283 matches found
CVE-2025-32228
CVE-2025-32228 affects the WP Messiah Ai Image Alt Text Generator for WP and is described as Exposure of Sensitive System Information to an Unauthorized Control Sphere. The vulnerability applies to the plugin for WordPress, affecting versions from n/a up to 1.0.8. According to the connected Red H...
CVE-2025-31003 WordPress Squeeze plugin <= 1.6 - Full Path Disclosure (FPD) vulnerability
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Bogdan Bendziukov Squeeze squeeze allows Retrieve Embedded Sensitive Data.This issue affects Squeeze: from n/a through = 1.6...
PT-2025-15377 · Sap · Sap Netweaver
Name of the Vulnerable Software and Affected Versions: SAP NetWeaver affected versions not specified Description: The issue allows an attacker to bypass authorization checks, enabling them to view portions of ABAP code that would normally require additional validation. Once connected to the ABAP...
CVE-2024-45549 Exposure of Sensitive System Information to an Unauthorized Control Sphere in KERNEL
Information disclosure while creating MQ channels...
CVE-2025-32251
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in J. Tyler Wiest Jetpack Feedback Exporter jetpack-feedback-exporter allows Retrieve Embedded Sensitive Data.This issue affects Jetpack Feedback Exporter: from n/a through = 1.23...
CVE-2025-32257
Exposure of Sensitive System Information Due to Uncleared Debug Information vulnerability in 1clickmigration 1 Click WordPress Migration 1-click-migration allows Retrieve Embedded Sensitive Data.This issue affects 1 Click WordPress Migration: from n/a through = 2.5.7...
WordPress plugin Jetpack Feedback Exporter 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
Dell Secure Connect Gateway Information Disclosure Vulnerability
The Dell Secure Connect Gateway Dell SCG is a secure connectivity gateway from Dell, USA. The Dell Secure Connect Gateway suffers from an information disclosure vulnerability that originates when sensitive system information is exposed to an unauthorized control domain, which can be exploited by ...
SonicWALL NetExtender 安全漏洞
SonicWall NetExtender Windows client is a software application from SonicWALL USA that allows remote users to connect to remote networks in a secure manner. Provides simple and secure access for Windows and Linux users. An elevation of privilege vulnerability exists in the SonicWall NetExtender...
CVE-2024-53768
CVE-2024-53768 describes an exposure of sensitive system information in the WordPress plugin/content module “Content Audit Exporter” (versions up to 1.1). The issue is categorized as a sensitive information exposure that can allow an unauthorized actor to retrieve embedded sensitive data. Public ...
Rakuten Turbo 5G 安全漏洞
Rakuten Turbo 5G is a home router from Rakuten that requires no construction and plugs into an electrical outlet. A security vulnerability exists in Rakuten Turbo 5G V1.3.18 and earlier versions, which arises from the exposure of sensitive system information to unauthorized control, where an...
SoftBank Mesh Wi-Fi router RP562B 安全漏洞
SoftBank Mesh Wi-Fi router RP562B is a router from SoftBank Japan. A security vulnerability exists in SoftBank Mesh Wi-Fi router RP562B v1.0.2 and earlier versions, which stems from the presence of an issue where sensitive system information is exposed to unauthorized sphere of control, and an...
CVE-2024-49359
ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.2.4 and all prior versions, the API endpoint http:///v21/file in ZimaOS is vulnerable to a directory traversal attack, allowing authenticated users to list the contents of any directory on...
CVE-2024-49359 ZimaOS vulnerable to Directory Listing via Parameter Manipulation
ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.2.4 and all prior versions, the API endpoint http:///v21/file in ZimaOS is vulnerable to a directory traversal attack, allowing authenticated users to list the contents of any directory on...
CVE-2024-49359 ZimaOS vulnerable to Directory Listing via Parameter Manipulation
ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.2.4 and all prior versions, the API endpoint http:///v21/file in ZimaOS is vulnerable to a directory traversal attack, allowing authenticated users to list the contents of any directory on...
CVE-2024-49359 ZimaOS vulnerable to Directory Listing via Parameter Manipulation
ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.2.4 and all prior versions, the API endpoint http:///v21/file in ZimaOS is vulnerable to a directory traversal attack, allowing authenticated users to list the contents of any directory on...
CVE-2024-48931 ZimaOS Arbitrary File Read via Parameter Manipulation
ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.2.4 and all prior versions, the ZimaOS API endpoint http:///v3/file?token=&files= is vulnerable to arbitrary file reading due to improper input validation. By manipulating the files...
CVE-2024-48931
ZimaOS (fork of CasaOS) versions 1.2.4 and earlier are affected by an arbitrary file read vulnerability in the API endpoint /v3/file?token=&files=, caused by improper input validation on the files parameter. Authenticated users can manipulate the files value to access sensitive files outside the ...
CVE-2024-48024
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Fahad Mahmood Keep Backup Daily keep-backup-daily allows Retrieve Embedded Sensitive Data.This issue affects Keep Backup Daily: from n/a through = 2.1.3...
CVE-2024-49252
CVE-2024-49252 corresponds to a Broken Access Control / Full Path Disclosure vulnerability in the WordPress Leyka plugin (versions