ShopBuilder – Elementor WooCommerce Builder Addons < 2.1.9 - Unauthenticated Sensitive Information Exposure

Description The ShopBuilder – Elementor WooCommerce Builder Addons plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.1.8. This makes it possible for unauthenticated attackers to extract sensitive user or configuration data...

User Meta < 3.1 - Unauthenticated Sensitive Information Exposure

Description The User Meta – User Profile Builder and User management plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.0 via the /views/debug.php file. This makes it possible for unauthenticated attackers, with to extract sensitive...

The Windows Registry Adventure #2: A brief history of the feature

Posted by Mateusz Jurczyk, Google Project Zero Before diving into the low-level security aspects of the registry, it is important to understand its role in the operating system and a bit of history behind it. In essence, the registry is a hierarchical database made of named "keys" and "values",...

The vulnerability in the implementation of the Secure Boot protocol for operating systems with security features allows a perpetrator to circumvent security restrictions.

The vulnerability of the Secure Boot security loading protocol for Windows operating systems relates to the execution of operations beyond the buffer in memory. Exploiting this vulnerability could allow a malicious actor to circumvent security restrictions using a specially created .bcd file...

The vulnerability of the programming tools for PLCs (programmable logic controllers), namely EcoStruxure Control Expert and EcoStruxure Process Expert, arises from the use of strictly encrypted audit data. This vulnerability allows a malicious individual to gain unauthorized access to the project file.

The vulnerability of the programming interfaces for PLCs programmable logic controllers, namely EcoStruxure Control Expert and EcoStruxure Process Expert, lies in the use of strictly encrypted configuration data. Exploiting this vulnerability could allow an intruder to gain unauthorized access to...

[SECURITY] Fedora 39 Update: apache-commons-configuration-2.10.1-1.fc39

The Commons Configuration software library provides a generic configuration interface which enables a Java application to read configuration data from a variety of sources. Commons Configuration provides typed access to single, and multi-valued configuration parameters as demonstrated by the...

CVE-2023-6725

An access-control flaw was found in the OpenStack Designate component where private configuration information including access keys to BIND were improperly made world readable. A malicious attacker with access to any container could exploit this flaw to access sensitive information...

BIT-CONTOUR-2021-32783 Authorization bypass in Contour

Contour is a Kubernetes ingress controller using Envoy proxy. In Contour before version 1.17.1 a specially crafted ExternalName type Service may be used to access Envoy's admin interface, which Contour normally prevents from access outside the Envoy container. This can be used to shut down Envoy...

CVE-2024-1381

The Page Builder Sandwich – Front End WordPress Page Builder Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.1.0. This makes it possible for authenticated attackers, with subscriber access and higher, to extract sensitive user or...

WooCommerce Coupon Popup, SmartBar, Slide In | MyShopKit <= 1.0.9 - Unauthenticated Sensitive Information Exposure

Description The WooCommerce Coupon Popup, SmartBar, Slide In | MyShopKit plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.9. This makes it possible for unauthenticated attackers to extract sensitive user or configuration data...

PT-2024-12393 · Audio · Audio

Name of the Vulnerable Software and Affected Versions: Audio affected versions not specified Description: The issue is related to memory corruption in the Audio component when processing IIR config data from the AFE calibration block. Recommendations: At the moment, there is no information about ...

The vulnerability of the microprogramming software of Alpha Innotec and Novelan heat pumps allows a hacker to gain full access to the device.

The vulnerability of Alpha Innotec and Novelan thermal pump microprogramming systems is related to the use of pre-set configuration data in the wp2reg-V3.88.0-9015 file. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain full access to the device by using...

Apache Airflow Security Vulnerability

Apache Airflow is the United States Apache Apache Foundation's set of open source platform for creating, managing and monitoring workflow. The platform is characterized by scalability and dynamic monitoring. A security vulnerability exists in Apache Airflow versions 2.3.0 up to and including 2.6....

404 Solution < 2.33.1 - Sensitive Information Exposure

Description The 404 Solution plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.33.0. This makes it possible for unauthenticated attackers to extract sensitive user or configuration data...

IBM Cloud Pak for Business Automation Information Disclosure Vulnerability

IBM Cloud Pak for Business Automation is a modular set of integrated software components from International Business Machines IBM, built for any hybrid cloud, designed to automate work and accelerate business growth. An information disclosure vulnerability exists in IBM Cloud Pak for Business...

Design/Logic Flaw

An issue was discovered in Zammad before 6.2.0. It uses the public endpoint /api/v1/signshow for its login screen. This endpoint returns internal configuration data of user object attributes, such as selectable values, which should not be visible to the public...

Importify < 1.0.5 - Unauthenticated Sensitive Information Exposure

Description The plugin is vulnerable to Sensitive Information Exposure, allowing unauthenticated attackers to extract sensitive user or configuration data...

CVE-2023-46389

LOYTEC electronics GmbH LINX-212 and LINX-151 devices all versions are vulnerable to Incorrect Access Control via registry.xml file. This vulnerability allows remote attackers to disclose sensitive information on LINX configuration...

CVE-2023-46389

LOYTEC electronics GmbH LINX-212 and LINX-151 devices all versions are vulnerable to Incorrect Access Control via registry.xml file. This vulnerability allows remote attackers to disclose sensitive information on LINX configuration...

Libsyn Publisher Hub <= 1.4.4 - Sensitive Information Exposure

Description The Libsyn Publisher Hub plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.4. This makes it possible for unauthenticated attackers to extract sensitive user or configuration data...