Faculty Evaluation System v1.0 - SQL Injection
Sourcecodester Faculty Evaluation System v1.0 is vulnerable to SQL Injection via...
7.2CVSS
7.4AI Score
0.007EPSS
Doctor Appointment System 1.0 - SQL Injection
SQL injection in the expertise parameter in search_result.php in Doctor Appointment System...
6.5CVSS
7AI Score
0.02EPSS
HPE System Management - Cross-Site Scripting
HPE System Management contains a cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other...
5.4CVSS
5.5AI Score
0.967EPSS
Cilium leaks sensitive information in cilium-bugtool
Impact The output of cilium-bugtool can contain sensitive data when the tool is run (with the --envoy-dump flag set) against Cilium deployments with the Envoy proxy enabled. Users of the following features are affected: TLS inspection Ingress with TLS termination Gateway API with TLS termination...
7.9CVSS
6.7AI Score
0.0004EPSS
typo3 Information Disclosure Security Note
Due to reports it has been validated that internal workspaces in Neos are accessible without authentication. Some users assumed this is a planned feature but it is not. A workspace preview should be an additional feature with respective security measures in place. Note that this only allows...
6.8AI Score
Doctor Appointment System 1.0 - SQL Injection
Blind SQL injection in contactus.php in Doctor Appointment System 1.0 allows an unauthenticated attacker to insert malicious SQL queries via firstname...
7.5CVSS
8AI Score
0.121EPSS
CirCarLife Scada <4.3 - System Log Exposure
CirCarLife Scada before 4.3 allows remote attackers to obtain sensitive information via a direct request for the html/log or services/system/info.html URI. CirCarLife is an internet-connected electric vehicle charging...
9.8CVSS
9.1AI Score
0.944EPSS
Simple Employee Records System 1.0 - Unrestricted File Upload
Simple Employee Records System 1.0 contains an arbitrary file upload vulnerability due to client-side validation of file extensions. This can be used to upload executable code to the server to obtain access or perform remote command...
7.2CVSS
7.3AI Score
0.038EPSS
8.6CVSS
6.6AI Score
0.945EPSS
Information Disclosure in TYPO3 CMS
Failing to properly check user permission on file storages, editors could gain knowledge of protected storages and its folders as well as using them in a file collection being rendered in the frontend. A valid backend user account is needed to exploit this...
7.2AI Score
Information Disclosure in TYPO3 CMS
HTTP requests being performed using the TYPO3 API expose the specific TYPO3 version to the called...
7.1AI Score
Information Disclosure in TYPO3 CMS
HTTP requests being performed using the TYPO3 API expose the specific TYPO3 version to the called...
7.1AI Score
Information Disclosure in TYPO3 Backend
The TYPO3 backend module stores the username of an authenticated backend user in its cache files. By guessing the file path to the cache files it is possible to receive valid backend...
6.9AI Score
Vehicle Service Management System 1.0 - Cross Site Scripting
Vehicle Service Management System 1.0 contains a cross-site scripting vulnerability via the User List section in login...
4.8CVSS
4.9AI Score
0.001EPSS
Ansible-core is vulnerable to information disclosure. The vulnerability is due to a failure to respect the ANSIBLE_NO_LOG configuration in some scenarios, leading to sensitive information being included in the output during certain tasks, such as loop...
5.5CVSS
6AI Score
0.0004EPSS
Eclipse Jetty - Information Disclosure
Eclipse Jetty 9.4.37-9.4.42, 10.0.1-10.0.5 and 11.0.1-11.0.5 are susceptible to improper authorization. URIs can be crafted using some encoded characters to access the content of the WEB-INF directory and/or bypass some security constraints. An attacker can potentially obtain sensitive...
5.3CVSS
5.6AI Score
0.489EPSS
Rocket.Chat <3.9.1 - Information Disclosure
Rocket.Chat through 3.9.1 is susceptible to information disclosure. An attacker can enumerate email addresses via the password reset function and thus potentially access sensitive information, modify data, and/or execute unauthorized...
5.3CVSS
5.3AI Score
0.012EPSS
IBM InfoSphere Information Server 11.7 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: ...
6.5CVSS
4.9AI Score
0.0004EPSS
A reflected cross-site scripting (XSS) vulnerability in msaad1999's PHP-Login-System 2.0.1 allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the 'selector' parameter in...
