Lucene search
K

50 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 7:20 a.m.13 views

CVE-2024-8852

The All-in-One WP Migration and Backup plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.86 through publicly exposed log files. This makes it possible for unauthenticated attackers to view potentially sensitive information such as full...

5.3CVSS6.4AI score0.01175EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/10/14 12:0 a.m.17 views

CVE-2024-48789

An issue in INATRONIC com.inatronic.drivedeck.home 2.6.23 allows a remote attacker to obtain sensitve information via the firmware update process...

0.00503EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/10/11 12:0 a.m.17 views

CVE-2024-48769

An issue in BURG-WCHTER KG de.burgwachter.keyapp.app 4.5.0 allows a remote attacker to obtain sensitve information via the firmware update process...

0.00431EPSS
Exploits0References1
CVE
CVE
added 2024/06/06 5:50 p.m.45 views

CVE-2024-5268

CVE-2024-5268 – Sonos Era 100 SMB2 Handling : The vulnerability affects Sonos Era 100 devices via the SMB2 message handling path, where insufficient validation of user data can cause a read past the end of an allocated buffer, enabling information disclosure for network-adjacent attackers. Authen...

6.5CVSS4.6AI score0.00458EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/17 12:0 a.m.13 views

EAN for WooCommerce < 4.9.3 - Insecure Direct Object Reference to Sensitve Information Exposure via Shortcode

Description The EAN for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.9.2 via the the 'algwceanproductmeta' shortcode due to missing validation on a user controlled key. This makes it possible for authenticated attackers...

4.3CVSS5.3AI score0.00375EPSS
Exploits0References1Affected Software1
Ubuntu
Ubuntu
added 2023/08/28 5:19 p.m.88 views

USN-6309-1: Linux kernel vulnerabilities

Zheng Zhang discovered that the device-mapper implementation in the Linux kernel did not properly handle locking during tableclear operations. A local attacker could use this to cause a denial of service kernel deadlock. CVE-2023-2269 It was discovered that a use-after-free vulnerability existed ...

7.8CVSS7.2AI score0.00517EPSS
Exploits0
Prion
Prion
added 2023/07/26 7:15 p.m.19 views

Cross site request forgery (csrf)

A cross-site request forgery vulnerability exists in versions of the Jenkins Plug-in for ServiceNow DevOps prior to 1.38.1 that, if exploited successfully, could cause the unwanted exposure of sensitive information. To address this issue, apply the 1.38.1 version of the Jenkins plug-in for...

4.3CVSS6.3AI score0.00356EPSS
Exploits0References1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/04/03 8:5 p.m.38 views

Security Bulletin: IBM Aspera Faspex 5.0.5 has addressed CVE-2022-4304

Summary This Security Bulletin addresses OpenSSL CVE-2022-4304 where an attacker could obtain sensitve nformation, caused by a timing-based side channel in the RSA Decryption implementation. Vulnerability Details CVEID:CVE-2022-4304 DESCRIPTION: OpenSSL could allow a remote attacker to obtain...

5.9CVSS6.7AI score0.16195EPSS
Exploits0Affected Software7
Huntr
Huntr
added 2022/02/08 12:44 p.m.14 views

in mruby/mruby

Description commit 4e8ab145da52c3cfb0bd4b823df8041dcc52f454 Author: Yukihiro "Matz" Matsumoto Date: Tue Feb 8 13:03:51 2022 +0900 Proof of Concept sh $ echo -ne "e30KWyoqMCxtOjBdBHM9MDYudGl0ZXN7My7+////c3slXSN7W11lYWsKYj17fQpbKiowLG06MF3/...

6.4CVSS2AI score0.01612EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2021/09/15 11:48 p.m.55 views

CVE-2020-8561

A flaw was found in Kubernetes. This flaw allows an actor that controls the responses of the MutatingWebhookConfiguration or the ValidatingWebhookConfiguration requests to redirect kube-apiserver requests to the private network of the apiserver. If that user can view kube-apiserver logs when the...

