Total
669 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-40482 | 1 Laravel | 1 Framework | 2025-02-03 | 5.3 Medium |
| The authentication method in Laravel 8.x through 9.x before 9.32.0 was discovered to be vulnerable to user enumeration via timeless timing attacks with HTTP/2 multiplexing. This is caused by the early return inside the hasValidCredentials method in the Illuminate\Auth\SessionGuard class when a user is found to not exist. | ||||
| CVE-2023-28770 | 1 Zyxel | 2 Dx5401-b0, Dx5401-b0 Firmware | 2025-01-31 | 7.5 High |
| The sensitive information exposure vulnerability in the CGI “Export_Log” and the binary “zcmd” in Zyxel DX5401-B0 firmware versions prior to V5.17(ABYO.1)C0 could allow a remote unauthenticated attacker to read the system files and to retrieve the password of the supervisor from the encrypted file. | ||||
| CVE-2024-36510 | 1 Fortinet | 2 Forticlientems, Fortisoar | 2025-01-31 | 4.9 Medium |
| An observable response discrepancy vulnerability [CWE-204] in FortiClientEMS 7.4.0, 7.2.0 through 7.2.4, 7.0 all versions, and FortiSOAR 7.5.0, 7.4.0 through 7.4.4, 7.3.0 through 7.3.2, 7.2 all versions, 7.0 all versions, 6.4 all versions may allow an unauthenticated attacker to enumerate valid users via observing login request responses. | ||||
| CVE-2024-43546 | 1 Microsoft | 8 Windows 10 21h2, Windows 10 22h2, Windows 11 21h2 and 5 more | 2025-01-29 | 5.6 Medium |
| Windows Cryptographic Information Disclosure Vulnerability | ||||
| CVE-2024-39894 | 2025-01-29 | 7.5 High | ||
| OpenSSH 9.5 through 9.7 before 9.8 sometimes allows timing attacks against echo-off password entry (e.g., for su and Sudo) because of an ObscureKeystrokeTiming logic error. Similarly, other timing attacks against keystroke entry could occur. | ||||
| CVE-2023-27931 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2025-01-29 | 5.5 Medium |
| This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.3, iOS 16.4 and iPadOS 16.4, macOS Big Sur 11.7.3, tvOS 16.4, watchOS 9.4. An app may be able to access user-sensitive data. | ||||
| CVE-2024-26268 | 1 Liferay | 2 Digital Experience Platform, Liferay Portal | 2025-01-28 | 5.3 Medium |
| User enumeration vulnerability in Liferay Portal 7.2.0 through 7.4.3.26, and older unsupported versions, and Liferay DXP 7.4 before update 27, 7.3 before update 8, 7.2 before fix pack 20, and older unsupported versions allows remote attackers to determine if an account exist in the application by comparing the request's response time. | ||||
| CVE-2023-27870 | 1 Ibm | 1 Spectrum Virtualize | 2025-01-24 | 5.9 Medium |
| IBM Spectrum Virtualize 8.5, under certain circumstances, could disclose sensitive credential information while a download from Fix Central is in progress. IBM X-Force ID: 249518. | ||||
| CVE-2024-43095 | 2025-01-24 | 7.8 High | ||
| In multiple locations, there is a possible way to obtain any system permission due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. | ||||
| CVE-2023-23449 | 1 Sick | 14 Ftmg-esd15axx, Ftmg-esd15axx Firmware, Ftmg-esd20axx and 11 more | 2025-01-23 | 5.3 Medium |
| Observable Response Discrepancy in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows a remote attacker to gain information about valid usernames by analyzing challenge responses from the server via the REST interface. | ||||
| CVE-2024-26221 | 1 Microsoft | 4 Windows Server 2016, Windows Server 2019, Windows Server 2022 and 1 more | 2025-01-23 | 7.2 High |
| Windows DNS Server Remote Code Execution Vulnerability | ||||
| CVE-2023-1696 | 1 Huawei | 2 Emui, Harmonyos | 2025-01-21 | 7.5 High |
| The multimedia video module has a vulnerability in data processing.Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2023-28015 | 1 Hcl | 1 Domino Appdev Pack | 2025-01-17 | 5.3 Medium |
| The HCL Domino AppDev Pack IAM service is susceptible to a User Account Enumeration vulnerability. During a failed login attempt a difference in messages could allow an attacker to determine if the user is valid or not. The attacker could use this information to focus a brute force attack on valid users. | ||||
| CVE-2023-28412 | 2 Control4, Snapone | 13 Ca-1, Ca-10, Ea-1 and 10 more | 2025-01-16 | 5.3 Medium |
| When supplied with a random MAC address, Snap One OvrC cloud servers will return information about the device. The MAC address of devices can be enumerated in an attack and the OvrC cloud will disclose their information. | ||||
| CVE-2023-32694 | 1 Saleor | 1 Saleor | 2025-01-16 | 4.8 Medium |
| Saleor Core is a composable, headless commerce API. Saleor's `validate_hmac_signature` function is vulnerable to timing attacks. Malicious users could abuse this vulnerability on Saleor deployments having the Adyen plugin enabled in order to determine the secret key and forge fake events, this could affect the database integrity such as marking an order as paid when it is not. This issue has been patched in versions 3.7.68, 3.8.40, 3.9.49, 3.10.36, 3.11.35, 3.12.25, and 3.13.16. | ||||
| CVE-2023-26215 | 1 Tibco | 1 Ebx Add-ons | 2025-01-16 | 7.7 High |
| The server component of TIBCO Software Inc.'s TIBCO EBX Add-ons contains a vulnerability that allows an attacker with low-privileged application access to read system files that are accessible to the web server. Affected releases are TIBCO Software Inc.'s TIBCO EBX Add-ons: versions 4.5.16 and below. | ||||
| CVE-2017-5753 | 14 Arm, Canonical, Debian and 11 more | 396 Cortex-a12, Cortex-a12 Firmware, Cortex-a15 and 393 more | 2025-01-14 | 5.6 Medium |
| Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. | ||||
| CVE-2023-24598 | 1 Open-xchange | 1 Ox App Suite | 2025-01-14 | 4.3 Medium |
| OX App Suite before backend 7.10.6-rev37 has an information leak in the handling of distribution lists, e.g., partial disclosure of the private contacts of another user. | ||||
| CVE-2023-33741 | 2 Google, Macro-video | 2 Android, V380 Pro | 2025-01-13 | 7.5 High |
| Macrovideo v380pro v1.4.97 shares the device id and password when sharing the device. | ||||
| CVE-2023-31186 | 1 Avaya | 1 Ix Workforce Engagement | 2025-01-10 | 5.3 Medium |
| Avaya IX Workforce Engagement v15.2.7.1195 - User Enumeration - Observable Response Discrepancy | ||||