Lucene search
+L

72 matches found

euvd
euvd
added 2026/07/01 4:32 p.m.9 views

EUVD-2026-41087

Incorrect Authorization CWE-863 in Elastic Defend can lead to unauthorized information disclosure via Accessing Functionality Not Properly Constrained by ACLs CAPEC-1. Under certain conditions, a low-privileged authenticated user can access response action data that they are not authorized to vie...

5.3CVSS5.8AI score0.00181EPSS
Exploits0References1
nessus
nessus
added 2026/07/01 12:0 a.m.13 views

Linux Distros Unpatched Vulnerability : CVE-2026-58033

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files...

6.5CVSS6.2AI score0.00413EPSS
Exploits0References3
redhatcve
redhatcve
added 2026/04/03 3:6 p.m.6 views

CVE-2026-35543

A flaw was found in Roundcube Webmail. A remote attacker could bypass the remote image blocking feature by sending a specially crafted email that includes Scalable Vector Graphics SVG content with animation attributes. This vulnerability may lead to unauthorized information disclosure or an...

5.3CVSS5.9AI score0.00402EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/03/13 9:10 p.m.15 views

CVE-2026-26133

AI command injection in M365 Copilot allows an unauthorized attacker to disclose information over a network...

7.1CVSS5.8AI score0.00433EPSS
Exploits0References2Affected Software20
patchstack
patchstack
added 2025/12/12 11:53 p.m.12 views

WordPress rtMedia for WordPress, BuddyPress and bbPress plugin 4.7.0-4.7.3 - Missing Authorization to Unauthenticated Information Disclosure

Missing Authorization to Unauthenticated Information Disclosure vulnerability discovered by kr0d in WordPress Plugin rtMedia for WordPress, BuddyPress and bbPress versions 4.7.0-4.7.3...

3.7CVSS6.4AI score0.00234EPSS
Exploits0Affected Software1
euvd
euvd
added 2025/10/03 8:7 p.m.13 views

EUVD-2024-53585

Malicious code in bioql PyPI...

9.8CVSS7AI score0.00846EPSS
Exploits4References2
euvd
euvd
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-43155

Malicious code in bioql PyPI...

9.3CVSS6.6AI score0.00214EPSS
Exploits0References1
cve
cve
added 2025/08/12 5:10 p.m.35 views

CVE-2025-53793

CVE-2025-53793 – Azure Stack Hub Information Disclosure : An improper authentication flaw in Azure Stack Hub allows an unauthenticated attacker to disclose information over the network. According to the CVE entry, the issue has a CVSS v3.1 base score of 7.5 (High) with Network attack vector and n...

7.5CVSS6.9AI score0.01311EPSS
Exploits0References1Affected Software1
redos
redos
added 2025/06/19 12:0 a.m.5 views

ROS-20250616-26

A vulnerability in the Zabbix Universal Monitoring System server is related to excessive data output by an by the application. Exploitation of the vulnerability could allow a remote attacker to gain access to potentially sensitive information. to potentially sensitive information. A vulnerability...

7.5CVSS5.1AI score0.00348EPSS
Exploits0
veracode
veracode
added 2025/06/12 7:2 a.m.4 views

Unauthorized Information Disclosure

github.com/mattermost/mattermost-server is vulnerable to Unauthorized Information Disclosure. The vulnerability is due to insufficient restriction of API access, allowing guest users to view information about public teams they are not members of via direct API calls...

4.3CVSS5.7AI score0.00186EPSS
Exploits0References5Affected Software2
veracode
veracode
added 2025/06/06 5:7 a.m.8 views

Unauthorized Information Disclosure

@haxtheweb/open-apis is vulnerable to unauthenticated information disclosure. The vulnerability is due to improper access control on the haxPsuUsage API endpoint, allowing remote unauthenticated users to retrieve a list of PSU websites hosted on HAX CMS...

