Important: pcp security update
Performance Co-Pilot (PCP) is a suite of tools, services, and libraries for acquisition, archiving, and analysis of system-level performance measurements. Its light-weight distributed architecture makes it particularly well-suited to centralized analysis of complex systems. Security Fix(es): pcp:.....
8.8CVSS
7.2AI Score
0.0004EPSS
Chauffeur Taxi Booking System for WordPress < 7.0 - Authentication Bypass
Description The Chauffeur Taxi Booking System for WordPress plugin for WordPress is vulnerable to authenticated bypass in all versions up to, and including, 6.9. This is due to the plugin not properly validating a user's identity. This makes it possible for unauthenticated attackers to perform...
8.2CVSS
6.5AI Score
0.0004EPSS
Sensitive Information leak via Log File in Kubernetes
In Kubernetes clusters using Ceph RBD as a storage provisioner, with logging level of at least 4, Ceph RBD admin secrets can be written to logs. This occurs in kube-controller-manager's logs during provisioning of Ceph RBD persistent claims. This affects < v1.19.3, < v1.18.10, <...
5.5CVSS
6.4AI Score
0.0005EPSS
Red Hat JBoss Enterprise Application Platform - Sensitive Information Disclosure
Red Hat JBoss Enterprise Application Platform 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 is susceptible to sensitive information disclosure. A remote attacker can obtain sensitive information about "deployed web contexts" via a request to the status servlet, as demonstrated by a full=true...
5.5AI Score
0.006EPSS
CVE-2024-24919 Name: CVE-2024-24919 Scanner Author:...
8.6CVSS
9.1AI Score
0.945EPSS
CVE-2024-24919 Esse projeto tem como objetivo criar uma...
8.6CVSS
6.3AI Score
0.945EPSS
(RHSA-2024:3392) Important: pcp security update
Performance Co-Pilot (PCP) is a suite of tools, services, and libraries for acquisition, archiving, and analysis of system-level performance measurements. Its light-weight distributed architecture makes it particularly well-suited to centralized analysis of complex systems. Security Fix(es): pcp:.....
7.2AI Score
0.0004EPSS
Podlove Web Player < 5.7.4 - Missing Authorization to Unauthenticated Information Exposure
Description The Podlove Web Player plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the /shortcode REST API endpoint in all versions up to, and including, 5.7.3. This makes it possible for unauthenticated attackers to view information they...
5.3CVSS
6.4AI Score
0.0004EPSS
Sourcecodester Car Rental Management System 1.0 - Stored Cross-Site Scripting
Sourcecodester Car Rental Management System 1.0 is vulnerable to cross-site scripting via the vehicalorcview...
5.4CVSS
5.2AI Score
0.001EPSS
7.4AI Score
EPSS
Sensitive Information Disclosure
github.com/helm/helm/ is vulnerable to Sensitive Information Disclosure. The vulnerability is due to displaying secret values during a --dry-run call, posing a security risk of information disclosure, especially in CI/CD tool...
6.5AI Score
0.0004EPSS
Generation of Error Message Containing Sensitive Information in zsa
Impact All users are impacted. The zsa application transfers the parse error stack from the server to the client in production build mode. This can potentially reveal sensitive information about the server environment, such as the machine username and directory paths. An attacker could exploit...
4CVSS
4.3AI Score
0.0004EPSS
TYPO3 Information Disclosure Vulnerability Exploitable by Editors
It has been discovered, that editors with access to the file list module could list all files names and folder names in the root directory of a TYPO3 installation. Modification of files, listing further nested directories or retrieving file contents was not possible. A valid backend user account...
7AI Score
Generation of Error Message Containing Sensitive Information in zsa
Impact All users are impacted. The zsa application transfers the parse error stack from the server to the client in production build mode. This can potentially reveal sensitive information about the server environment, such as the machine username and directory paths. An attacker could exploit...
4CVSS
4.3AI Score
0.0004EPSS
TYPO3 Disclosure of Information about Installed Extensions
It has been discovered that mechanisms used for configuration of RequireJS package loading are susceptible to information disclosure. This way a potential attack can retrieve additional information about installed system and third party...
