High
CVSS: 8.2
Use of weak credentials in the Tenda RX2 Pro 16.03.30.14 allows an unauthenticated attacker to authenticate to the telnet service by calculating the root password based on easily-obtained device information. The password is based on the las…
Medium
CVSS: 4.1
CWE-922: Insecure Storage of Sensitive Information vulnerability exists that could potentially lead to unauthorized
access of confidential data when a malicious user, having physical access and advanced information on the file
system, sets…
High
CVSS: 7.1
Insecure storage of sensitive information in Windows Kerberos allows an authorized attacker to bypass a security feature locally.
Medium
CVSS: 4.0
Improper access control in Galaxy Watch prior to SMR Apr-2025 Release 1 allows local attackers to access sensitive information of Galaxy watch.
Medium
CVSS: 6.8
Insecure information storage vulnerability in NTFS Tools version 3.5.1. Exploitation of this vulnerability could allow an attacker to know the application password, stored in /Users/user/Library/Application Support/ntfs-tool/config.json.
High
CVSS: 8.2
A flaw was found in Hive, a component of Multicluster Engine (MCE) and Advanced Cluster Management (ACM). This vulnerability causes VCenter credentials to be exposed in the ClusterProvision object after provisioning a VSphere cluster. Users…
Low
CVSS: 3.3
A flaw was found in Foreman/Red Hat Satellite. Improper file permissions allow low-privileged OS users to monitor and access temporary files under /var/tmp, exposing sensitive command outputs, such as /etc/shadow. This issue can lead to inf…
Medium
CVSS: 6.2
Incorrect default permission in DiagMonAgent prior to SMR Mar-2025 Release 1 allows local attackers to access data within Galaxy Watch.
Medium
CVSS: 5.5
in OpenHarmony v5.0.2 and prior versions allow a local attacker cause information leak through out-of-bounds read bypass permission check.
Medium
CVSS: 6.3
The connection string visible to users with access to FRSCore database on Foreseer Reporting Software (FRS) VM, this
string can be used for gaining administrative access to the 4crXref database. This vulnerability has been resolved in the l…
High
CVSS: 7.5
The Export All Posts, Products, Orders, Refunds & Users plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.9.3 via the exports directory. This makes it possible for unauthenticated a…
Medium
CVSS: 4.1
Inclusion of sensitive information in test code in softsim trustlet prior to SMR Jan-2025 Release 1 allows local privileged attackers to get test key.
High
CVSS: 7.2
RuoYi v4.8.0 was discovered to allow unauthorized attackers to view the session ID of the admin in the system monitoring. This issue can allow attackers to impersonate Admin users via using a crafted cookie.
High
CVSS: 7.5
An issue in CMSimple v.5.16 allows a remote attacker to obtain sensitive information via a crafted script to the validate link function.
Medium
CVSS: 5.5
This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.4, macOS Sequoia 15.3, visionOS 2.3, watchOS 11.3. An app may be able to fingerprint the user.
Medium
CVSS: 5.5
This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sequoia 15.3. An app may be able to access user-sensitive data.
Medium
CVSS: 6.5
Xerox Workplace Suite stores tokens in session storage, which may expose them to potential access if a user's session is compromised.
The patch for this vulnerability will be included in a future release of Workplace Suite, and customers…
Medium
CVSS: 4.9
Information Disclosure in API in Replicated Replicated Classic versions prior to 2.53.1 on all platforms allows authenticated users with Admin Console access to retrieve sensitive data, including application secrets, via accessing container…
High
CVSS: 7.1
Windows Kerberos Security Feature Bypass Vulnerability
High
CVSS: 7.5
An access control issue in the component /api/squareComment/DelectSquareById of iceCMS v2.2.0 allows unauthenticated attackers to access sensitive information.