CVE-2025-22492

MEDIUM Year: 2025
CVSS v3 Score
6.3
Medium
Weakness Type
CWE-922
View all →

Vulnerability Description

The connection string visible to users with access to FRSCore database on Foreseer Reporting Software (FRS) VM, this string can be used for gaining administrative access to the 4crXref database. This vulnerability has been resolved in the latest version 1.5.100 of FRS.

Related Vulnerabilities

CVE-2024-25940

MEDIUM
CVSS:6.3(Medium)

`bhyveload -h <host-path>` may be used to grant loader access to the <host-path> directory tree on the host. Affected versions of bhyveload(8) do not make any attempt to restrict loader's access to <h...

CWE-9222024

CVE-2023-42839

MEDIUM
CVSS:6.2(Medium)

This issue was addressed with improved state management. This issue is fixed in tvOS 17.1, watchOS 10.1, macOS Sonoma 14.1, iOS 17.1 and iPadOS 17.1. An app may be able to access sensitive user data.

CWE-9222023

CVE-2024-34721

MEDIUM
CVSS:6.2(Medium)

In ensureFileColumns of MediaProvider.java, there is a possible disclosure of files owned by another user due to improper input validation. This could lead to local information disclosure with no addi...

CWE-9222024

CVE-2024-44216

MEDIUM
CVSS:6.2(Medium)

An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Ventura 13.7.1, macOS Sonoma 14.7.1. An app may be able to access user-sensitive data.

CWE-9222024

CVE-2024-44257

MEDIUM
CVSS:6.2(Medium)

This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Ventura 13.7.1, macOS Sonoma 14.7.1. An app may be able to access sensitive user data.

CWE-9222024

CVE-2018-13313

MEDIUM
CVSS:6.5(Medium)

In TOTOLINK A3002RU 1.0.8, the router provides a page that allows the user to change their account name and password. This page, password.htm, contains JavaScript which is used to confirm the user kno...

CWE-9222018