Exploit for Improper Validation of Specified Quantity in Input in Linux Linux Kernel
RNDIS-CO Summary The RNDIS USB Gadget may be exploited...
6.9AI Score
Car Rental Management System 1.0 - SQL Injection
Car Rental Management System 1.0 contains an SQL injection vulnerability via /admin/view_car.php?id=. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected...
7.2CVSS
7.3AI Score
0.011EPSS
Car Rental Management System 1.0 - SQL Injection
Car Rental Management System 1.0 contains an SQL injection vulnerability via /booking.php?car_id=. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected...
7.2CVSS
7.3AI Score
0.011EPSS
Car Rental Management System 1.0 - SQL Injection
Car Rental Management System 1.0 contains an SQL injection vulnerability via /admin/ajax.php?action=login. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected...
7.2CVSS
7.3AI Score
0.012EPSS
WyreStorm Apollo VX20 - Information Disclosure
An issue was discovered on WyreStorm Apollo VX20 devices before 1.3.58. Remote attackers can discover cleartext credentials for the SoftAP (access point) Router /device/config using an HTTP GET...
6.6AI Score
0.005EPSS
Hashicorp Vault may expose sensitive log information
Vault and Vault Enterprise (“Vault”) may expose sensitive information when enabling an audit device which specifies the log_raw option, which may log sensitive information to other audit devices, regardless of whether they are configured to use...
6.5CVSS
6.3AI Score
0.001EPSS
GitLab CE/EE - Information Disclosure
GitLab CE/EE is susceptible to information disclosure. An attacker can access runner registration tokens using quick actions commands, thereby making it possible to obtain sensitive information, modify data, and/or execute unauthorized operations. Affected versions are from 12.10 before 14.6.5,...
10CVSS
9AI Score
0.033EPSS
WAVLINK WN535 G3 - Information Disclosure
WAVLINK WN535 G3 M35G3R.V5030.180927 is susceptible to information disclosure in the live_mfg.shtml page. An attacker can obtain sensitive router information via the exec cmd function and possibly obtain additional sensitive information, modify data, and/or execute unauthorized...
7.5CVSS
6.4AI Score
0.009EPSS
WordPress Guppy <=1.1 - Information Disclosure
WordPress Guppy plugin through 1.1 is susceptible to an API disclosure vulnerability. This can allow an attacker to obtain all user IDs and then use them to make API requests to get messages sent between users and/or send messages posing as one user to...
6.5CVSS
6.2AI Score
0.002EPSS
AccessAlly <3.5.7 - Sensitive Information Leakage
WordPress AccessAlly plugin before 3.5.7 allows sensitive information leakage because the file "resource/frontend/product/product-shortcode.php" (which is responsible for the [accessally_order_form] shortcode) dumps serialize($_SERVER), which contains all environment variables. The leakag...
7.5CVSS
7.5AI Score
0.026EPSS
7.2AI Score
0.001EPSS
MinIO Cluster Deployment - Information Disclosure
MinIO is susceptible to information disclosure. In a cluster deployment starting with RELEASE.2019-12-17T23-16-33Z and prior to RELEASE.2023-03-20T20-16-18Z, MinIO returns all environment variables, including MINIO_SECRET_KEY and MINIO_ROOT_PASSWORD. An attacker can potentially obtain sensitive...
7.5CVSS
7.5AI Score
0.865EPSS
GLPI 9.2/<9.5.6 - Information Disclosure
GLPI 9.2 and prior to 9.5.6 is susceptible to information disclosure via the telemetry endpoint, which discloses GLPI and server information. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized...
5.3CVSS
5.2AI Score
0.001EPSS
Cobub Razor 0.8.0 - Information Disclosure
Cobub Razor 0.8.0 is susceptible to information disclosure via generate.php, controllers/getConfigTest.php, controllers/getUpdateTest.php, controllers/postclientdataTest.php, controllers/posterrorTest.php, controllers/posteventTest.php, controllers/posttagTest.php,...
5.3CVSS
5.2AI Score
0.002EPSS
Weaver OA 9.5 - Information Disclosure
A vulnerability was found in Weaver OA 9.5 and classified as problematic. This issue affects some unknown processing of the file /building/backmgr/urlpage/mobileurl/configfile/jx2_config.ini. The manipulation leads to files or directories accessible. The attack may be initiated...
7.5CVSS
6.3AI Score
0.106EPSS
WAVLINK WN535 G3 - Information Disclosure
WAVLINK WN535 G3 M35G3R.V5030.180927 is susceptible to information disclosure in live_check.shtml. An attacker can obtain sensitive router information via execution of the exec cmd function and thereby possibly obtain additional sensitive information, modify data, and/or execute unauthorized...
