Total
668 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-1846 | 1 Google | 1 Chrome | 2025-04-11 | 10.0 HIGH | N/A |
| Google Chrome 17.0.963.66 and earlier allows remote attackers to bypass the sandbox protection mechanism by leveraging access to a sandboxed process, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012. NOTE: the primary affected product may be clarified later; it was not identified by the researcher, who reportedly stated "it really doesn't matter if it's third-party code." | |||||
| CVE-2011-1258 | 1 Microsoft | 6 Internet Explorer, Windows 7, Windows Server 2003 and 3 more | 2025-04-11 | 4.3 MEDIUM | N/A |
| Microsoft Internet Explorer 6 through 8 does not properly restrict web script, which allows user-assisted remote attackers to obtain sensitive information from a different (1) domain or (2) zone via vectors involving a drag-and-drop operation, aka "Drag and Drop Information Disclosure Vulnerability." | |||||
| CVE-2011-1960 | 1 Microsoft | 6 Internet Explorer, Windows 7, Windows Server 2003 and 3 more | 2025-04-11 | 4.3 MEDIUM | N/A |
| Microsoft Internet Explorer 6 through 9 does not properly implement JavaScript event handlers, which allows remote attackers to access content from a different (1) domain or (2) zone via unspecified script code, aka "Event Handlers Information Disclosure Vulnerability." | |||||
| CVE-2022-45935 | 1 Apache | 1 James | 2025-04-10 | N/A | 5.5 MEDIUM |
| Usage of temporary files with insecure permissions by the Apache James server allows an attacker with local access to access private user data in transit. Vulnerable components includes the SMTP stack and IMAP APPEND command. This issue affects Apache James server version 3.7.2 and prior versions. | |||||
| CVE-2021-26343 | 1 Amd | 48 Epyc 7003, Epyc 7003 Firmware, Epyc 72f3 and 45 more | 2025-04-09 | N/A | 5.5 MEDIUM |
| Insufficient validation in ASP BIOS and DRTM commands may allow malicious supervisor x86 software to disclose the contents of sensitive memory which may result in information disclosure. | |||||
| CVE-2022-24913 | 1 Java-merge-sort Project | 1 Java-merge-sort | 2025-04-08 | N/A | 5.5 MEDIUM |
| Versions of the package com.fasterxml.util:java-merge-sort before 1.1.0 are vulnerable to Insecure Temporary File in the StdTempFileProvider() function in StdTempFileProvider.java, which uses the permissive File.createTempFile() function, exposing temporary file contents. | |||||
| CVE-2023-32019 | 1 Microsoft | 8 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 5 more | 2025-04-08 | N/A | 4.7 MEDIUM |
| Windows Kernel Information Disclosure Vulnerability | |||||
| CVE-2022-45438 | 1 Apache | 1 Superset | 2025-04-07 | N/A | 5.3 MEDIUM |
| When explicitly enabling the feature flag DASHBOARD_CACHE (disabled by default), the system allowed for an unauthenticated user to access dashboard configuration metadata using a REST API Get endpoint. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0. | |||||
| CVE-2004-1489 | 1 Opera | 1 Opera Browser | 2025-04-03 | 2.6 LOW | N/A |
| Opera 7.54 and earlier does not properly limit an applet's access to internal Java packages from Sun, which allows remote attackers to gain sensitive information, such as user names and the installation directory. | |||||
| CVE-2001-0893 | 1 Acme | 1 Mini Httpd | 2025-04-03 | 5.0 MEDIUM | N/A |
| Acme mini_httpd before 1.16 allows remote attackers to view sensitive files under the document root (such as .htpasswd) via a GET request with a trailing /. | |||||
| CVE-2001-0892 | 1 Acme | 1 Thttpd | 2025-04-03 | 5.0 MEDIUM | N/A |
| Acme Thttpd Secure Webserver before 2.22, with the chroot option enabled, allows remote attackers to view sensitive files under the document root (such as .htpasswd) via a GET request with a trailing /. | |||||
| CVE-2021-41989 | 1 Qlik | 1 Qlikview | 2025-04-01 | N/A | 7.8 HIGH |
| Qlik QlikView through 12.60.20100.0 creates a Temporary File in a Directory with Insecure Permissions. | |||||
| CVE-2021-41988 | 1 Qlik | 1 Nprinting Designer | 2025-04-01 | N/A | 7.8 HIGH |
| Qlik NPrinting Designer through 21.14.3.0 creates a Temporary File in a Directory with Insecure Permissions. | |||||
| CVE-2023-25192 | 1 Ami | 1 Megarac Sp-x | 2025-03-19 | N/A | 5.3 MEDIUM |
| AMI MegaRAC SPX devices allow User Enumeration through Redfish. The fixed versions are SPx12-update-7.00 and SPx13-update-5.00. | |||||
| CVE-2023-26081 | 2 Fedoraproject, Gnome | 2 Fedora, Epiphany | 2025-03-18 | N/A | 7.5 HIGH |
| In Epiphany (aka GNOME Web) through 43.0, untrusted web content can trick users into exfiltrating passwords, because autofill occurs in sandboxed contexts. | |||||
| CVE-2024-40725 | 1 Apache | 1 Http Server | 2025-03-14 | N/A | 5.3 MEDIUM |
| A partial fix for CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some use of the legacy content-type based configuration of handlers. "AddType" and similar configuration, under some circumstances where files are requested indirectly, result in source code disclosure of local content. For example, PHP scripts may be served instead of interpreted. Users are recommended to upgrade to version 2.4.62, which fixes this issue. | |||||
| CVE-2023-0481 | 1 Quarkus | 1 Quarkus | 2025-03-12 | N/A | 3.3 LOW |
| In RestEasy Reactive implementation of Quarkus the insecure File.createTempFile() is used in the FileBodyHandler class which creates temp files with insecure permissions that could be read by a local user. | |||||
| CVE-2022-44310 | 1 Ecdh Project | 1 Ecdh | 2025-03-12 | N/A | 7.5 HIGH |
| In Development IL ecdh before 0.2.0, an attacker can send an invalid point (not on the curve) as the public key, and obtain the derived shared secret. | |||||
| CVE-2023-22777 | 1 Arubanetworks | 2 Arubaos, Sd-wan | 2025-03-07 | N/A | 4.9 MEDIUM |
| An authenticated information disclosure vulnerability exists in the ArubaOS web-based management interface. Successful exploitation of this vulnerability results in the ability to read arbitrary files in the underlying operating system. | |||||
| CVE-2023-22775 | 1 Arubanetworks | 2 Arubaos, Sd-wan | 2025-03-07 | N/A | 6.5 MEDIUM |
| A vulnerability exists which allows an authenticated attacker to access sensitive information on the ArubaOS command line interface. Successful exploitation could allow access to data beyond what is authorized by the users existing privilege level. | |||||