6.1CVSS
6.2AI Score
0.001EPSS
Security Advisory - Path Traversal Vulnerability in Huawei Home Music System
Some Huawei home music system products have a path traversal vulnerability. Successful exploitation of this vulnerability may cause unauthorized file deletion or file permission change.(Vulnerability ID:HWPSIRT-2023-53450) This vulnerability has been assigned a...
6.7AI Score
EPSS
Moodle BigBlueButton web service leaks meeting joining information
Insufficient capability checks meant it was possible for users to gain access to BigBlueButton join URLs they did not have permission to...
7AI Score
0.0004EPSS
Moodle BigBlueButton web service leaks meeting joining information
Insufficient capability checks meant it was possible for users to gain access to BigBlueButton join URLs they did not have permission to...
7AI Score
0.0004EPSS
An update is available for pcp. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Performance Co-Pilot (PCP) is a suite of tools, services, and libraries for...
8.8CVSS
7.2AI Score
0.0004EPSS
Information disclosure in podman in github.com/containers/libpod
Information disclosure in podman in...
5.3CVSS
5.3AI Score
0.001EPSS
Exploit for Cleartext Transmission of Sensitive Information in Keepass
Keepass-Dumper This is my PoC implementation for...
6.5AI Score
Jorani Leave Management System 0.6.5 - Cross-Site Scripting
Persistent cross-site scripting (XSS) issues in Jorani 0.6.5 allow remote attackers to inject arbitrary web script or HTML via the language parameter to...
5.4CVSS
5.3AI Score
0.037EPSS
Academy Learning Management System <5.9.1 - Cross-Site Scripting
Academy Learning Management System before 5.9.1 contains a cross-site scripting vulnerability via the Search parameter. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based...
6.1CVSS
6.1AI Score
0.002EPSS
Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Minio
CVE-2023-28432...
7.5CVSS
7.9AI Score
0.865EPSS
System Dashboard < 2.8.10 - XSS via Header Injection
Description The plugin does not sanitize and escape some parameters, which could allow administrators in multisite WordPress configurations to perform Cross-Site Scripting attacks PoC X-Forwarded-For:...
5.9AI Score
0.0004EPSS
In declareDuplicatePermission of ParsedPermissionUtils.java, there is a possible way to obtain a dangerous permission without user consent due to improper input validation. This could lead to local escalation of privilege during app installation or upgrade with no additional execution privileges...
7.8CVSS
7AI Score
0.0004EPSS
Elastic Beats inserts sensitive information into log file
An issue was discovered by Elastic whereby Beats and Elastic Agent would log a raw event in its own logs at the WARN or ERROR level if ingesting that event to Elasticsearch failed with any 4xx HTTP status code except 409 or 429. Depending on the nature of the event that Beats or Elastic Agent...
6.8CVSS
6.7AI Score
0.0005EPSS
Employee And Visitor Gate Pass Logging System 1.0 SQL Injection Vulnerability
Employee and Visitor Gate Pass Logging System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication...
8.7AI Score
TerraMaster TOS < 4.2.30 Server Information Disclosure
TerraMaster NAS devices running TOS prior to version 4.2.30 are vulnerable to information...
7.5CVSS
7.8AI Score
0.939EPSS
WAVLINK WN530H4 M30H4.V5030.190403 - Information Disclosure
WAVLINK WN530H4 M30H4.V5030.190403 contains an information disclosure vulnerability in the /cgi-bin/ExportAllSettings.sh endpoint. This can allow an attacker to leak router settings, including cleartext login details, DNS settings, and other sensitive information without...
7.5CVSS
7.2AI Score
0.053EPSS
scrapy is vulnerable to Information Disclosure. The vulnerability is due to redirects ignoring scheme specific proxy settings, which results in http / https schemes using the wrong proxy if the proxy was configured to be scheme...
7.5CVSS
6.7AI Score
0.0004EPSS
Sensitive Information Into Log File
jberet-core is vulnerable to Insertion of Sensitive Information into Log File. The vulnerability is due to missing data masking during logging via the getConnection method within JdbcRepository.java. It occurs when error messages include sensitive information, such as database connection...
