7.3AI Score
Blog2Social: Social Media Auto Post & Scheduler < 7.5.0 - Information Exposure
Description The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.4.2. This makes it possible for unauthenticated attackers to view limited information from password protected...
6.9AI Score
0.0004EPSS
SQL Injection vulnerability in Tongtianxing Technology Co., Ltd CMSV6 v.7.31.0.2 through v.7.31.0.3 allows a remote attacker to escalate privileges and obtain sensitive information via the ids...
8.5AI Score
0.0004EPSS
HT Mega – Absolute Addons For Elementor < 2.4.8 - Missing Authorization to Information Exposure
Description The HT Mega plugin for WordPress is vulnerable to unauthorized access of data due to an insufficient capability check on the duplicate() function in all versions up to, and including, 2.4.7. This makes it possible for authenticated attackers, with contributor-level access and above, to....
6.7AI Score
0.0004EPSS
A vulnerability classified as critical was found in itsourcecode Student Information Management System 1.0. Affected by this vulnerability is an unknown functionality of the file view.php. The manipulation of the argument studentId leads to sql injection. The attack can be launched remotely. The...
6.3CVSS
7.7AI Score
Description The ClickCease Click Fraud Protection plugin for WordPress is vulnerable to unauthorized access of data due to an improper capability check on the get_settings function in all versions up to, and including, 3.2.4. This makes it possible for authenticated attackers, with author access...
6.5AI Score
0.0004EPSS
Ashlar-Vellum Cobalt CO File Parsing Untrusted Pointer Dereference Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the...
7.8CVSS
7.8AI Score
0.001EPSS
Ashlar-Vellum Cobalt CO File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target....
7.8CVSS
7.9AI Score
0.001EPSS
Ashlar-Vellum Cobalt CO File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the...
7.8CVSS
7.9AI Score
0.001EPSS
Ashlar-Vellum Cobalt CO File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must...
7.8CVSS
7.9AI Score
0.001EPSS
Moodle Exposure of Sensitive Information to an Unauthorized Actor
It was possible for a student to view their quiz grade before it had been released, using a quiz web...
6.7AI Score
0.001EPSS
sosreport sensitive information disclosure via weak permissions of the generated archives
sosreport 3.2 uses weak permissions for generated sosreport archives, which allows local users with access to /var/tmp/ to obtain sensitive information by reading the contents of the...
6AI Score
0.0004EPSS
Moodle Exposure of Sensitive Information to an Unauthorized Actor
The last time a user accessed the mobile app is displayed on their profile page, but should be restricted to users with the relevant capability (site administrators by default). Moodle versions 3.10 to 3.10.3 are...
4.3CVSS
6.5AI Score
0.001EPSS
Moodle Grade information disclosure in grade's external fetch functions
It was found in Moodle before version 3.10.1, 3.9.4 and 3.8.7 that a insufficient capability checks in some grade related web services meant students were able to view other students...
4.3CVSS
6.6AI Score
0.001EPSS
Moodle Grade information disclosure in grade's external fetch functions
It was found in Moodle before version 3.10.1, 3.9.4 and 3.8.7 that a insufficient capability checks in some grade related web services meant students were able to view other students...
6.6AI Score
0.001EPSS
Moodle Exposure of Sensitive Information to an Unauthorized Actor
A flaw was found in moodle before versions 3.5.1, 3.4.4, 3.3.7, 3.1.13. It was possible for the core_course_get_categories web service to return hidden categories, which should be omitted when fetching course...
5.3CVSS
6.5AI Score
0.001EPSS
Moodle Exposure of Sensitive Information to an Unauthorized Actor
In Moodle 3.x, students can find out email addresses of other students in the same course. Using search on the Participants page, students could search email addresses of all participants regardless of email visibility. This allows enumerating and guessing emails of other...
4.3CVSS
6.6AI Score
0.001EPSS
Moodle Exposure of Sensitive Information to an Unauthorized Actor
Teachers exporting a forum in CSV format could receive a CSV of forums from all courses in some circumstances. Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6 and 3.8 to 3.8.8 are...
4.3CVSS
6.5AI Score
0.001EPSS
Moodle Exposure of Sensitive Information to an Unauthorized Actor
In Moodle 3.x, students can find out email addresses of other students in the same course. Using search on the Participants page, students could search email addresses of all participants regardless of email visibility. This allows enumerating and guessing emails of other...
6.6AI Score
0.001EPSS
Moodle Exposure of Sensitive Information to an Unauthorized Actor
The last time a user accessed the mobile app is displayed on their profile page, but should be restricted to users with the relevant capability (site administrators by default). Moodle versions 3.10 to 3.10.3 are...
6.5AI Score
0.001EPSS
Moodle Exposure of Sensitive Information to an Unauthorized Actor
Teachers exporting a forum in CSV format could receive a CSV of forums from all courses in some circumstances. Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6 and 3.8 to 3.8.8 are...
6.5AI Score
0.001EPSS
Ashlar-Vellum Cobalt CO File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the...
7.8CVSS
7.9AI Score
0.001EPSS
Moodle Exposure of Sensitive Information to an Unauthorized Actor
A flaw was found in moodle before versions 3.5.1, 3.4.4, 3.3.7, 3.1.13. It was possible for the core_course_get_categories web service to return hidden categories, which should be omitted when fetching course...
