Search Results (374 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-56972 2026-04-15 6.5 Medium
An issue in Midea Group Co., Ltd Midea Home iOS 9.3.12 allows attackers to access sensitive user information via supplying a crafted link.
CVE-2024-56113 2026-04-15 7.5 High
Smart Toilet Lab - Motius 1.3.11 is running with debug mode turned on (DEBUG = True) and exposing sensitive information defined in Django settings file through verbose error page.
CVE-2024-56971 2026-04-15 6.5 Medium
An issue in Zhiyuan Yuedu (Guangzhou) Literature Information Technology Co., Ltd Shuqi Novel iOS 5.3.8 allows attackers to access sensitive user information via supplying a crafted link.
CVE-2024-48770 1 Starvedia 1 Com.wisdomcity.zwave 2026-04-15 8.2 High
An issue in Plug n Play Camera com.wisdomcity.zwave 1.1.0 allows a remote attacker to obtain sensitive information via the firmware update process.
CVE-2024-35526 2026-04-15 5.9 Medium
An issue in Daemon PTY Limited FarCry Core framework before 7.2.14 allows attackers to access sensitive information in the /facade directory.
CVE-2025-37110 1 Hpe 1 Telco Network Function Virtual Orchestrator 2026-04-15 6 Medium
A vulnerability was discovered in the storage policy for certain sets of sensitive credential information in the HPE Telco Network Function Virtual Orchestrator. Successful Exploitation could lead to unauthorized parties gaining access to sensitive system information.
CVE-2024-49201 2026-04-15 4.3 Medium
Keyfactor Remote File Orchestrator (aka remote-file-orchestrator) 2.8 before 2.8.1 allows Information Disclosure: sensitive information could be exposed at the debug logging level.
CVE-2025-22492 2026-04-15 6.3 Medium
The connection string visible to users with access to FRSCore database on Foreseer Reporting Software (FRS) VM, this string can be used for gaining administrative access to the 4crXref database. This vulnerability has been resolved in the latest version 1.5.100 of FRS.
CVE-2024-48939 1 Paxton-access 1 Net2 2026-04-15 7.5 High
Insufficient validation performed on the REST API License file in Paxton Net2 before 6.07.14023.5015 (SR4) enables use of the REST API with an invalid License File. Attackers may be able to retrieve access-log data.
CVE-2024-56954 2026-04-15 6.5 Medium
An issue in Beijing Baidu Netcom Science & Technology Co Ltd Haokan Video iOS 7.70.0 allows attackers to access sensitive user information via supplying a crafted link.
CVE-2024-56967 2026-04-15 6.5 Medium
An issue in Cloud Whale Interactive Technology LLC. PolyBuzz iOS 2.0.20 allows attackers to access sensitive user information via supplying a crafted link.
CVE-2024-56950 2026-04-15 6.5 Medium
An issue in KuGou Technology Co., Ltd KuGou Concept iOS 4.0.61 allows attackers to access sensitive user information via supplying a crafted link.
CVE-2024-3334 1 Fortra 1 Digital Guardian Agent 2026-04-15 4.3 Medium
A security bypass vulnerability exists in the Removable Media Encryption (RME)component of Digital Guardian Windows Agents prior to version 8.2.0. This allows a user to circumvent encryption controls by modifying metadata on the USB device thereby compromising the confidentiality of the stored data.
CVE-2025-53507 2026-04-15 N/A
Multiple products provided by iND Co.,Ltd contain an insecure storage of sensitive information vulnerability. If exploited, configuration information, such as admin password, may be disclosed. As for the details of affected product names and versions, refer to the information under [Product Status].
CVE-2025-11645 2 Google, Tomofun 2 Android, Furbo Mobile App 2026-04-15 2.4 Low
A security vulnerability has been detected in Tomofun Furbo Mobile App up to 7.57.0a on Android. This affects an unknown part of the component Authentication Token Handler. The manipulation leads to insecure storage of sensitive information. It is possible to launch the attack on the physical device. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-53931 2026-04-15 9.1 Critical
The com.glitter.caller.screen (aka iCaller, Caller Theme & Dialer) application through 1.1 for Android enables any application (with no permissions) to place phone calls without user interaction by sending a crafted intent via the com.glitter.caller.screen.DialerActivity component.
CVE-2024-39339 1 Globalsuzuki 1 Smartplay Headunit Firmware 2026-04-15 7.5 High
A vulnerability has been discovered in all versions of Smartplay headunits, which are widely used in Suzuki and Toyota cars. This misconfiguration can lead to information disclosure, leaking sensitive details such as diagnostic log traces, system logs, headunit passwords, and personally identifiable information (PII). The exposure of such information may have serious implications for user privacy and system integrity.
CVE-2019-20469 2026-04-15 4.6 Medium
An issue was discovered on One2Track 2019-12-08 devices. Confidential information is needlessly stored on the smartwatch. Audio files are stored in .amr format, in the audior directory. An attacker who has physical access can retrieve all audio files by connecting via a USB cable.
CVE-2024-56959 2026-04-15 6.5 Medium
An issue in Mashang Consumer Finance Co., Ltd Anyihua iOS 3.6.2 allows attackers to access sensitive user information via supplying a crafted link.
CVE-2025-60856 1 Reolink 2 Reolink, Video Doorbell 2026-04-15 6.8 Medium
Reolink Video Doorbell WiFi DB_566128M5MP_W allows root shell access through an unsecured UART/serial console. An attacker with physical access can connect to the exposed interface and execute arbitrary commands with root privileges. NOTE: this is disputed by the Supplier because of "certain restrictions on users privately connecting serial port cables" and because "the root user has a password and it meets the requirements of password security complexity."