Page 22 of 12623 results (0.013 seconds)

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

09 Apr 2025 — IBM Security Guardium 11.4 and 12.1 could allow a privileged user to read any file on the system due to incorrect privilege assignment. • https://www.ibm.com/support/pages/node/7230467 • CWE-266: Incorrect Privilege Assignment •

CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0

09 Apr 2025 — Information disclosure of authentication information in the specific service vulnerability exists in Wi-Fi AP UNIT 'AC-WPS-11ac series'. • https://jvn.jp/en/vu/JVNVU93925742 • CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •

CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0

09 Apr 2025 — This vulnerability exists in TP-Link Tapo H200 V1 IoT Smart Hub due to storage of Wi-Fi credentials in plain text within the device firmware. An attacker with physical access could exploit this by extracting the firmware and analyzing the binary data to obtain the Wi-Fi credentials stored on the vulnerable device. This vulnerability exists in TP-Link Tapo H200 V1 IoT Smart Hub due to storage of Wi-Fi credentials in plain text within the device firmware. An attacker with physical access could exploit this by... • https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2025-0072 • CWE-312: Cleartext Storage of Sensitive Information •

CVSS: 6.5EPSS: 0%CPEs: -EXPL: 0

09 Apr 2025 — This vulnerability allows remote attackers to disclose sensitive information on affected installations of Trend Micro Apex Central. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the modTMSM webapp widget. The issue results from the lack of proper validation of a URI prior to accessing resources. An attacker can leverage this vulnerability to disclose sensitive data, leading to further compro... •

CVSS: 6.5EPSS: 0%CPEs: -EXPL: 0

09 Apr 2025 — This vulnerability allows remote attackers to disclose sensitive information on affected installations of Trend Micro Apex Central. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the modOSCE webapp widget. The issue results from the lack of proper validation of a URI prior to accessing resources. An attacker can leverage this vulnerability to disclose sensitive data, leading to further compro... •

CVSS: 7.1EPSS: 0%CPEs: -EXPL: 0

09 Apr 2025 — This vulnerability allows remote attackers to disclose sensitive information on affected installations of Trend Micro Apex Central. Authentication is required to exploit this vulnerability. The specific flaw exists within the implementation of the Query method. The issue results from the lack of proper validation of a URI prior to accessing resources. An attacker can leverage this vulnerability to disclose information in the context of the service account. •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

09 Apr 2025 — MedDream WEB DICOM Viewer Cleartext Transmission of Credentials Information Disclosure Vulnerability. • https://www.zerodayinitiative.com/advisories/ZDI-25-246 • CWE-522: Insufficiently Protected Credentials •

CVSS: 6.2EPSS: 0%CPEs: 2EXPL: 0

08 Apr 2025 — External control of file name or path in Azure Portal Windows Admin Center allows an unauthorized attacker to disclose information locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29819 • CWE-73: External Control of File Name or Path •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

08 Apr 2025 — Exposure of sensitive information to an unauthorized actor in Outlook for Android allows an unauthorized attacker to disclose information over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29805 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

08 Apr 2025 — Use of a cryptographic primitive with a risky implementation in Windows Cryptographic Services allows an authorized attacker to disclose information locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29808 • CWE-1240: Use of a Cryptographic Primitive with a Risky Implementation •