Total
10280 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-5413 | 1 Newgensoft | 1 Omnidocs | 2026-04-03 | 3.7 Low |
| A vulnerability was identified in Newgen OmniDocs up to 12.0.00. Affected by this vulnerability is an unknown functionality of the file /omnidocs/GetWebApiConfiguration. The manipulation of the argument connectionDetails leads to information disclosure. The attack is possible to be carried out remotely. The attack is considered to have high complexity. The exploitation appears to be difficult. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-1556 | 2 Deciphered, Drupal | 2 Filefield Paths, Drupal File Paths | 2026-04-03 | 6.5 Medium |
| Information disclosure in the file URI processing of File (Field) Paths in Drupal File (Field) Paths 7.x prior to 7.1.3 on Drupal 7.x allows authenticated users to disclose other users’ private files via filename‑collision uploads. This can cause hook_node_insert() consumers (for example, email attachment modules) to receive the wrong file URI, bypassing normal access controls on private files. | ||||
| CVE-2026-5291 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2026-04-03 | 6.5 Medium |
| Inappropriate implementation in WebGL in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2026-2696 | 2 Export All Urls, Wordpress | 2 Export All Urls, Wordpress | 2026-04-03 | 5.3 Medium |
| The Export All URLs WordPress plugin before 5.1 generates CSV filenames containing posts URLS (including private posts) in a predictable pattern using a random 6-digit number. These files are stored in the publicly accessible wp-content/uploads/ directory. As a result, any unauthenticated user can brute-force the filenames to gain access to sensitive data contained within the exported files. | ||||
| CVE-2026-33981 | 2 Dgtlmoon, Webtechnologies | 2 Changedetection.io, Changedetection | 2026-04-02 | 6.5 Medium |
| changedetection.io is a free open source web page change detection tool. Prior to 0.54.7, the `jq:` and `jqraw:` include filter expressions allow use of the jq `env` builtin, which reads all process environment variables and stores them as the watch snapshot. An authenticated user (or unauthenticated user when no password is set, the default) can leak sensitive environment variables including `SALTED_PASS`, `PLAYWRIGHT_DRIVER_URL`, `HTTP_PROXY`, and any secrets passed as env vars to the container. Version 0.54.7 patches the issue. | ||||
| CVE-2025-71280 | 1 Xenforo | 1 Xenforo | 2026-04-02 | 6.2 Medium |
| XenForo before 2.3.7 allows information disclosure via local account page caching on shared systems. On systems where multiple users share a browser or machine, cached account pages could expose sensitive user information to other local users. | ||||
| CVE-2026-20680 | 1 Apple | 4 Ios And Ipados, Ipados, Iphone Os and 1 more | 2026-04-02 | 5.5 Medium |
| The issue was addressed with additional restrictions on the observability of app states. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3. A sandboxed app may be able to access sensitive user data. | ||||
| CVE-2026-20678 | 1 Apple | 3 Ios And Ipados, Ipados, Iphone Os | 2026-04-02 | 5.5 Medium |
| An authorization issue was addressed with improved state management. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3. An app may be able to access sensitive user data. | ||||
| CVE-2026-20641 | 1 Apple | 7 Ios And Ipados, Ipados, Iphone Os and 4 more | 2026-04-02 | 7.1 High |
| A privacy issue was addressed with improved checks. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3, tvOS 26.3, visionOS 26.3, watchOS 26.3. An app may be able to identify what other apps a user has installed. | ||||
| CVE-2026-20612 | 1 Apple | 1 Macos | 2026-04-02 | 5.5 Medium |
| A privacy issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3. An app may be able to access sensitive user data. | ||||
| CVE-2025-46283 | 1 Apple | 2 Macos, Macos Tahoe | 2026-04-02 | 5.5 Medium |
| A logic issue was addressed with improved validation. This issue is fixed in macOS Sonoma 14.8.4, macOS Tahoe 26.2. An app may be able to access sensitive user data. | ||||
| CVE-2025-46279 | 1 Apple | 11 Ios, Ipad Os, Ipados and 8 more | 2026-04-02 | 9.8 Critical |
| A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, watchOS 26.2. An app may be able to identify what other apps a user has installed. | ||||
| CVE-2025-43542 | 1 Apple | 2 Macos, Macos Sequoia | 2026-04-02 | 7.5 High |
| This issue was addressed with improved state management. This issue is fixed in iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Sequoia 15.7.3, macOS Tahoe 26.2, visionOS 26.2. Password fields may be unintentionally revealed when remotely controlling a device over FaceTime. | ||||
| CVE-2025-43538 | 1 Apple | 2 Macos, Macos Sonoma | 2026-04-02 | 3.3 Low |
| A logging issue was addressed with improved data redaction. This issue is fixed in iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Sonoma 14.8.3, macOS Tahoe 26.2, visionOS 26.2, watchOS 26.2. An app may be able to access sensitive user data. | ||||
| CVE-2025-43530 | 1 Apple | 3 Macos, Macos Sequoia, Macos Sonoma | 2026-04-02 | 5.5 Medium |
| This issue was addressed with improved checks. This issue is fixed in iOS 18.7.3 and iPadOS 18.7.3, macOS Sequoia 15.7.3, macOS Sonoma 14.8.3, macOS Tahoe 26.2. An app may be able to access sensitive user data. | ||||
| CVE-2025-43523 | 1 Apple | 1 Macos | 2026-04-02 | 5.5 Medium |
| A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.7.3, macOS Tahoe 26.2. An app may be able to access sensitive user data. | ||||
| CVE-2025-43509 | 1 Apple | 3 Macos, Macos Sequoia, Macos Sonoma | 2026-04-02 | 5.5 Medium |
| This issue was addressed with improved data protection. This issue is fixed in macOS Sequoia 15.7.3, macOS Sonoma 14.8.3, macOS Tahoe 26.2. An app may be able to access sensitive user data. | ||||
| CVE-2025-43480 | 1 Apple | 7 Ios, Ipados, Iphone Os and 4 more | 2026-04-02 | 8.1 High |
| The issue was addressed with improved checks. This issue is fixed in Safari 26.1, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. A malicious website may exfiltrate data cross-origin. | ||||
| CVE-2025-43479 | 1 Apple | 3 Macos, Macos Sequoia, Macos Sonoma | 2026-04-02 | 5.5 Medium |
| A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1. An app may be able to access sensitive user data. | ||||
| CVE-2025-43455 | 1 Apple | 5 Ios, Ipados, Iphone Os and 2 more | 2026-04-02 | 5.5 Medium |
| A privacy issue was addressed with improved checks. This issue is fixed in iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, visionOS 26.1, watchOS 26.1. A malicious app may be able to take a screenshot of sensitive information in embedded views. | ||||