Search Results (12223 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-22620 2026-04-15 5 Medium
gitoxide is an implementation of git written in Rust. Prior to 0.17.0, gix-worktree-state specifies 0777 permissions when checking out executable files, intending that the umask will restrict them appropriately. But one of the strategies it uses to set permissions is not subject to the umask. This causes files in a repository to be world-writable in some situations. This vulnerability is fixed in 0.17.0.
CVE-2024-56949 2026-04-15 6.5 Medium
An issue in Guangzhou Polar Future Culture Technology Co., Ltd University Search iOS 2.27.0 allows attackers to access sensitive user information via supplying a crafted link.
CVE-2024-13887 2026-04-15 5.3 Medium
The Business Directory Plugin – Easy Listing Directories for WordPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.4.14 via the 'ajax_listing_submit_image_upload' function due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to add arbitrary images to listings.
CVE-2024-13930 1 Abb 3 Aspect Enterprise, Matrix Series, Nexus Series 2026-04-15 4.9 Medium
An Unchecked Loop Condition in ASPECT provides an attacker the ability to maliciously consume system resources if session administrator credentials become compromised This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03.
CVE-2024-13931 1 Abb 3 Aspect Enterprise, Matrix Series, Nexus Series 2026-04-15 7.2 High
Relative Path Traversal vulnerabilities in ASPECT allow access to file resources if session administrator credentials become compromised. This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03.
CVE-2024-56950 2026-04-15 6.5 Medium
An issue in KuGou Technology Co., Ltd KuGou Concept iOS 4.0.61 allows attackers to access sensitive user information via supplying a crafted link.
CVE-2024-56951 2026-04-15 6.5 Medium
An issue in Hangzhou Bobo Technology Co Ltd UU Game Booster iOS 10.6.13 allows attackers to access sensitive user information via supplying a crafted link.
CVE-2024-56952 2026-04-15 6.5 Medium
An issue in Beijing Baidu Netcom Science & Technology Co Ltd Baidu Lite app (iOS version) 6.40.0 allows attackers to access user information via supplying a crafted link.
CVE-2024-25657 1 Avsystem 1 Unified Management Platform 2026-04-15 5.4 Medium
An open redirect in the Login/Logout functionality of web management in AVSystem Unified Management Platform (UMP) 23.07.0.16567~LTS could allow attackers to redirect authenticated users to malicious websites.
CVE-2024-56953 2026-04-15 6.5 Medium
An issue in Baidu (China) Co Ltd Baidu Input Method (iOS version) v12.6.13 allows attackers to access user information via supplying a crafted link.
CVE-2024-56954 2026-04-15 6.5 Medium
An issue in Beijing Baidu Netcom Science & Technology Co Ltd Haokan Video iOS 7.70.0 allows attackers to access sensitive user information via supplying a crafted link.
CVE-2024-56955 2026-04-15 6.5 Medium
An issue in Tencent Technology (Shenzhen) Company Limited QQMail iOS 6.6.4 allows attackers to access sensitive user information via supplying a crafted link.
CVE-2025-46748 2026-04-15 2.7 Low
An authenticated user attempting to change their password could do so without using the current password.
CVE-2024-56957 2026-04-15 6.5 Medium
An issue in Kingsoft Office Software Corporation Limited WPS Office iOS 12.20.0 allows attackers to access sensitive user information via supplying a crafted link.
CVE-2024-56959 2026-04-15 6.5 Medium
An issue in Mashang Consumer Finance Co., Ltd Anyihua iOS 3.6.2 allows attackers to access sensitive user information via supplying a crafted link.
CVE-2024-56960 2026-04-15 6.5 Medium
An issue in Tianjin Xiaowu Information technology Co., Ltd BeiKe Holdings iOS 1.3.50 allows attackers to access sensitive user information via supplying a crafted link.
CVE-2024-56962 2026-04-15 6.5 Medium
An issue in Tencent Technology (Shanghai) Co., Ltd WeSing iOS v9.3.39 allows attackers to access sensitive user information via supplying a crafted link.
CVE-2025-2068 2026-04-15 5 Medium
An open redirect vulnerability was reported in the FileZ client that could allow information disclosure if a crafted url is visited by a local user.
CVE-2024-56963 2026-04-15 6.5 Medium
An issue in Beijing Sogou Technology Development Co., Ltd Sogou Input iOS 12.2.0 allows attackers to access sensitive user information via supplying a crafted link.
CVE-2024-56964 2026-04-15 6.5 Medium
An issue in Che Hao Duo Used Automobile Agency (Beijing) Co., Ltd Guazi Used Car iOS 10.15.1 allows attackers to access sensitive user information via supplying a crafted link.