Search Results (374 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-49201 2026-04-15 4.3 Medium
Keyfactor Remote File Orchestrator (aka remote-file-orchestrator) 2.8 before 2.8.1 allows Information Disclosure: sensitive information could be exposed at the debug logging level.
CVE-2024-48939 1 Paxton-access 1 Net2 2026-04-15 7.5 High
Insufficient validation performed on the REST API License file in Paxton Net2 before 6.07.14023.5015 (SR4) enables use of the REST API with an invalid License File. Attackers may be able to retrieve access-log data.
CVE-2024-48770 1 Starvedia 1 Com.wisdomcity.zwave 2026-04-15 8.2 High
An issue in Plug n Play Camera com.wisdomcity.zwave 1.1.0 allows a remote attacker to obtain sensitive information via the firmware update process.
CVE-2025-42979 2026-04-15 5.6 Medium
The GuiXT application, which is integrated with SAP GUI for Windows, uses obfuscation algorithms instead of secure symmetric ciphers for storing the credentials of an RFC user on the client PC. This leads to a high impact on confidentiality because any attacker who gains access to the user hive of this user�s windows registry could recreate the original password. There is no impact on integrity or availability of the application
CVE-2025-37100 2026-04-15 7.7 High
A vulnerability in the APIs of HPE Aruba Networking Private 5G Core could potentially expose sensitive information to unauthorized users. A successful exploitation could allow an attacker to iteratively navigate through the filesystem and ultimately download protected system files containing sensitive information.
CVE-2024-56959 2026-04-15 6.5 Medium
An issue in Mashang Consumer Finance Co., Ltd Anyihua iOS 3.6.2 allows attackers to access sensitive user information via supplying a crafted link.
CVE-2025-2489 2026-04-15 N/A
Insecure information storage vulnerability in NTFS Tools version 3.5.1. Exploitation of this vulnerability could allow an attacker to know the application password, stored in /Users/user/Library/Application Support/ntfs-tool/config.json.
CVE-2024-56963 2026-04-15 6.5 Medium
An issue in Beijing Sogou Technology Development Co., Ltd Sogou Input iOS 12.2.0 allows attackers to access sensitive user information via supplying a crafted link.
CVE-2025-60856 1 Reolink 2 Reolink, Video Doorbell 2026-04-15 6.8 Medium
Reolink Video Doorbell WiFi DB_566128M5MP_W allows root shell access through an unsecured UART/serial console. An attacker with physical access can connect to the exposed interface and execute arbitrary commands with root privileges. NOTE: this is disputed by the Supplier because of "certain restrictions on users privately connecting serial port cables" and because "the root user has a password and it meets the requirements of password security complexity."
CVE-2024-56948 2026-04-15 6.5 Medium
An issue in KuGou Technology CO. LTD KuGou Music iOS v20.0.0 allows attackers to access sensitive user information via supplying a crafted link.
CVE-2024-56962 2026-04-15 6.5 Medium
An issue in Tencent Technology (Shanghai) Co., Ltd WeSing iOS v9.3.39 allows attackers to access sensitive user information via supplying a crafted link.
CVE-2025-10971 3 Apple, Fermax, Google 3 Ios, Meetme, Android 2026-04-15 N/A
Insecure Storage of Sensitive Information vulnerability in MeetMe on iOS, Android allows Retrieve Embedded Sensitive Data. This issue affects MeetMe: through v2.2.5.
CVE-2024-56971 2026-04-15 6.5 Medium
An issue in Zhiyuan Yuedu (Guangzhou) Literature Information Technology Co., Ltd Shuqi Novel iOS 5.3.8 allows attackers to access sensitive user information via supplying a crafted link.
CVE-2024-56955 2026-04-15 6.5 Medium
An issue in Tencent Technology (Shenzhen) Company Limited QQMail iOS 6.6.4 allows attackers to access sensitive user information via supplying a crafted link.
CVE-2024-53931 2026-04-15 9.1 Critical
The com.glitter.caller.screen (aka iCaller, Caller Theme & Dialer) application through 1.1 for Android enables any application (with no permissions) to place phone calls without user interaction by sending a crafted intent via the com.glitter.caller.screen.DialerActivity component.
CVE-2024-56968 2026-04-15 6.5 Medium
An issue in Shenzhen Intellirocks Tech Co. Ltd Govee Home iOS 6.5.01 allows attackers to access sensitive user information via supplying a crafted payload.
CVE-2024-56967 2026-04-15 6.5 Medium
An issue in Cloud Whale Interactive Technology LLC. PolyBuzz iOS 2.0.20 allows attackers to access sensitive user information via supplying a crafted link.
CVE-2024-56957 2026-04-15 6.5 Medium
An issue in Kingsoft Office Software Corporation Limited WPS Office iOS 12.20.0 allows attackers to access sensitive user information via supplying a crafted link.
CVE-2024-56966 2026-04-15 6.5 Medium
An issue in Shanghai Xuan Ting Entertainment Information & Technology Co., Ltd Qidian Reader iOS 5.9.384 allows attackers to access sensitive user information via supplying a crafted link.
CVE-2025-2440 2026-04-15 4.2 Medium
CWE-922: Insecure Storage of Sensitive Information vulnerability exists that could potentially lead to unauthorized access of confidential data when a malicious user, having physical access and advanced information on the file system, sets the radio in factory default mode.