Lucene search
K

27 matches found

Cvelist
Cvelist
added 2021/09/29 7:39 p.m.19 views

CVE-2021-39342 Credova_Financial <= 1.4.8 Sensitive Information Disclosure

The CredovaFinancial WordPress plugin discloses a site's associated Credova API account username and password in plaintext via an AJAX action whenever a site user goes to checkout on a page that has the Credova Financing option enabled. This affects versions up to, and including, 1.4.8...

5.3CVSS7.7AI score0.00742EPSS
Exploits0References2
Cvelist
Cvelist
added 2021/09/15 6:3 p.m.25 views

CVE-2021-40862

HashiCorp Terraform Enterprise up to v202108-1 contained an API endpoint that erroneously disclosed a sensitive URL to authenticated parties, which could be used for privilege escalation or unauthorized modification of a Terraform configuration. Fixed in v202109-1...

8.9AI score0.00936EPSS
Exploits0References1
Prion
Prion
added 2021/04/22 3:15 a.m.15 views

Design/Logic Flaw

An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2. Its AbuseFilterCheckMatch API reveals suppressed edits and usernames to unprivileged users through the iteration of crafted AbuseFilter rules...

4CVSS4.7AI score0.0087EPSS
Exploits0References3Affected Software1
WPVulnDB
WPVulnDB
added 2021/02/23 12:0 a.m.18 views

Web-Stat < 1.4.1 - API Key Disclosure

When visiting a site running Web-Stat 1.4.0, the "wtswebstatloadinit" function used the visitor’s browser to send an XMLHttpRequest request to https://wts2.one/ajax.htm?action=lookupWPaccount. This request contained sensitive information such as the site’s “wtswebstatuid” which was sent in the...

0.1AI score0.01412EPSS
Exploits0Affected Software1
OSV
OSV
added 2020/06/19 8:15 p.m.17 views

CVE-2016-11066

An issue was discovered in Mattermost Server before 3.2.0. The initialload API disclosed unnecessary personal information...

7.5CVSS7.1AI score
Exploits0References1
OSV
OSV
added 2019/08/19 4:15 p.m.3 views

CVE-2019-6178

An information leakage vulnerability in Iomega and LenovoEMC NAS products could allow disclosure of some device details such as Share names through the device API when Personal Cloud is enabled. This does not allow read, write, delete, or any other access to the underlying file systems and their...

5.3CVSS6.3AI score0.011EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2018/06/28 12:0 a.m.49 views

Kubernetes info API access

A remote, unauthenticated attacker is able to access read only API on port 10255 http This API gives access to data of varying sensitivity %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid110767; scriptversion"1.5";...

5.5AI score
Exploits0References1
Rows per page
Query Builder