VMware Aria Operations for Networks - Code Injection Information Disclosure Vulnerability
Aria Operations for Networks contains an information disclosure vulnerability. A malicious actor with network access to VMware Aria Operations for Networks may be able to perform a command injection attack resulting in information...
7.5AI Score
0.379EPSS
Sensitive Information Disclosure
Ansible Automation Platform is vulnerable to Sensitive Information Disclosure. The vulnerability is due to improper handling of private keys, where the ec2_key module prints the private key directly to the standard output when creating a new keypair. This flaw allows an attacker to retrieve the...
6.9AI Score
0.0004EPSS
Release Information for Veeam Service Provider Console 7 Cumulative Patches
Release Information for Veeam Service Provider Console 7 Cumulative...
6.7AI Score
TYPO3 Information Disclosure Vulnerability
TYPO3 7.6.15 sends an http request to an index.php?loginProvider URI in cases with an https Referer, which allows remote attackers to obtain sensitive cleartext information by sniffing the network and reading the userident and username...
5.3CVSS
6.5AI Score
0.002EPSS
Debug Log – Manger Tool < 1.5 - Unauthenticated Information Exposure via Logs
Description The Debug Log – Manger Tool plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.5 through publicly exposed log files. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in...
6.3AI Score
File Upload vulnerability in Shibang Communications Co., Ltd. IP network intercom broadcasting system v.1.0 allows a local attacker to execute arbitrary code via the my_parser.php...
8AI Score
0.0004EPSS
Information Disclosure Through Timing Attack
mdanter/ecc is vulnerable to Sensitive Information Disclosure. The vulnerability is due to computing point addition in a non constant time, which allows an attacker to deduce the private key by comparing the time it takes to compute each point...
6.7AI Score
0.0004EPSS
TYPO3 Information Disclosure Vulnerability
TYPO3 7.6.15 sends an http request to an index.php?loginProvider URI in cases with an https Referer, which allows remote attackers to obtain sensitive cleartext information by sniffing the network and reading the userident and username...
6.5AI Score
0.002EPSS
Exploit for Cleartext Storage of Sensitive Information in Strapi
Unauthenticated Strapi Exploit: CVE-2023-22894 This...
8AI Score
0.001EPSS
co-matic.com Cross Site Scripting vulnerability OBB-3858335
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
co-vier.nl Improper Access Control vulnerability OBB-3863290
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
7AI Score
Home Assistant information disclosure vulnerability
Home Assistant before 0.67.0 was vulnerable to an information disclosure that allowed an unauthenticated attacker to read the application's error log via...
6.4AI Score
0.002EPSS
Important: pcp security, bug fix, and enhancement update
Performance Co-Pilot (PCP) is a suite of tools, services, and libraries for acquisition, archiving, and analysis of system-level performance measurements. Its light-weight distributed architecture makes it particularly well-suited to centralized analysis of complex systems. Security Fix(es): pcp:.....
8.9AI Score
0.0004EPSS
Release Information for Hitachi Plug-In for Veeam Backup & Replication
Release Information for Hitachi Plug-In for Veeam Backup &...
0.6AI Score
Solid Affiliate <= 1.9.1 - Sensitive Information Exposure
Description The Solid Affiliate plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.9.1 through publicly exposed log files. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in the...
6.6AI Score
0.0004EPSS
Simply Static < 3.1.4 - Unauthenticated Information Exposure
Description The Simply Static plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.1.3 through publicly exposed log files. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in the exposed....
6.6AI Score
0.0004EPSS
GDPR Compliance <= 1.2.5 - Authenticated (Subscriber+) Information Exposure
Description The GDPR Compliance plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2.5. This makes it possible for authenticated attackers, with subscriber-level access and above, to extract sensitive user or configuration...
6.7AI Score
0.0004EPSS
scrapy is vulnerable to Information Leakage. The vulnerability is due to the failure to remove the Authorization header when redirecting across domains, resulting in the exposure of sensitive credentials to unauthorized actors which could potentially lead to account...
6.6AI Score
0.0004EPSS
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Vadi Corporate Information Systems DIGIKENT GIS allows SQL Injection.This issue affects DIGIKENT GIS: through...
