Search Results (625 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-43753 2026-04-15 5.3 Medium
Improper conditions check in some Intel(R) Processors with Intel(R) SGX may allow a privileged user to potentially enable information disclosure via local access.
CVE-2024-4213 1 Levelfourstorefront 1 Shopping Cart \& Ecommerce Store 2026-04-15 5.3 Medium
The Shopping Cart & eCommerce Store plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.6.4 via the order report functionality. This makes it possible for unauthenticated attackers to extract sensitive data including order details such as payment details, addresses and other PII.
CVE-2024-56113 2026-04-15 7.5 High
Smart Toilet Lab - Motius 1.3.11 is running with debug mode turned on (DEBUG = True) and exposing sensitive information defined in Django settings file through verbose error page.
CVE-2023-41828 2026-04-15 4.4 Medium
An implicit intent export vulnerability was reported in the Motorola Phone application, that could allow unauthorized access to a non-exported content provider.  
CVE-2023-41821 2026-04-15 5 Medium
A an improper export vulnerability was reported in the Motorola Setup application that could allow a local attacker to read sensitive user information. 
CVE-2023-27504 2026-04-15 7.2 High
Improper conditions check in some Intel(R) BIOS Guard firmware may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2024-6051 2026-04-15 N/A
Cross Application Scripting vulnerability in Vercom S.A. Redlink SDK in specific situations allows local code injection and to manipulate the view of a vulnerable application.This issue affects Redlink SDK versions through 1.13.
CVE-2024-12399 2026-04-15 7.1 High
CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability exists that could cause partial loss of confidentiality, loss of integrity and availability of the HMI when attacker performs man in the middle attack by intercepting the communication.
CVE-2025-5346 2026-04-15 N/A
Bluebird devices contain a pre-loaded barcode scanner application. This application exposes an unsecured broadcast receiver "kr.co.bluebird.android.bbsettings.BootReceiver". A local attacker can call the receiver to overwrite file containing ".json" keyword with default barcode config file. It is possible to overwrite file in any location due to lack of protection against path traversal in name of the file. This issue affects all versions before 1.3.3.
CVE-2025-5345 2026-04-15 N/A
Bluebird devices contain a pre-loaded file manager application. This application exposes an unsecured service provider "com.bluebird.system.koreanpost.IsdcardRemoteService". A local attacker can bind to the AIDL-type service to copy and delete arbitrary files from device's storage with system-level permissions. Version 1.4.4 is vulnerable, vendor reverted vulnerable versions to older version: 1.3.6
CVE-2025-5344 2026-04-15 N/A
Bluebird devices contain a pre-loaded kiosk application. This application exposes an unsecured service provider "com.bluebird.kiosk.launcher.IpartnerKioskRemoteService". A local attacker can bind to the AIDL-type service to modify device's global settings and wallpaper image. This issue affects all versions before 1.1.2.
CVE-2023-41816 2026-04-15 5 Medium
An improper export vulnerability was reported in the Motorola Services Main application that could allow a local attacker to write to a local database. 
CVE-2023-41817 2026-04-15 2.8 Low
An improper export vulnerability was reported in the Motorola Phone Calls application that could allow a local attacker to read unauthorized information.
CVE-2023-41818 2026-04-15 5 Medium
An improper use of the SD card for sensitive data vulnerability was reported in the Motorola Device Help application that could allow a local attacker to read system logs. 
CVE-2023-41829 2026-04-15 5 Medium
An improper export vulnerability was reported in the Motorola Carrier Services application that could allow a malicious, local application to read files without authorization.
CVE-2024-56952 2026-04-15 6.5 Medium
An issue in Beijing Baidu Netcom Science & Technology Co Ltd Baidu Lite app (iOS version) 6.40.0 allows attackers to access user information via supplying a crafted link.
CVE-2021-42718 1 Replicated 1 Replicated Classic 2026-04-15 4.9 Medium
Information Disclosure in API in Replicated Replicated Classic versions prior to 2.53.1 on all platforms allows authenticated users with Admin Console access to retrieve sensitive data, including application secrets, via accessing container definitions with environment variables through the Admin Console API on port 8800. This CVE was originally reserved in 2021 and later publicly disclosed by Replicated on their website on 21 October 2021. However, it mistakenly remained in the Reserved But Public (RBP) status with the CVE Numbering Authority (CNA). Please note that this product reached its end of life on 31 December 2024. Publishing this CVE with the CNA was required to comply with CNA rules, despite the fact that the issue was disclosed and fixed four years ago, and the affected product is no longer supported as of 2024. Summary of VulnerabilityThis advisory discloses a low severity security vulnerability in the versions of Replicated Classic listed above (“Affected Replicated Classic Versions”) DescriptionReplicated Classic versions prior to 2.53.1 have an authenticated API from the Replicated Admin Console that may expose sensitive data including application secrets, depending on how the application manifests are written. A user with valid credentials and access to the Admin Console port (8800) on the Replicated Classic server can retrieve container definitions including environment variables which may contain passwords and other secrets depending on how the application is configured. This data is shared over authenticated sessions to the Admin Console only, and was never displayed or used in the application processing. To remediate this issue, we removed the sensitive data from the API, sending only the data to the Admin Console that was needed. TimelineThis issue was discovered during a security review on 16 September 2021. Patched versions were released on 23 September 2021. This advisory was published on 21 October 2021. The CVE Numbering Authority (CNA) notified Replicated on 23 January 2025 that the CVE was still in Reserved But Public (RBP) status. Upon discovering the oversight in updating the status to published with the CNA, Replicated submitted the updated report on the same day, 23 January 2025.
CVE-2019-20469 2026-04-15 4.6 Medium
An issue was discovered on One2Track 2019-12-08 devices. Confidential information is needlessly stored on the smartwatch. Audio files are stored in .amr format, in the audior directory. An attacker who has physical access can retrieve all audio files by connecting via a USB cable.
CVE-2025-60856 1 Reolink 2 Reolink, Video Doorbell 2026-04-15 6.8 Medium
Reolink Video Doorbell WiFi DB_566128M5MP_W allows root shell access through an unsecured UART/serial console. An attacker with physical access can connect to the exposed interface and execute arbitrary commands with root privileges. NOTE: this is disputed by the Supplier because of "certain restrictions on users privately connecting serial port cables" and because "the root user has a password and it meets the requirements of password security complexity."
CVE-2025-0592 2026-04-15 8.8 High
The vulnerability may allow a remote low priviledged attacker to run arbitrary shell commands by manipulating the firmware file and uploading it to the device.