9.8CVSS
8.4AI Score
EPSS
TYPO3 Information Disclosure in Install Tool
The Install Tool exposes the current TYPO3 version number to non-authenticated...
7AI Score
In various functions of various files, there is a possible way to bypass the DISALLOW_DEBUGGING_FEATURES restriction for tracing due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
7.8CVSS
6.8AI Score
0.0004EPSS
Description The RestroPress – Online Food Ordering System plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 3.1.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated....
6.5CVSS
5.7AI Score
0.0004EPSS
ZendFramework Potential Information Disclosure and Insufficient Entropy vulnerabilities
In Zend Framework 2, the Zend\Math\Rand component generates random bytes using the OpenSSL or Mcrypt extensions when available but will otherwise use PHP's mt_rand() function as a fallback. All outputs from mt_rand() are predictable for the same PHP process if an attacker can brute force the seed.....
7.3AI Score
Sourcecodester Online Event Booking and Reservation System 2.3.0 - Cross-Site Scripting
Sourcecodester Online Event Booking and Reservation System 2.3.0 contains a cross-site scripting vulnerability in PHP/MySQL via the msg parameter to /event-management/index.php. An attacker can leverage this vulnerability in order to change the visibility of the website. Once the target user...
4.3CVSS
4.3AI Score
0.001EPSS
TYPO3 Information Disclosure in Page Tree
It has been discovered backend users not having read access to specific pages still could see them in the page tree which actually should be disallowed. A valid backend user account is needed in order to exploit this...
6.8AI Score
Release Information for Veeam Backup & Replication 12.1 and Updates
Release Information for Veeam Backup & Replication 12.1 and...
7.2AI Score
Zend-Captcha Information Disclosure and Insufficient Entropy vulnerability
In Zend Framework, Zend_Captcha_Word (v1) and Zend\Captcha\Word (v2) generate a "word" for a CAPTCHA challenge by selecting a sequence of random letters from a character set. Prior to this advisory, the selection was performed using PHP's internal array_rand() function. This function does not...
6.6AI Score
School Dormitory Management System 1.0 - Authenticated Cross-Site Scripting
School Dormitory Management System 1.0 contains an authenticated cross-site scripting vulnerability via admin/inc/navigation.php:125. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal...
6.1CVSS
6.1AI Score
0.001EPSS
In multiple functions of multiple files, there is a possible way to bypass the DISALLOW_DEBUGGING_FEATURES restriction for tracing due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for.....
7.8CVSS
6.8AI Score
0.0004EPSS
Online Birth Certificate System 1.2 - Stored Cross-Site Scripting
Online Birth Certificate System 1.2 contains multiple stored cross-site scripting vulnerabilities in the component /obcs/user/profile.php, which allows an attacker to execute arbitrary web script or HTML via a crafted payload injected into the fname or lname...
6.1CVSS
6.2AI Score
0.002EPSS
Hashicorp Vault may expose sensitive log information in github.com/hashicorp/vault
Hashicorp Vault may expose sensitive log information in...
6.5CVSS
6.4AI Score
0.001EPSS
Security Bulletin: IBM QRadar Suite software is vulnerable to information exposure
Summary IBM QRadar Suite software is vulnerable to information exposure through cache data. This has been updated in the latest release and vulnerabilities have been addressed. Please follow the instructions in the Remediation/Fixes section below to update to the latest version. Vulnerability...
4CVSS
6.7AI Score
0.0004EPSS
Summary WebSphere Application Server is shipped with IBM Tivoli System Automation Application Manager is vulnerable to a denial of service. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to...
6.4CVSS
6AI Score
0.0004EPSS
APM Server vulnerable to Insertion of Sensitive Information into Log File
An issue was discovered whereby APM Server could log at ERROR level, a response from Elasticsearch indicating that indexing the document failed and that response would contain parts of the original document. Depending on the nature of the document that the APM Server attempted to ingest, this...
7.5CVSS
6.5AI Score
0.001EPSS
Slack integration leaks sensitive information in logs
Impact Sentry's Slack integration incorrectly records the incoming request body in logs. This request data can contain sensitive information, including the deprecated Slack verification token. With this verification token, it is possible under specific configurations, an attacker can forge...