8AI Score
Information disclosure in podman
An information disclosure vulnerability was found in containers/podman in versions before 2.0.5. When using the deprecated Varlink API or the Docker-compatible REST API, if multiple containers are created in a short duration, the environment variables from the first container will get leaked into.....
6AI Score
0.001EPSS
Dolibarr sensitive information disclosure
Dolibarr ERP/CRM version 6.0.4 does not block direct requests to *.tpl.php files, which allows remote attackers to obtain sensitive...
7.5CVSS
7AI Score
0.004EPSS
Dolibarr sensitive information disclosure
Dolibarr ERP/CRM version 6.0.4 does not block direct requests to *.tpl.php files, which allows remote attackers to obtain sensitive...
7AI Score
0.004EPSS
phpMyAdmin unsanitized Git information
phpMyAdmin before 4.9.2 does not escape certain Git information, related to libraries/classes/Display/GitRevision.php and...
9.8CVSS
6.6AI Score
0.002EPSS
Heketi logs sensitive information
An information-disclosure flaw was found in the way Heketi before 10.1.0 logs sensitive information. This flaw allows an attacker with local access to the Heketi server to read potentially sensitive information such as gluster-block...
5.9AI Score
0.0004EPSS
Information disclosure in podman
An information disclosure vulnerability was found in containers/podman in versions before 2.0.5. When using the deprecated Varlink API or the Docker-compatible REST API, if multiple containers are created in a short duration, the environment variables from the first container will get leaked into.....
6AI Score
0.001EPSS
Heketi logs sensitive information
An information-disclosure flaw was found in the way Heketi before 10.1.0 logs sensitive information. This flaw allows an attacker with local access to the Heketi server to read potentially sensitive information such as gluster-block...
5.5CVSS
6.2AI Score
0.0004EPSS
eZ Publish Information disclosure in backend content tree menu
This security advisory fixes an information disclosure vulnerability in the legacy admin content tree menu. If a view has been disabled in site.ini [SiteAccessRules] Rules, and an attacker accesses the backend with the URL to this module, then the tree menu may be displayed. Since the tree menu...
6.6AI Score
eZ Publish Information disclosure in backend content tree menu
This security advisory fixes an information disclosure vulnerability in the legacy admin content tree menu. If a view has been disabled in site.ini [SiteAccessRules] Rules, and an attacker accesses the backend with the URL to this module, then the tree menu may be displayed. Since the tree menu...
6.6AI Score
phpMyAdmin unsanitized Git information
phpMyAdmin before 4.9.2 does not escape certain Git information, related to libraries/classes/Display/GitRevision.php and...
7.1AI Score
0.002EPSS
Google Sheets data source plugin for Grafana information disclosure vulnerability
Grafana is an open-source platform for monitoring and observability. The Google Sheets data source plugin for Grafana, versions 0.9.0 to 1.2.2 are vulnerable to an information disclosure vulnerability. The plugin did not properly sanitize error messages, making it potentially expose the Google...
6.7AI Score
0.001EPSS
Shopping Cart & eCommerce Store < 5.6.5 - Sensitive Information Exposure
Description The Shopping Cart & eCommerce Store plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.6.4 via the order report functionality. This makes it possible for unauthenticated attackers to extract sensitive data including order...
6.3AI Score
0.0005EPSS
Microsoft Power BI Client JavaScript SDK Information Disclosure Vulnerability
Microsoft Power BI Client JavaScript SDK Information Disclosure...
6.2AI Score
0.001EPSS
OpenStack Nova Information leak in libvirt LVM-backed instances
OpenStack Compute (Nova) Folsom before 2012.2.2 and Grizzly, when using libvirt and LVM backed instances, does not properly clear physical volume (PV) content when reallocating for instances, which allows attackers to obtain sensitive information by reading the memory of the previous logical...
6.4AI Score
0.005EPSS
OpenStack Glance is vulnerable to Exposure of Sensitive Information
The v1 API in OpenStack Glance Essex (2012.1), Folsom (2012.2), and Grizzly, when using the single-tenant Swift or S3 store, reports the location field, which allows remote authenticated users to obtain the operator's backend credentials via a request for a cached...
6.7AI Score
0.003EPSS
OpenStack Oslo utility sensitive information exposure via log files
The strutils.mask_password function in the OpenStack Oslo utility library, Cinder, Nova, and Trove before 2013.2.4 and 2014.1 before 2014.1.3 does not properly mask passwords when logging commands, which allows local users to obtain passwords by reading the...
