Lucene search
K

53 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 6:4 a.m.3 views

CVE-2023-29193

SpiceDB is an open source, Google Zanzibar-inspired, database system for creating and managing security-critical application permissions. The spicedb serve command contains a flag named --grpc-preshared-key which is used to protect the gRPC API from being accessed by unauthorized requests. The...

8.7CVSS7.1AI score0.00762EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/12/12 12:0 a.m.3 views

WordPress plugin Web3 Crypto Payments by DePay for WooCommerce 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

5.3CVSS8.4AI score0.00422EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2024/09/06 9:37 p.m.34 views

Default installation of `synthetic-monitoring-agent` exposes sensitive information

Impact Users running the Synthetic Monitoring agent in their local network are impacted. The authentication token used to communicate with the Synthetic Monitoring API is exposed thru a debugging endpoint. This token can be used to retrieve the Synthetic Monitoring checks created by the user and...

7.2CVSS6.6AI score0.00473EPSS
Exploits0References9Affected Software2
OSV
OSV
added 2024/09/06 9:37 p.m.23 views

GHSA-9J4F-F249-Q5W8 Default installation of `synthetic-monitoring-agent` exposes sensitive information

Impact Users running the Synthetic Monitoring agent in their local network are impacted. The authentication token used to communicate with the Synthetic Monitoring API is exposed thru a debugging endpoint. This token can be used to retrieve the Synthetic Monitoring checks created by the user and...

7.2CVSS5.5AI score0.00473EPSS
Exploits0References9
OSV
OSV
added 2023/02/27 4:15 p.m.4 views

CVE-2023-26760

Sme.UP ERP TOKYO V6R1M220406 was discovered to contain an information disclosure vulnerability via the /debug endpoint. This vulnerability allows attackers to access cleartext credentials needed to authenticate to the AS400 system...

7.5CVSS7.1AI score0.00518EPSS
Exploits1References1
NVD
NVD
added 2023/02/27 4:15 p.m.18 views

CVE-2023-26760

Sme.UP ERP TOKYO V6R1M220406 was discovered to contain an information disclosure vulnerability via the /debug endpoint. This vulnerability allows attackers to access cleartext credentials needed to authenticate to the AS400 system...

7.5CVSS7.3AI score0.00518EPSS
Exploits1References1
Prion
Prion
added 2023/02/27 4:15 p.m.15 views

Information disclosure

Sme.UP ERP TOKYO V6R1M220406 was discovered to contain an information disclosure vulnerability via the /debug endpoint. This vulnerability allows attackers to access cleartext credentials needed to authenticate to the AS400 system...

5CVSS7.3AI score0.00518EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2023/02/27 12:0 a.m.6 views

PT-2023-20783 · Ibm · As/400

Name of the Vulnerable Software and Affected Versions: Sme.UP ERP TOKYO version V6R1M220406 Description: The issue allows attackers to access cleartext credentials needed to authenticate to the AS400 system via the "/debug" endpoint. This enables unauthorized access to sensitive information...

7.5CVSS7.4AI score0.00518EPSS
Exploits1References3
CVE
CVE
added 2023/02/27 12:0 a.m.53 views

CVE-2023-26760

CVE-2023-26760 affects Sme.UP ERP TOKYO V6R1M220406. The /debug endpoint exposes an information disclosure vulnerability that allows attackers to access cleartext credentials needed to authenticate to the AS/400 system. This is documented across multiple sources, with impact described as high con...

7.5CVSS7.3AI score0.00518EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2023/02/27 12:0 a.m.28 views

CVE-2023-26760

Sme.UP ERP TOKYO V6R1M220406 was discovered to contain an information disclosure vulnerability via the /debug endpoint. This vulnerability allows attackers to access cleartext credentials needed to authenticate to the AS400 system...

7.5AI score0.00518EPSS
Exploits1References1
OSV
OSV
added 2019/08/29 1:15 a.m.1 views

DEBIAN-CVE-2019-11248

The debugging endpoint /debug/pprof is exposed over the unauthenticated Kubelet healthz port. The go pprof endpoint is exposed over the Kubelet's healthz port. This debugging endpoint can potentially leak sensitive information such as internal Kubelet memory addresses and configuration, or for...

8.2CVSS6.8AI score0.61139EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2019/08/29 12:26 a.m.32 views

CVE-2019-11248

The debugging endpoint /debug/pprof is exposed over the unauthenticated Kubelet healthz port. The go pprof endpoint is exposed over the Kubelet's healthz port. This debugging endpoint can potentially leak sensitive information such as internal Kubelet memory addresses and configuration, or for...

8.2CVSS6.7AI score0.61139EPSS
Exploits0
OSV
OSV
added 2017/09/22 6:29 p.m.3 views

CVE-2017-14706

DenyAll WAF before 6.4.1 allows unauthenticated remote attackers to obtain authentication information by making a typeOf=debug request to /webservices/download/index.php, and then reading the iToken field in the reply. This affects DenyAll i-Suite LTS 5.5.0 through 5.5.12, i-Suite 5.6, Web...

9.8CVSS5.8AI score0.28243EPSS
Exploits2References3
Rows per page
Query Builder