6.7AI Score
TYPO3 Information Disclosure Vulnerability Exploitable by Editors
It has been discovered, that editors with access to the file list module could list all files names and folder names in the root directory of a TYPO3 installation. Modification of files, listing further nested directories or retrieving file contents was not possible. A valid backend user account...
7AI Score
github.com/zitadel/zitadel is vulnerable to an Information Disclosure. The vulnerability is due to inadequate error handling, which can allows expose sensitive database connection information to users during a connection...
5.3CVSS
6.6AI Score
0.0004EPSS
Sourcecodester Pharmacy/Medical Store Point of Sale System 1.0 is vulnerable SQL Injection via login.php. This vulnerability stems from inadequate validation of user inputs for the email and password parameters, allowing attackers to inject malicious SQL...
9.8CVSS
7.8AI Score
EPSS
TYPO3 Information Disclosure in Backend User Interface
The element information component used to display properties of a certain record is susceptible to information disclosure. The list of references from or to the record is not properly checked for the backend user’s permissions. A valid backend user account is needed in order to exploit this...
6.7AI Score
TYPO3 Information Disclosure in Backend User Interface
The element information component used to display properties of a certain record is susceptible to information disclosure. The list of references from or to the record is not properly checked for the backend user’s permissions. A valid backend user account is needed in order to exploit this...
6.7AI Score
NextGEN Gallery <= 3.59 - Missing Authorization to Unauthenticated Information Disclosure
The WordPress Gallery Plugin – NextGEN Gallery plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the get_item function in versions up to, and including, 3.59. This makes it possible for unauthenticated attackers to extract sensitive data...
5.3CVSS
5.1AI Score
0.082EPSS
Leak of sensitive information to log files in github.com/hashicorp/go-retryablehttp
URLs were not sanitized when writing them to log files. This could lead to writing sensitive HTTP basic auth credentials to the log...
7AI Score
Undertow's url-encoded request path information can be broken on ajp-listener
A vulnerability was found in Undertow. URL-encoded request path information can be broken for concurrent requests on ajp-listener, causing the wrong path to be processed and resulting in a possible denial of...
7.5CVSS
6.9AI Score
0.0004EPSS
CVE-2024-24919-PoC ![Screenshot of the exploit...
8.6CVSS
8.8AI Score
0.945EPSS
6.5CVSS
6.8AI Score
0.0004EPSS
D-LINK DNS-320L,DNS-320LW and DNS-327L - Information Disclosure
A vulnerability has been found in D-Link DNS-320L, DNS-320LW and DNS-327L up to 20240403 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /cgi-bin/info.cgi of the component HTTP GET Request...
5.3CVSS
6.9AI Score
0.001EPSS
Exploit for Cleartext Storage of Sensitive Information in Keepass
CVE-2023-24055 POC and Scanner for CVE-2023-24055 Use at...
5.5CVSS
6.2AI Score
0.001EPSS
Rails has possible Sensitive Session Information Leak in Active Storage
Possible Sensitive Session Information Leak in Active Storage There is a possible sensitive session information leak in Active Storage. By default, Active Storage sends a Set-Cookie header along with the user's session cookie when serving blobs. It also sets Cache-Control to public. Certain...
5.3CVSS
6.3AI Score
0.0004EPSS
Rails has possible Sensitive Session Information Leak in Active Storage
Possible Sensitive Session Information Leak in Active Storage There is a possible sensitive session information leak in Active Storage. By default, Active Storage sends a Set-Cookie header along with the user's session cookie when serving blobs. It also sets Cache-Control to public. Certain...
5.3CVSS
6.3AI Score
0.0004EPSS
TYPO3 Disclosure of Information about Installed Extensions
It has been discovered that mechanisms used for configuration of RequireJS package loading are susceptible to information disclosure. This way a potential attack can retrieve additional information about installed system and third party...
6.7AI Score
Insecure Permissions vulnerability in JLINK Unionman Technology Co. Ltd Jlink AX1800 v.1.0 allows a remote attacker to escalate privileges via a crafted...
0.0004EPSS
7.4AI Score
EPSS
Insecure Permissions vulnerability in JLINK Unionman Technology Co. Ltd Jlink AX1800 v.1.0 allows a remote attacker to escalate privileges via a crafted...