7.5CVSS
6.5AI Score
0.009EPSS
Information Disclosure in Jira Core Data Center
This High severity Information Disclosure vulnerability was introduced in versions 9.4.0, 9.12.0, and 9.15.0 of Jira Core Data Center. This Information Disclosure vulnerability, with a CVSS Score of 7.4, allows an unauthenticated attacker to view sensitive information via an Information Disclosure....
9.8CVSS
6.3AI Score
0.022EPSS
Information Exposure Through Misconfigured Permissions
Moodle is vulnerable to a Information Exposure Through Misconfigured Permissions. The vulnerability is due to misconfiguration in a shared hosting environment, allowing a user with access to restore feedback modules and direct access to the web server outside of the Moodle webroot to execute a...
6.4AI Score
0.0004EPSS
Cilium leaks sensitive information in cilium-bugtool
Impact The output of cilium-bugtool can contain sensitive data when the tool is run (with the --envoy-dump flag set) against Cilium deployments with the Envoy proxy enabled. Users of the following features are affected: TLS inspection Ingress with TLS termination Gateway API with TLS termination...
7.9CVSS
6.7AI Score
0.0004EPSS
Jeecg Boot <= 2.4.5 - Information Disclosure
An Insecure Permissions issue in jeecg-boot 2.4.5 allows unauthenticated remote attackers to gain escalated privilege and view sensitive information via the httptrace...
7.5CVSS
7.7AI Score
0.007EPSS
WordPress Transposh <=1.0.8.1 - Information Disclosure
WordPress Transposh plugin through is susceptible to information disclosure via the AJAX action tp_history, which is intended to return data about who has translated a text given by the token parameter. However, the plugin also returns the user's login name as part of the user_login attribute. If.....
5.3CVSS
5.1AI Score
0.025EPSS
Atlassian Confluence <5.8.17 - Information Disclosure
Atlassian Confluence before 5.8.17 contains an information disclsoure vulnerability. A remote authenticated user can read configuration files via the decoratorName parameter to (1) spaces/viewdefaultdecorator.action or (2)...
4.3CVSS
4.4AI Score
0.966EPSS
AMD Client UEFI – Cross-Process Information Leak
AMD has informed HP of a potential security vulnerability identified in some AMD client processors, which might allow information disclosure. AMD released firmware updates to mitigate these vulnerabilities. AMD has released updates to mitigate the potential vulnerability. HP has identified...
5.5CVSS
7AI Score
0.001EPSS
[Continual Calling to addAccountExplicitly Causes Permanent DoS to Android System]
In findAllDeAccounts of AccountsDb.java, there is a possible denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for...
5.5CVSS
5.4AI Score
0.0004EPSS
Directory Management System 1.0 - SQL Injection
Directory Management System 1.0 contains multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the.....
9.8CVSS
10AI Score
0.134EPSS
Hospital Management System 4.0 - SQL Injection
Hospital Management System 4.0 contains multiple SQL injection vulnerabilities because multiple pages and parameters do not validate user input. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of.....
8.8CVSS
9.3AI Score
0.384EPSS
In writeApplicationRestrictionsLAr of UserManagerService.java, there is a possible overwrite of system files due to a path traversal error. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for...
4.4CVSS
6.6AI Score
0.0004EPSS
Exposure of secrets through system log in Jenkins Structs Plugin
Structs Plugin provides utility functionality used, e.g., in Pipeline to instantiate and configure build steps, typically before their execution. When Structs Plugin 337.v1b_04ea_4df7c8 and earlier fails to configure a build step, it logs a warning message containing diagnostic information that...
6.4AI Score
0.0004EPSS
Doctor Appointment System 1.0 - SQL Injection
Blind SQL injection in contactus.php in Doctor Appointment System 1.0 allows an unauthenticated attacker to insert malicious SQL queries via the comment...
7.5CVSS
7.9AI Score
0.087EPSS
Doctor Appointment System 1.0 - SQL Injection
Blind SQL injection in contactus.php in Doctor Appointment System 1.0 allows an unauthenticated attacker to insert malicious SQL queries via email...
7.5CVSS
8AI Score
0.087EPSS
College Management System 1.0 - SQL Injection
College Management System 1.0 contains a SQL injection vulnerability via the course code...
8.8CVSS
9AI Score
0.596EPSS
passbolt/passbolt_api is vulnerable to Information Disclosure. The vulnerability is due to the exposure of session cookies through the /auth/verify.json endpoint, which returns cookies in the response similar to the TRACE HTTP method, potentially allowing an attacker to hijack a user session if...
6.1AI Score
Avada < 7.11.7 - Information Disclosure
The Avada theme for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.11.6 via the '/wp-content/uploads/fusion-forms/' directory. This makes it possible for unauthenticated attackers to extract sensitive data uploaded via an Avada created form with a....
