Total
5 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-49618 | 2025-07-03 | N/A | N/A | ||
| In Plesk Obsidian 18.0.69, unauthenticated requests to /login_up.php can reveal an AWS accessKeyId, secretAccessKey, region, and endpoint. | |||||
| CVE-2025-52925 | 2025-07-02 | N/A | N/A | ||
| In One Identity OneLogin Active Directory Connector before 6.1.5, encryption of the DirectoryToken was mishandled, aka ST-812. | |||||
| CVE-2025-48383 | 2025-05-27 | N/A | N/A | ||
| Django-Select2 is a Django integration for Select2. Prior to version 8.4.1, instances of HeavySelect2Mixin subclasses like the ModelSelect2MultipleWidget and ModelSelect2Widget can leak secret access tokens across requests. This can allow users to access restricted query sets and restricted data. This issue has been patched in version 8.4.1. | |||||
| CVE-2024-47146 | 1 Ruijienetworks | 1 Reyee Os | 2024-12-10 | N/A | 6.5 MEDIUM |
| Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could allow an attacker to obtain the devices serial number if physically adjacent and sniffing the RAW WIFI signal. | |||||
| CVE-2023-38509 | 1 Xwiki | 1 Xwiki | 2024-03-18 | N/A | 4.3 MEDIUM |
| XWiki Platform is a generic wiki platform. In org.xwiki.platform:xwiki-platform-livetable-ui starting with version 3.5-milestone-1 and prior to versions 14.10.9 and 15.3-rc-1, the mail obfuscation configuration was not fully taken into account and is was still possible by obfuscated emails. This has been patched in XWiki 14.10.9 and XWiki 15.3-rc-1. A workaround is to modify the page `XWiki.LiveTableResultsMacros` following the patch. | |||||