5.3CVSS5AI score0.00313EPSS
Exploits0References3Affected Software1
cve
cve
added 2025/04/08 5:23 p.m.104 views

CVE-2025-26672

CVE-2025-26672 is described as a buffer over-read in Windows Routing and Remote Access Service (RRAS) that allows an unauthenticated attacker to disclose information over the network. Connected sources corroborate that RRAS is the affected component and frame the impact as an information disclosu...

6.5CVSS6.8AI score0.01644EPSS
Exploits0References1Affected Software15
nessus
nessus
added 2025/03/05 12:0 a.m.12 views

Linux Distros Unpatched Vulnerability : CVE-2022-24302

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Paramiko before 2.10.1, a race condition between creation and chmod in the writeprivatekeyfile function could allow unauthorized information disclosure...

5.9CVSS6.6AI score0.0208EPSS
Exploits1References2
vulnrichment
vulnrichment
added 2025/02/06 12:0 a.m.11 views

CVE-2024-57430

An SQL injection vulnerability in the pjActionGetUser function of PHPJabbers Cinema Booking System v2.0 allows attackers to manipulate database queries via the column parameter. Exploiting this flaw can lead to unauthorized information disclosure, privilege escalation, or database manipulation...

9.6AI score0.00846EPSS
Exploits4References2
cve
cve
added 2025/02/06 12:0 a.m.62 views

CVE-2024-57430

CVE-2024-57430 affects PHPJabbers Cinema Booking System v2.0. The vulnerability is an SQL injection in the pjActionGetUser function, exploitable via the column parameter, enabling manipulation of database queries and potentially leading to unauthorized data disclosure, privilege escalation, or da...

9.8CVSS7.8AI score0.00846EPSS
Exploits4References2Affected Software1
zdt
zdt
added 2025/02/05 12:0 a.m.182 views

PHPJabbers Cinema Booking System 2.0 SQL Injection Vulnerability

CVE-2024-57430 An SQL injection vulnerability in the pjActionGetUser function of PHPJabbers Cinema Booking System v2.0 allows attackers to manipulate database queries via the column parameter. Exploiting this flaw can lead to unauthorized information disclosure, privilege escalation, or database...

9.8CVSS7.4AI score0.00846EPSS
Exploits6
nvd
nvd
added 2024/08/14 3:15 p.m.15 views

CVE-2024-25157

An authentication bypass vulnerability in GoAnywhere MFT prior to 7.6.0 allows Admin Users with access to the Agent Console to circumvent some permission checks when attempting to visit other pages. This could lead to unauthorized information disclosure or modification...

6.5CVSS0.00498EPSS
Exploits0References1
bdu_fstec
bdu_fstec
added 2024/07/19 12:0 a.m.9 views

The vulnerability of SIMATIC PCS, SIMATIC WinCC Runtime Professional, and SIMATIC WinCC control systems lies in the unauthorized provision of information to unauthorized individuals, allowing intruders to gain unauthorized access to protected information.

The vulnerability of SIMATIC PCS, SIMATIC WinCC Runtime Professional, and SIMATIC WinCC control systems lies in the unauthorized provision of information to unauthorized individuals due to improperly processed requests. Exploiting this vulnerability can allow an intruder to gain unauthorized acce...

5.9CVSS7.2AI score0.00514EPSS
Exploits0References2Affected Software2
veracode
veracode
added 2024/04/25 5:29 a.m.18 views

Out-of-bounds Read

FreeRDP is vulnerable to Out-of-bounds Read. The vulnerability is caused due to inadequate bounds checking when reading data from a buffer.This allows an attacker to access or manipulate data outside its intended range, potentially leading to unauthorized information disclosure...

9.8CVSS9.2AI score0.0137EPSS
Exploits0References9Affected Software1
osv
osv
added 2024/04/08 1:15 p.m.3 views

CVE-2024-31816

In TOTOLINK EX200 V4.0.3c.7646B20201211, an attacker can obtain sensitive information without authorization through the function getEasyWizardCfg...

7.5CVSS5.8AI score0.02702EPSS
Exploits0References1
Rows per page
Query Builder