4.1CVSS2.5AI score0.01953EPSS
Exploits0References4
Redos
Redos
added 2021/09/08 12:0 a.m.27 views

ROS-2-811

2.811 Multiple vulnerabilities in Apache Tomcat CVE-2021-25122, CVE-2021-25329 1. Vulnerability Description: CVE-2021-25122 CVE-2021-25322 CVE-2021-25329 The vulnerability allows a remote attacker to gain access to sensitive information. The vulnerability exists due to mismanagement of internal...

7.8CVSS7.7AI score0.18114EPSS
Exploits16
GithubExploit
GithubExploit
added 2021/06/26 3:59 a.m.190 views

Exploit for Exposure of Sensitive System Information to an Unauthorized Control Sphere in Microsoft

CVE-2021-31955 Windows Kernel Informati...

5.5CVSS7.3AI score0.81107EPSS
Exploits2
Huntr
Huntr
added 2021/06/11 5:29 p.m.20 views

in hascheksolutions/opentrashmail

✍️ Description Hi, there is a local file inclusion vulnerability in opentrashmail. In https://github.com/HaschekSolutions/opentrashmail/blob/master/web/api.phpL23 : php ?php define'DS', DIRECTORYSEPARATOR; define'ROOT', dirnameFILE; // $action = strtolower$REQUEST'a'; $email =...

0.3AI score
Exploits0
Prion
Prion
added 2021/04/26 7:15 p.m.22 views

Code injection

HedgeDoc formerly known as CodiMD is an open-source collaborative markdown editor. An attacker is able to receive arbitrary files from the file system when exporting a note to PDF. Since the code injection has to take place as note content, there fore this exploit requires the attackers ability t...

5.8CVSS9.4AI score0.01158EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2021/03/20 10:15 p.m.30 views

Design/Logic Flaw

An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c performs undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory, aka CID-f232326f6966. This...

1.9CVSS5.2AI score0.00565EPSS
Exploits0References9Affected Software4
Kaspersky
Kaspersky
added 2021/02/09 12:0 a.m.25 views

KLA12070 Multiple vulnerabilities in Microsoft Dynamics

Multiple vulnerabilities were found in Microsoft Dynamics. Malicious users can exploit these vulnerabilities to obtain sensitive information, spoof user interface. Below is a complete list of vulnerabilities: 1. An information disclosure vulnerability in Microsoft Dataverse can be exploited...

6.5CVSS6.7AI score0.02806EPSS
Exploits0References7
IBM AIX
IBM AIX
added 2021/02/01 1:42 p.m.147 views

Vulnerabilities in OpenSSL affect AIX

IBM SECURITY ADVISORY First Issued: Mon Feb 1 13:42:07 CST 2021 The most recent version of this document is available here: http://aix.software.ibm.com/aix/efixes/security/openssladvisory32.asc https://aix.software.ibm.com/aix/efixes/security/openssladvisory32.asc...

4.3CVSS6.5AI score0.06968EPSS
Exploits3
OpenVAS
OpenVAS
added 2020/04/20 12:0 a.m.23 views

SATO Printers Default Credentials (HTTP)

Multiple SATO printers are shipped with default credentials for the Copyright C 2020 Simmons Foods, Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free softwar...

7.5AI score
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2019/11/18 1:57 p.m.40 views

Security Bulletin: Vulnerabilities in OpenSSL affect IBM WebSphere Cast Iron Solution

Summary OpenSSL vulnerabilities were disclosed on September 22 and 26, 2016 by the OpenSSL Project. OpenSSL is used by IBM WebSphere Cast Iron Solution. IBM WebSphere Cast Iron Solution has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2016-6302 DESCRIPTION: OpenSSL is vulnerabl...

9.8CVSS8.7AI score0.95707EPSS
Exploits8Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/05/17 4:5 p.m.58 views

Security Bulletin: Vulnerabilities in the Linux Kernel affect PowerKVM

Summary PowerKVM is affected by vulnerabilities in the Linux Kernel. IBM has now addressed these vulnerabilities. Vulnerability Details CVEID: CVE-2018-1000026 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by the improper validation of user-supplied input by the bnx2x...

8.3CVSS1AI score0.16523EPSS
Exploits28Affected Software1
Rows per page
Query Builder