2CVSS
6.5AI Score
0.0004EPSS
Aimeos HTML client may potentially reveal sensitive information in error log
Impact Debug information can reveal sensitive information from environment variables in error log Affected platform Laravel environments with multi-vendor setups and admin access for the...
8.8CVSS
6.5AI Score
0.0004EPSS
Slack integration leaks sensitive information in logs
Impact Sentry's Slack integration incorrectly records the incoming request body in logs. This request data can contain sensitive information, including the deprecated Slack verification token. With this verification token, it is possible under specific configurations, an attacker can forge...
2CVSS
6.5AI Score
0.0004EPSS
A vulnerability was found in itsourcecode Bakery Online Ordering System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file index.php. The manipulation of the argument txtsearch leads to sql injection. The attack can be launched remotely....
9.8CVSS
7.7AI Score
0.001EPSS
Certain HP LaserJet Pro Printers – Potential Information Disclosure
A user with device administrative privileges can change existing SMTP server settings on the device, without having to re-enter SMTP server credentials. By redirecting send-to-email traffic to the new server, the original SMTP server credentials may potentially be exposed. Update your printer...
7.1AI Score
0.0004EPSS
Zendframework Potential Information Disclosure and Insufficient Entropy vulnerability
In Zend Framework, Zend_Captcha_Word (v1) and Zend\Captcha\Word (v2) generate a "word" for a CAPTCHA challenge by selecting a sequence of random letters from a character set. Prior to this advisory, the selection was performed using PHP's internal array_rand() function. This function does not...
6.6AI Score
Aimeos HTML client may potentially reveal sensitive information in error log
Debug information can reveal sensitive information from environment variables in error...
8.8CVSS
6.5AI Score
0.0004EPSS
ZendFramework Potential Information Disclosure and Insufficient Entropy vulnerabilities
In Zend Framework 2, the Zend\Math\Rand component generates random bytes using the OpenSSL or Mcrypt extensions when available but will otherwise use PHP's mt_rand() function as a fallback. All outputs from mt_rand() are predictable for the same PHP process if an attacker can brute force the seed.....
7.3AI Score
Vehicle Service Management System 1.0 - Stored Cross Site Scripting
Vehicle Service Management System 1.0 contains a stored cross-site scripting vulnerability via the Mechanic List section in login...
4.8CVSS
4.9AI Score
0.001EPSS
Cilium leaks sensitive information in cilium-bugtool in github.com/cilium/cilium
Cilium leaks sensitive information in cilium-bugtool in...
7.9CVSS
6.7AI Score
0.0004EPSS
Sourcecodester Hotel and Lodge Management System 2.0 - SQL Injection
Sourcecodester Hotel and Lodge Management System 2.0 contains a SQL injection vulnerability via the email parameter to the edit page for Customer, Room, Currency, Room Booking Details, or Tax Details. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized...
9.8CVSS
9.9AI Score
0.002EPSS
Security Bulletin: This Power System update is being released to address CVE-2023-37453
Summary This affects the BMC's physical USB ports. Vulnerability Details ** CVEID: CVE-2023-37453 DESCRIPTION: **Linux Kernel is vulnerable to a denial of service, caused by an out-of-bounds flaw in the read_descriptors function in drivers/usb/core/sysfs.c in the USB subsystem. By using a...
4.6CVSS
6.3AI Score
0.0005EPSS
Security Bulletin: This Power System update is being released to address CVE-2023-48795
Summary This affects the BMC's secure shell (SSH) interfaces which provides service access to the BMC's command shell, access to the host console, and service access to the hypervisor console. The BMC does not have SSH extensions, so a successful attack will not downgrade client connection...
5.9CVSS
7AI Score
0.963EPSS
Security Bulletin: This Power System update is being released to address CVE-2023-45857
Summary This affects the BMC's ASMi web application. Vulnerability Details ** CVEID: CVE-2023-45857 DESCRIPTION: **Axios is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By inserting the X-XSRF-TOKEN header using the secret XSRF-TOKEN cookie value.....
6.5CVSS
5.9AI Score
0.001EPSS
Silverstripe CMS information disclosure
In SilverStripe through 4.5.0, a specific URL path configured by default through the silverstripe/framework module can be used to disclose the fact that a domain is hosting a Silverstripe application. There is no disclosure of the specific version. The functionality on this URL path is limited to.....
