Latest CVE Feed
-
4.2
MEDIUMCVE-2020-2777
Vulnerability in the Hyperion Financial Management product of Oracle Hyperion (component: Security). The supported version that is affected is 11.1.2.4. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to com... Read more
Affected Products : hyperion_financial_management- Published: Apr. 15, 2020
- Modified: Nov. 21, 2024
-
4.2
MEDIUMCVE-2025-56608
The SourceCodester Android application "Corona Virus Tracker App India" 1.0 uses MD5 for digest authentication in `OkHttpClientWrapper.java`. The `handleDigest()` function employs `MessageDigest.getInstance("MD5")` to hash credentials. MD5 is a broken cry... Read more
Affected Products : android_corona_virus_tracker_app_for_india- Published: Sep. 03, 2025
- Modified: Sep. 08, 2025
- Vuln Type: Cryptography
-
4.2
MEDIUMCVE-2024-54503
An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 18.2 and iPadOS 18.2. Muting a call while ringing may not result in mute being enabled.... Read more
- Published: Dec. 12, 2024
- Modified: Dec. 13, 2024
-
4.2
MEDIUMCVE-2020-4787
IBM QRadar SIEM 7.4.2 GA to 7.4.2 Patch 1, 7.4.0 to 7.4.1 Patch 1, and 7.3.0 to 7.3.3 Patch 5 is vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading ... Read more
Affected Products : qradar_security_information_and_event_manager- Published: Jan. 27, 2021
- Modified: Nov. 21, 2024
-
4.2
MEDIUMCVE-2019-2797
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.7.26 and prior and 8.0.16 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to ... Read more
- Published: Jul. 23, 2019
- Modified: Nov. 21, 2024
-
4.2
MEDIUMCVE-2024-55159
GFast between v2 to v3.2 was discovered to contain a SQL injection vulnerability via the SortName parameter at /system/loginLog/list.... Read more
Affected Products :- Published: Feb. 21, 2025
- Modified: Mar. 12, 2025
- Vuln Type: Injection
-
4.2
MEDIUMCVE-2022-29127
BitLocker Security Feature Bypass Vulnerability... Read more
Affected Products : windows_10 windows_7 windows_8.1 windows_rt_8.1 windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_server windows_10_1607 +14 more products- Published: May. 10, 2022
- Modified: Jan. 02, 2025
-
4.2
MEDIUMCVE-2017-3509
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121. Difficult to exploit vulnerability allows unauthentic... Read more
- Published: Apr. 24, 2017
- Modified: Apr. 20, 2025
-
4.2
MEDIUMCVE-2024-47822
Directus is a real-time API and App dashboard for managing SQL database content. Access tokens from query strings are not redacted and are potentially exposed in system logs which may be persisted. The access token in `req.query` is not redacted when the ... Read more
Affected Products : directus- Published: Oct. 08, 2024
- Modified: Apr. 14, 2025
-
4.2
MEDIUMCVE-2021-43221
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability... Read more
Affected Products : edge_chromium- Published: Nov. 24, 2021
- Modified: Nov. 21, 2024
-
4.2
MEDIUMCVE-2018-2800
Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u181, 7u171 and 8u162; JRockit: R28.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with net... Read more
- Published: Apr. 19, 2018
- Modified: Nov. 21, 2024
-
4.2
MEDIUMCVE-2021-3011
An electromagnetic-wave side-channel issue was discovered on NXP SmartMX / P5x security microcontrollers and A7x secure authentication microcontrollers, with CryptoLib through v2.9. It allows attackers to extract the ECDSA private key after extensive phys... Read more
Affected Products : k13 k21 k40 k9 titan_security_key 3a081 a7005a j2a081 j2d081_m59 j2d081_m61 +35 more products- Published: Jan. 07, 2021
- Modified: Nov. 21, 2024
-
4.2
MEDIUMCVE-2024-38143
Windows WLAN AutoConfig Service Elevation of Privilege Vulnerability... Read more
Affected Products : windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_21h2 windows_11_22h2 windows_10_1507 +5 more products- Published: Aug. 13, 2024
- Modified: Aug. 16, 2024
-
4.2
MEDIUMCVE-2015-7267
Samsung 850 Pro and PM851 solid-state drives and Seagate ST500LT015 and ST500LT025 hard disk drives, when in sleep mode and operating in Opal or eDrive mode on Lenovo ThinkPad T440s laptops with BIOS 2.32; ThinkPad W541 laptops with BIOS 2.21; Dell Latitu... Read more
Affected Products : 850_pro_firmware pm851_firmware st500lt015_firmware st500lt025_firmware 850_pro pm851 st500lt015 st500lt025- Published: Nov. 27, 2017
- Modified: Apr. 20, 2025
-
4.2
MEDIUMCVE-2015-7268
Samsung 850 Pro and PM851 solid-state drives and Seagate ST500LT015 and ST500LT025 hard disk drives, when used on Windows and operating in Opal mode on Lenovo ThinkPad T440s laptops with BIOS 2.32 or ThinkPad W541 laptops with BIOS 2.21, or in Opal or eDr... Read more
Affected Products : 850_pro_firmware pm851_firmware st500lt015_firmware st500lt025_firmware 850_pro pm851 st500lt015 st500lt025- Published: Nov. 27, 2017
- Modified: Apr. 20, 2025
-
4.2
MEDIUMCVE-2019-11360
A buffer overflow in iptables-restore in netfilter iptables 1.8.2 allows an attacker to (at least) crash the program or potentially gain code execution via a specially crafted iptables-save file. This is related to add_param_to_argv in xshared.c.... Read more
Affected Products : iptables- Published: Jul. 12, 2019
- Modified: Nov. 21, 2024
-
4.2
MEDIUMCVE-2025-1540
An issue has been discovered in GitLab CE/EE for Self-Managed and Dedicated instances affecting all versions from 17.5 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2. It was possible for a user added as an External to read and clone inter... Read more
Affected Products : gitlab- Published: Mar. 06, 2025
- Modified: Aug. 06, 2025
- Vuln Type: Authorization
-
4.2
MEDIUMCVE-2021-33881
On NXP MIFARE Ultralight and NTAG cards, an attacker can interrupt a write operation (aka conduct a "tear off" attack) over RFID to bypass a Monotonic Counter protection mechanism. The impact depends on how the anti tear-off feature is used in specific ap... Read more
- Published: Jun. 06, 2021
- Modified: Nov. 21, 2024
-
4.2
MEDIUMCVE-2020-9690
Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have an observable timing discrepancy vulnerability. Successful exploitation could lead to signature verification bypass.... Read more
Affected Products : magento- Published: Jul. 29, 2020
- Modified: Nov. 21, 2024
-
4.2
MEDIUMCVE-2022-26390
The Baxter Spectrum Wireless Battery Module (WBM) stores network credentials and PHI (only applicable to Spectrum IQ pumps using auto programming) in unencrypted form. An attacker with physical access to a device that hasn't had all data and settings eras... Read more
- Published: Sep. 09, 2022
- Modified: Nov. 21, 2024