6.7AI Score
0.0004EPSS
Google Sheets data source plugin for Grafana information disclosure vulnerability
Grafana is an open-source platform for monitoring and observability. The Google Sheets data source plugin for Grafana, versions 0.9.0 to 1.2.2 are vulnerable to an information disclosure vulnerability. The plugin did not properly sanitize error messages, making it potentially expose the Google...
6.4AI Score
0.001EPSS
Zend Framework Information Disclosure
Zend Framework before 2.4.9, zend-framework/zend-crypt 2.4.x before 2.4.9, and 2.5.x before 2.5.2 allows remote attackers to recover the RSA private...
6.8AI Score
0.003EPSS
Zend Framework Information Disclosure
Zend Framework before 2.4.9, zend-framework/zend-crypt 2.4.x before 2.4.9, and 2.5.x before 2.5.2 allows remote attackers to recover the RSA private...
7.5CVSS
6.8AI Score
0.003EPSS
Drupal sensitive information disclosure
The taxonomy module in Drupal 7.x before 7.52 and 8.x before 8.2.3 might allow remote authenticated users to obtain sensitive information about taxonomy terms by leveraging inconsistent naming of access query...
5.9AI Score
0.001EPSS
Moodle Information Disclosure vulnerability
It was possible for a student to view their quiz grade before it had been released, using a quiz web service. Moodle 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions are...
5.3CVSS
6.6AI Score
0.001EPSS
Drupal sensitive information disclosure
The "have you forgotten your password" links in the User module in Drupal 7.x before 7.43 and 8.x before 8.0.4 allow remote attackers to obtain sensitive username information by leveraging a configuration that permits using an email address to login and a module that permits logging...
5.3CVSS
6.7AI Score
0.005EPSS
Moodle Information Disclosure vulnerability
It was possible for a student to view their quiz grade before it had been released, using a quiz web service. Moodle 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions are...
6.6AI Score
0.001EPSS
Drupal sensitive information disclosure
The taxonomy module in Drupal 7.x before 7.52 and 8.x before 8.2.3 might allow remote authenticated users to obtain sensitive information about taxonomy terms by leveraging inconsistent naming of access query...
4.3CVSS
6.3AI Score
0.001EPSS
Release Information for Dell PowerMax Plug-In for Veeam Backup & Replication
Release Information for Dell PowerMax Plug-In for Veeam Backup &...
2AI Score
WordPress Cookie Information/Free GDPR Consent Solution <2.0.8 - Cross-Site Scripting
WordPress Cookie Information/Free GDPR Consent Solution plugin prior to 2.0.8 contains a cross-site scripting vulnerability via the admin dashboard. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to...
6AI Score
0.001EPSS
Password Protected < 2.6.7 - Missing Authorization to Sensitive Information Exposure
Description The Password Protected – Ultimate Plugin to Password Protect Your WordPress Content with Ease plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.6 via the API. This makes it possible for authenticated attackers, with...
6.9AI Score
0.0004EPSS
Performance Co-Pilot (PCP) is a suite of tools, services, and libraries for acquisition, archiving, and analysis of system-level performance measurements. Its light-weight distributed architecture makes it particularly well-suited to centralized analysis of complex systems. Security Fix(es): pcp:.....
6.8AI Score
0.0004EPSS
Performance Co-Pilot (PCP) is a suite of tools, services, and libraries for acquisition, archiving, and analysis of system-level performance measurements. Its light-weight distributed architecture makes it particularly well-suited to centralized analysis of complex systems. Security Fix(es): pcp:.....
6.9AI Score
0.0004EPSS
Important: pcp security, bug fix, and enhancement update
Performance Co-Pilot (PCP) is a suite of tools, services, and libraries for acquisition, archiving, and analysis of system-level performance measurements. Its light-weight distributed architecture makes it particularly well-suited to centralized analysis of complex systems. Security Fix(es): pcp:.....
7.1AI Score
0.0004EPSS
Sensitive Information Disclosure
libmbedtls.so is vulnerable to Sensitive Information Disclosure. The vulnerability is due to inadequate handling of shared memory within the PSA Crypto API, potentially leading to information...
6.8AI Score
0.0004EPSS