6.8AI Score
0.0004EPSS
Zitadel exposing internal database user name and host information
Impact In case ZITADEL could not connect to the database, connection information including db name, username and db host name could be returned to the user. Patches 2.x versions are fixed on >= 2.50.3 2.49.x versions are fixed on >= 2.49.5 2.48.x versions are fixed on >= 2.48.5 2.47.x vers...
5.3CVSS
6.8AI Score
0.0004EPSS
An issue in JLINK Unionman Technology Co. Ltd Jlink AX1800 v.1.0 allows a remote attacker to execute arbitrary code via the router's authentication...
8.1AI Score
0.0004EPSS
In validatePassword of WifiConfigurationUtil.java, there is a possible way to get the device into a boot loop due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for...
5.5CVSS
6.9AI Score
0.0004EPSS
Ansible-core information disclosure flaw
An information disclosure flaw was found in ansible-core due to a failure to respect the ANSIBLE_NO_LOG configuration in some scenarios. It was discovered that information is still included in the output in certain tasks, such as loop items. Depending on the task, this issue may include sensitive.....
5.5CVSS
6.5AI Score
0.0004EPSS
Ansible-core information disclosure flaw
An information disclosure flaw was found in ansible-core due to a failure to respect the ANSIBLE_NO_LOG configuration in some scenarios. It was discovered that information is still included in the output in certain tasks, such as loop items. Depending on the task, this issue may include sensitive.....
5.5CVSS
6.5AI Score
0.0004EPSS
An issue in JLINK Unionman Technology Co. Ltd Jlink AX1800 v.1.0 allows a remote attacker to execute arbitrary code via the router's authentication...
0.0004EPSS
Doctormms v1.0 was discovered to contain a SQL injection vulnerability via the $userid parameter at myAppoinment.php. NOTE: this is disputed by a third party who claims that the userid is a session variable controlled by the server, and thus cannot be used for exploitation. The original reporter...
9.8CVSS
9.7AI Score
0.001EPSS
Undertow's url-encoded request path information can be broken on ajp-listener
A vulnerability was found in Undertow. URL-encoded request path information can be broken for concurrent requests on ajp-listener, causing the wrong path to be processed and resulting in a possible denial of...
7.5CVSS
6.6AI Score
0.0004EPSS
Check Point Security Gateways Information Disclosure -...
8.6CVSS
8.6AI Score
0.945EPSS
MediaWiki information disclosure
In MediaWiki through 1.33.0, Special:Redirect allows information disclosure of suppressed usernames via a User ID...
5.3CVSS
6.4AI Score
0.007EPSS
LatePoint Plugin < 4.9.9.1 - Missing Authorization and Sensitive Information Exposure via IDOR
Description The LatePoint Plugin plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the 'start_or_use_session_for_customer' function in all versions up to and including 4.9.9. This makes it possible for unauthenticated...
9.1CVSS
6.6AI Score
0.001EPSS
**Check Point Security Gateway RCE Exploit Tool...
8.6CVSS
7.2AI Score
0.945EPSS
An issue in JLINK Unionman Technology Co. Ltd Jlink AX1800 v.1.0 allows a remote attacker to execute arbitrary code via the router's authentication...
0.0004EPSS
Revenue Collection System v1.0 was discovered to contain a SQL injection vulnerability at...
9.8CVSS
9.7AI Score
0.002EPSS
ReadToMyShoe - Generation of Error Message Containing Sensitive Information
ReadToMyShoe generates an error message containing sensitive information prior to commit 8533b01. If an error occurs when adding an article, the website shows the user an error message. If the error originates from the Google Cloud TTS request, it will include the full URL of the request, which...
7.4CVSS
6.3AI Score
0.172EPSS
WordPress WP Security Audit Log 3.1.1 - Information Disclosure
WordPress WP Security Audit Log 3.1.1 plugin is susceptible to information disclosure. Access to wp-content/uploads/wp-security-audit-log/* files is not restricted. An attacker can obtain sensitive information, modify data, and/or execute unauthorized...
5.3CVSS
5AI Score
0.032EPSS
Insecure Permissions vulnerability in JLINK Unionman Technology Co. Ltd Jlink AX1800 v.1.0 allows a remote attacker to escalate privileges via a crafted...
0.0004EPSS