7.5CVSS
6.8AI Score
0.003EPSS
Vulnerability Scanner for CVE-2024-24919 (need Shodan API)...
8.6CVSS
8.6AI Score
0.945EPSS
Sensitive Information leak via Log File in Kubernetes
In Kubernetes clusters using VSphere as a cloud provider, with a logging level set to 4 or above, VSphere cloud credentials will be leaked in the cloud controller manager's log. This affects <...
5.5CVSS
5.2AI Score
0.0005EPSS
Keycloak exposes sensitive information in Pushed Authorization Requests (PAR)
A flaw was found in Keycloak in the OAuth 2.0 Pushed Authorization Requests (PAR). Client provided parameters were found to be included in plain text in the KC_RESTART cookie returned by the authorization server's HTTP response to a request_uri authorization request. This could lead to an...
6.6AI Score
CVE-2024-24919-Exploit Overview This repository contains...
8.6CVSS
6.1AI Score
0.945EPSS
CVE-2024-24919-POC Read about it -...
8.6CVSS
6.5AI Score
0.945EPSS
mantisbt/mantisbt is vulnerable to Information Disclosure. The vulnerability is due to insufficient access checks when generating hyperlinks for users who do not have access, allowing some information to be revealed via the link, link label, and...
5.3CVSS
6.8AI Score
0.0004EPSS
WordPress WPS Hide Login <1.9.1 - Information Disclosure
WordPress WPS Hide Login plugin before 1.9.1 is susceptible to incorrect authorization. An attacker can obtain the secret login page by setting a random referer string and making a request to /wp-admin/options.php as an unauthenticated user. This reveals the secret login...
7.5CVSS
7.5AI Score
0.041EPSS
Eclipse Jetty <9.2.9.v20150224 - Sensitive Information Leakage
Eclipse Jetty before 9.2.9.v20150224 allows remote attackers to obtain sensitive information from process memory via illegal characters in an HTTP...
7.5CVSS
7.2AI Score
0.953EPSS
...
8.6CVSS
6.3AI Score
0.945EPSS
CVE-2024-24919 Bulk Scanner CVE-2024-24919 [Check Point...
8.6CVSS
6AI Score
0.945EPSS
Cleartext Transmission Of Sensitive Information
NASA AIT-Core is vulnerable to Cleartext Transmission of Sensitive Information. The vulnerability is due to using unencrypted channels to exchange data over the network, which allows an attacker to conduct a Man-in-the-Middle...
6.7AI Score
EPSS
Important: pcp security update
Performance Co-Pilot (PCP) is a suite of tools, services, and libraries for acquisition, archiving, and analysis of system-level performance measurements. Its light-weight distributed architecture makes it particularly well-suited to centralized analysis of complex systems. Security Fix(es): pcp:.....
8.8CVSS
7.2AI Score
0.0004EPSS
Important: pcp security update
Performance Co-Pilot (PCP) is a suite of tools, services, and libraries for acquisition, archiving, and analysis of system-level performance measurements. Its light-weight distributed architecture makes it particularly well-suited to centralized analysis of complex systems. Security Fix(es): pcp:.....
8.8CVSS
6.7AI Score
0.0004EPSS
Aimeos HTML client may potentially reveal sensitive information in error log
Impact Debug information can reveal sensitive information from environment variables in error log Affected platform Laravel environments with multi-vendor setups and admin access for the...
8.8CVSS
6.5AI Score
0.0004EPSS
Advanced Contact form 7 DB <= 2.0.2 - Sensitive Information Exposure
Description The Advanced Contact form 7 DB plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.0.2 via the wp-content/uploads/advanced-cf7-upload directory. This makes it possible for unauthenticated attackers to extract sensitive data...
5.3CVSS
6.7AI Score
0.0005EPSS
7.4AI Score
6.5CVSS
7.6AI Score
0.0005EPSS
CVE-2024-26226 Windows Distributed File System (DFS) Information Disclosure Vulnerability
...
6.5CVSS
6.8AI Score
0.0005EPSS
D-Link DIR-610 Devices - Information Disclosure
D-Link DIR-610 devices allow information disclosure via SERVICES=DEVICE.ACCOUNT%0AAUTHORIZED_GROUP=1 to...
7.5CVSS
7.3AI Score
0.97EPSS