5.3CVSS
5.2AI Score
0.001EPSS
Milesight Routers - Information Disclosure
A critical security vulnerability has been identified in Milesight Industrial Cellular Routers, compromising the security of sensitive credentials and permitting unauthorized access. This vulnerability stems from a misconfiguration that results in directory listing being enabled on the router...
7.5CVSS
7.8AI Score
0.007EPSS
Exposure of secrets through system log in Jenkins Structs Plugin
Structs Plugin provides utility functionality used, e.g., in Pipeline to instantiate and configure build steps, typically before their execution. When Structs Plugin 337.v1b_04ea_4df7c8 and earlier fails to configure a build step, it logs a warning message containing diagnostic information that...
6.4AI Score
0.0004EPSS
neos/flow is vulnerable to Information Disclosure. The vulnerability is due to entity security not properly integrating with the doctrine query cache, allowing users to reuse cached SQL queries built for other users based on their roles rather than their specific properties, potentially revealing.....
7.7AI Score
github.com/projectcalico/calico is vulnerable to Information Disclosure. The vulnerability is due to a compromised pod with sufficient privilege being able to reconfigure the node’s IPv6 interface, as the node accepts route advertisement by default, allowing the attacker to redirect full or...
6CVSS
6.9AI Score
0.001EPSS
Check Point Quantum Gateway - Information Disclosure
CVE-2024-24919 is an information disclosure vulnerability that can allow an attacker to access certain information on internet-connected Gateways which have been configured with IPSec VPN, remote access VPN, or mobile access software...
8.6CVSS
8.3AI Score
0.945EPSS
PlayTube 3.0.1 - Information Disclosure
A vulnerability was found in PlayTube 3.0.1 and classified as problematic. This issue affects some unknown processing of the component Redirect Handler. The manipulation leads to information disclosure. The attack may be initiated...
7.5CVSS
7.4AI Score
0.605EPSS
Important: pcp security update
Performance Co-Pilot (PCP) is a suite of tools, services, and libraries for acquisition, archiving, and analysis of system-level performance measurements. Its light-weight distributed architecture makes it particularly well-suited to centralized analysis of complex systems. Security Fix(es): pcp:.....
8.8CVSS
7.1AI Score
0.0004EPSS
7.4AI Score
Wipro Holmes Orchestrator 20.4.1 - Information Disclosure
Wipro Holmes Orchestrator 20.4.1 (20.4.1_02_11_2020) allows remote attackers to download arbitrary files, such as reports containing sensitive information, because authentication is not required for API access to processexecution/DownloadExcelFile/Domain_Credential_Report_Excel,...
7.5CVSS
7.2AI Score
0.052EPSS
Cilium leaks sensitive information in cilium-bugtool
Impact The output of cilium-bugtool can contain sensitive data when the tool is run (with the --envoy-dump flag set) against Cilium deployments with the Envoy proxy enabled. Users of the following features are affected: TLS inspection Ingress with TLS termination Gateway API with TLS termination...
7.9CVSS
6.7AI Score
0.0004EPSS
7.4AI Score
0.949EPSS
neos/neos is vulnerable to Information Disclosure. The vulnerability is due to improper access controls allowing the viewing of internal workspaces without authentication. This allows attackers to read sensitive content from internal workspaces without...
6.8AI Score
October System module has an Open Redirect for Administrator Accounts
Impact This advisory affects authenticated administrators who may be redirected to an untrusted URL using the PageFinder schema. The resolver for the page finder link schema (october://) allowed external links, therefore allowing an open redirect outside the scope of the active host. This...
3.5CVSS
6.5AI Score
0.001EPSS
Eclipse Jetty - Information Disclosure
Eclipse Jetty 9.4.37.v20210219 to 9.4.38.v20210224 is susceptible to improper authorization. The default compliance mode allows requests with URIs that contain %2e or %2e%2e segments to access protected resources within the WEB-INF directory. An attacker can access sensitive information regarding.....
5.3CVSS
5.3AI Score
0.064EPSS
typo3 Information Disclosure Security Note
Due to reports it has been validated that internal workspaces in Neos are accessible without authentication. Some users assumed this is a planned feature but it is not. A workspace preview should be an additional feature with respective security measures in place. Note that this only allows...
6.8AI Score
Doctor Appointment System 1.0 - SQL Injection
Blind SQL injection in contactus.php in Doctor Appointment System 1.0 allows an unauthenticated attacker to insert malicious SQL queries via firstname...
7.5CVSS
8AI Score
0.121EPSS
CirCarLife Scada <4.3 - System Log Exposure
CirCarLife Scada before 4.3 allows remote attackers to obtain sensitive information via a direct request for the html/log or services/system/info.html URI. CirCarLife is an internet-connected electric vehicle charging...
9.8CVSS
9.1AI Score
0.944EPSS