22 matches found
CVE-2026-2589
The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 12.8.3 via the automated Settings Backup stored in a publicly accessible file. This makes it possible for unauthenticated attackers to...
CVE-2026-25729 DeepAudit Affected by User Enumeration via Broken Access Control
DeepAudit is a multi-agent system for code vulnerability discovery. In 3.0.4 and earlier, there is an improper access control vulnerability in the /api/v1/users/ endpoint allows any authenticated user to enumerate all users in the system and retrieve sensitive information including email addresse...
OESA-2025-1468 cobbler security update
Cobbler is a network install server. Cobbler supports PXE, ISO virtualized installs, and re-installing existing Linux machines. The last two modes use a helper tool, 'koan', that integrates with cobbler. Cobbler's advanced features include importing distributions from DVDs and rsync mirrors,...
Splunk Enterprise 9.1.0 < 9.1.6, 9.2.0 < 9.2.3, 9.3.0 < 9.3.1 (SVD-2024-1008)
The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2024-1008 advisory. - In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6, the software potentially exposes sensitive HTTP parameters to th...
WordPress plugin Store Locator Plus 信息泄露漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An information disclosure...
RHEL 7 : ansible (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - Ansible: Compromised remote hosts can lead to running commands on the Ansible controller CVE-2016-9587 - ...
RHEL 7 : ansible (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - Ansible: Compromised remote hosts can lead to running commands on the Ansible controller CVE-2016-9587 - ...
BILTEMA IP CAM 安全漏洞
BILTEMA IP CAM is a client for plug-and-play IP cameras from BILTEMA. A security vulnerability exists in BILTEMA IP CAM version v124, which originates from an insecure direct object reference in the web server. An attacker can exploit this vulnerability to access sensitive information...
Dapr Dashboard 访问控制错误漏洞
Dapr Dashboard is a web-based user interface for Dapr that allows users to view information, view logs of running Dapr applications, components, configurations, etc. Dapr Dashboard 0.1.0 and later, 0.10.0 and earlier versions have an access control error vulnerability that stems from the existenc...
Cisco Identity Services Engine Authentication Bypass (cisco-sa-ISE-SAML-nuukMPf9)
A vulnerability in the login page of Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to log in without credentials and access all roles without any restrictions. This vulnerability is due to exposed sensitive Security Assertion Markup Language SAML metadata. An...
CVE-2021-3774 Meross MSS550X Missing Encryption of Sensitive Data
Meross Smart Wi-Fi 2 Way Wall Switch MSS550X, on its 3.1.3 version and before, creates an open Wi-Fi Access Point without the required security measures in its initial setup. This could allow a remote attacker to obtain the Wi-Fi SSID as well as the password configured by the user from Meross app...
Design/Logic Flaw
The Gutenberg Template Library & Redux Framework plugin = 4.2.11 for WordPress registered several AJAX actions available to unauthenticated users in the includes function in redux-core/class-redux-core.php that were unique to a given site but deterministic and predictable given that they were bas...
CVE-2020-14330
An Improper Output Neutralization for Logs flaw was found in Ansible when using the uri module, where sensitive data is exposed to content and json output. This flaw allows an attacker to access the logs or outputs of performed tasks to read keys used in playbooks from other users within the uri...
SQL Injection Vulnerability in Online Car Rental Service System
Online car rental service system is an O2O service platform built based on car rental business scenarios. There is a SQL injection vulnerability in the Online Car Rental Service System, which can be exploited by attackers to obtain sensitive information from the database...
Millions of Golfers Land in Privacy Hazard After Cloud Misconfig
Finding cloud databases with sensitive information left open to the internet has become par for the course these days – as a new exposure of millions of sensitive data points for the users of a golf app demonstrates. Millions of golfer records from the Game Golf app, including GPS details from...
CVE-2018-17499
Envoy Passport for Android and Envoy Passport for iPhone could allow a local attacker to obtain sensitive information, caused by the storing of unencrypted data in logs. An attacker could exploit this vulnerability to obtain two API keys, a token and other sensitive information...
SQL Injection Vulnerability in Beijing Yizaitong Information Technology Co.
Beijing Yizaitong Information Technology Co., Ltd. has been committed to enterprise procurement information technology, procurement consulting field, oriented to procurement management, group intensive procurement management, lean supply chain, strategic procurement, project supply chain,...
ansible: Failed tasks do not honour no_log option allowing for secrets to be disclosed in logs
Ansible 2.5 prior to 2.5.5, and 2.4 prior to 2.4.5, do not honor the nolog task flag for failed tasks. When the nolog flag has been used to protect sensitive data passed to a task from being logged, and that task does not run successfully, Ansible will expose sensitive data in log files and on th...
CVE-2016-9720
IBM QRadar 7.2 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM Reference : 1999533...
Arbitrary File Download Vulnerability in Mixcall Seat Management System record_download Function
Mixcall seat management system is based on B/S architecture, the management personnel can directly log into the Mixcall seat management center through the computer, and view the detailed situation related to the seat personnel's voice services. An arbitrary file download vulnerability exists in t...