg Elementor Kit | 2025-01-09 | 4.3 Medium |
| The Jeg Elementor Kit plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.9 via the render_content function in class/elements/views/class-tabs-view.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft template data. | ||||
| CVE-2024-31278 | 1 Leap13 | 1 Premium Addons For Elementor | 2025-01-09 | 4.3 Medium |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Leap13 Premium Addons for Elementor.This issue affects Premium Addons for Elementor: from n/a through 4.10.22. | ||||
| CVE-2024-2974 | 1 Wpdeveloper | 1 Essential Addons For Elementor | 2025-01-08 | 5.3 Medium |
| The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 5.9.13 via the load_more function. This can allow unauthenticated attackers to extract sensitive data including private and draft posts. | ||||
| CVE-2023-3064 | 1 Mobatime | 1 Amxgt 100 | 2025-01-08 | 7.5 High |
| Anonymous user may get the list of existing users managed by the application, that could ease further attacks (see CVE-2023-3065 and 3066)This issue affects Mobatime mobile application AMXGT100 through 1.3.20. | ||||
| CVE-2023-29757 | 1 Leap | 1 Blue Light Filter | 2025-01-06 | 7.8 High |
| An issue found in Blue Light Filter v.1.5.5 for Android allows unauthorized apps to cause escalation of privilege attacks by manipulating the SharedPreference files. | ||||
| CVE-2023-29755 | 1 Urbanandroid | 1 Twilight | 2025-01-06 | 7.8 High |
| An issue found in Twilight v.13.3 for Android allows unauthorized apps to cause escalation of privilege attacks by manipulating the SharedPreference files. | ||||
| CVE-2024-49201 | 2024-12-21 | 4.3 Medium | ||
| Keyfactor Remote File Orchestrator (aka remote-file-orchestrator) 2.8 before 2.8.1 allows Information Disclosure: sensitive information could be exposed at the debug logging level. | ||||
| CVE-2024-34721 | 1 Google | 1 Android | 2024-12-17 | 6.2 Medium |
| In ensureFileColumns of MediaProvider.java, there is a possible disclosure of files owned by another user due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2024-21826 | 1 Openatom | 1 Openharmony | 2024-12-16 | 4.3 Medium |
| in OpenHarmony v3.2.4 and prior versions allow a local attacker cause sensitive information leak through insecure storage. | ||||
| CVE-2024-44200 | 1 Apple | 2 Ipados, Iphone Os | 2024-12-13 | 5.5 Medium |
| This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 18.1 and iPadOS 18.1. An app may be able to read sensitive location information. | ||||
| CVE-2024-12082 | 1 Openatom | 1 Openharmony | 2024-12-11 | 5.5 Medium |
| in OpenHarmony v4.0.0 and prior versions allow a local attacker cause information leak through out-of-bounds Read. | ||||
| CVE-2024-37144 | 2024-12-10 | 8.2 High | ||
| Dell PowerFlex appliance versions prior to IC 46.381.00 and IC 46.376.00, Dell PowerFlex rack versions prior to RCM 3.8.1.0 (for RCM 3.8.x train) and prior to RCM 3.7.6.0 (for RCM 3.7.x train), Dell PowerFlex custom node using PowerFlex Manager versions prior to 4.6.1.0, Dell InsightIQ versions prior to 5.1.1, and Dell Data Lakehouse versions prior to 1.2.0.0 contain an Insecure Storage of Sensitive Information vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to information disclosure. The attacker may be able to use information disclosed to gain unauthorized access to pods within the cluster. | ||||
| CVE-2024-47043 | 2 Ruijie, Ruijienetworks | 2 Reyee Os, Reyee Os | 2024-12-10 | 7.5 High |
| Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could enable an attacker to correlate a device serial number and the user's phone number and part of the email address. | ||||
| CVE-2023-32415 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2024-12-05 | 5.5 Medium |
| This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 16.5 and iPadOS 16.5, tvOS 16.5, macOS Ventura 13.4. An app may be able to read sensitive location information. | ||||
| CVE-2024-48783 | 1 Ruijie | 2 Nbr3000d-e, Nbr3000d-e Firmware | 2024-12-04 | 4.3 Medium |
| An issue in Ruijie NBR3000D-E Gateway allows a remote attacker to obtain sensitive information via the /tool/shell/postgresql.conf component. | ||||