6.5AI Score
0.001EPSS
CVE-2024-24919 Information disclosure
Potentially allowing an attacker to read certain information on Check Point Security Gateways once connected to the internet and enabled with remote Access VPN or Mobile Access Software Blades. A Security fix that mitigates this vulnerability is...
6.9AI Score
0.019EPSS
dm67.co Cross Site Scripting vulnerability OBB-3844837
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
Moodle Exposure of Sensitive Information to an Unauthorized Actor
It was possible for a student to view their quiz grade before it had been released, using a quiz web...
7AI Score
0.001EPSS
User Interface (UI) Misrepresentation Of Critical Information
chromium is vulnerable to User Interface (UI) Misrepresentation of Critical Information. The vulnerability is due to inappropriate implementation in iOS, which allows a remote attacker to perform UI spoofing via a crafted HTML...
6.8AI Score
0.001EPSS
7.4AI Score
5.5AI Score
0.001EPSS
5.5AI Score
0.001EPSS
5.5AI Score
0.001EPSS
User Interface (UI) Misrepresentation Of Critical Information
chromium is vulnerable to User Interface (UI) Misrepresentation of Critical Information. The vulnerability is due to inappropriate implementation in the Downloads feature. This allows a remote attacker to conduct UI spoofing via a crafted...
6.9AI Score
0.001EPSS
yaql is vulnerable to Information Disclosure. The vulnerability is due to improper handling of attribute access in the YAQL library's 'format' function, allowing unauthorized users to access sensitive information, including service account...
6.6AI Score
0.0004EPSS
Insertion of Sensitive Information into Log File in ansible
A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucket_pipeline_variable module. This flaw allows an attacker to steal bitbucket_pipeline credentials. The highest threat from this...
2.2AI Score
0.0005EPSS
password management API prints sensitive information in log files (CVE-2024-29954)
A vulnerability in a password management API in Brocade Fabric OS versions before v9.2.1, v9.2.0b, v9.1.1d, and v8.2.3e prints sensitive information in log files. This could allow an authenticated user to view the server passwords for protocols such as scp and sftp. Detail. When the...
6.5AI Score
Citadela Listing <= 5.18.1 - Unauthenticated Sensitive Information Exposure
Description The Citadela Directory plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.18.1. This makes it possible for unauthenticated attackers to extract sensitive user or configuration...
6.9AI Score
0.0004EPSS
HPE Systems Insight Manager RCE (CVE-2020-7200)
A remote code execution vulnerability exists in HPE Systems Insight Manager (SIM) due to a failure to validate data during the deserialization process when a user submits a POST request to the /simsearch/messagebroker/amfsecure page. An unauthenticated, remote attacker can exploit this to bypass...
3.2AI Score
5.5AI Score
0.001EPSS
5.5AI Score
0.001EPSS
SaltStack Salt Cleartext Storage of Sensitive Information via cmdmod
An issue was discovered in through SaltStack Salt before 3002.5. salt.modules.cmdmod can log credentials to the info or error log...
4.4CVSS
6.6AI Score
0.0005EPSS
Insertion of Sensitive Information into Log File in ansible
A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucket_pipeline_variable module. This flaw allows an attacker to steal bitbucket_pipeline credentials. The highest threat from this...
5.5CVSS
2.2AI Score
0.0005EPSS
Description The WP Fusion Lite – Marketing Automation and CRM Integration for WordPress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.42.10 through publicly exposed log files. This makes it possible for unauthenticated attackers to...
6.5AI Score
0.0004EPSS
SaltStack Salt Cleartext Storage of Sensitive Information via cmdmod
An issue was discovered in through SaltStack Salt before 3002.5. salt.modules.cmdmod can log credentials to the info or error log...
6.5AI Score
0.0005EPSS
Generation of Error Message Containing Sensitive Information in Keycloak
A flaw was found in Keycloak 7.0.1. A logged in user can do an account email enumeration...
3.5AI Score
0.001EPSS
An improper link resolution flaw can occur while extracting an archive leading to changing modes, times, access control lists, and flags of a file outside of the archive. An attacker may provide a malicious archive to a victim user, who would trigger this flaw when trying to extract the archive. A....
7.8CVSS
7.5AI Score
0.001EPSS
Summary Vulnerability found in Apache Struts2 used by Content Collector for Email, Content Collector for File Systems and Content Collector for Microsoft SharePoint. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details ** CVEID: CVE-2023-50164 ...
7.7AI Score
0.093EPSS
Generation of Error Message Containing Sensitive Information in Keycloak
A flaw was found in Keycloak 7.0.1. A logged in user can do an account email enumeration...
2.7CVSS
3.5AI Score
0.001EPSS
7.5AI Score
0.001EPSS
Drag and Drop Multiple File Upload – Contact Form 7 < 1.3.7.8 - Sensitive Information Exposure
Description The Drag and Drop Multiple File Upload – Contact Form 7 plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.7.7 via the '/wp-content/uploads/wp_dndcf7_uploads/wpcf7-files' directory. This makes it possible for unauthenticated...
6.7AI Score
0.0005EPSS
A vulnerability has been found in Yuna Scatari TBDev up to 2.1.17 and classified as problematic. Affected by this vulnerability is the function get_user_icons of the file usersearch.php. The manipulation of the argument n/r/r2/em/ip/co/ma/d/d2/ul/ul2/ls/ls2/dl/dl2 leads to cross site scripting....
6.1CVSS
6.8AI Score
0.001EPSS