6.5CVSS
6.7AI Score
0.0004EPSS
LearnDash LMS < 4.10.3 - Sensitive Information Exposure
The LearnDash LMS plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.10.2 via API. This makes it possible for unauthenticated attackers to obtain access to quiz...
5.3CVSS
5.3AI Score
0.01EPSS
MinIO information disclosure vulnerability
Impact If-Modified-Since If-Unmodified-Since Headers when used with anonymous requests by sending a random object name requests you can figure out if the object exists or not on the server on a specific bucket and also gain access to some amount of information such as Last-Modified (of the...
5.3CVSS
6.2AI Score
0.0004EPSS
Jeecg Boot <= 2.4.5 - Sensitive Information Disclosure
Jeecg Boot <= 2.4.5 API interface has unauthorized access and leaks sensitive information such as email,phone and Enumerate usernames that exist in the...
7.5CVSS
7.3AI Score
0.004EPSS
DataTaker DT80 dEX 1.50.012 - Information Disclosure
DataTaker DT80 dEX 1.50.012 is susceptible to information disclosure. A remote attacker can obtain sensitive credential and configuration information via a direct request for the /services/getFile.cmd?userfile=config.xml URI, thereby possibly accessing sensitive information, modifying data, and/or....
9.8CVSS
9.1AI Score
0.943EPSS
Linear eMerge E3-Series - Information Disclosure
Linear eMerge E3-Series devices are susceptible to information disclosure. Admin credentials are stored in clear text at the endpoint /test.txt in situations where the default admin credentials have been changed. An attacker can obtain admin credentials, access the admin dashboard, control...
8.2CVSS
8.1AI Score
0.003EPSS
Reprise License Manager 14.2 - Information Disclosure
Reprise License Manager 14.2 is susceptible to information disclosure via a GET request to /goforms/rlminfo. No authentication is required. The information disclosed is associated with software versions, process IDs, network configuration, hostname(s), system architecture and file/directory...
5.3CVSS
5.4AI Score
0.053EPSS
WordPress BulletProof Security 5.1 Information Disclosure
The BulletProof Security WordPress plugin is vulnerable to sensitive information disclosure due to a file path disclosure in the publicly accessible ~/db_backup_log.txt file which grants attackers the full path of the site, in addition to the path of database backup files. This affects versions up....
5.3CVSS
4.9AI Score
0.314EPSS
PRTG Network Monitor <20.1.57.1745 - Information Disclosure
PRTG Network Monitor before 20.1.57.1745 is susceptible to information disclosure. An attacker can obtain information about probes running or the server itself via an HTTP request, thus potentially being able to modify data and/or execute unauthorized administrative operations in the context of...
5.3CVSS
5.1AI Score
0.001EPSS
microsoft.powerbi.javascript is vulnerable to an Information Disclosure. The vulnerability is due to improper handling of sensitive information, which may allow an attacker to access unauthorized data if a user visits a site with malicious...
6.5CVSS
6.1AI Score
0.001EPSS
TYPO3 Information Disclosure in Install Tool
The Install Tool exposes the current TYPO3 version number to non-authenticated...
7AI Score
TYPO3 Information Disclosure of Installed Extensions
It has been discovered that mechanisms used for configuration of RequireJS package loading are susceptible to information disclosure. This way a potential attack can retrieve additional information about installed system and third party...
6.7AI Score
Elastic Beats inserts sensitive information into log file
An issue was discovered by Elastic whereby Beats and Elastic Agent would log a raw event in its own logs at the WARN or ERROR level if ingesting that event to Elasticsearch failed with any 4xx HTTP status code except 409 or 429. Depending on the nature of the event that Beats or Elastic Agent...
6.8CVSS
6.7AI Score
0.0005EPSS
Zend-developer-tools information disclosure vulnerability
The package zendframework/zend-developer-tools provides a web-based toolbar for introspecting an application. When updating the package to support PHP 7.3, a change was made that could potentially prevent toolbar entries that are enabled by default from being...
7.1AI Score
TYPO3 Information Disclosure of Installed Extensions
It has been discovered that mechanisms used for configuration of RequireJS package loading are susceptible to information disclosure. This way a potential attack can retrieve additional information about installed system and third party...
6.7AI Score