A full path disclosure vulnerability was discovered in Matomo v3.9.1 where a user can trigger a particular error to discover the full path of Matomo on the disk, because lastError.file is used in plugins/CorePluginsAdmin/templates/safemode.twig. NOTE: the vendor disputes the significance of this...
4.3CVSS
4.6AI Score
0.001EPSS
The matomo_integration (aka Matomo Integration) extension before 1.3.2 for TYPO3 allows...
6.1CVSS
6.2AI Score
0.001EPSS
The official piwik Docker images before fpm-alpine (Alpine specific) contain a blank password for a root user. Systems using the Piwik Docker container deployed by affected versions of the Docker image may allow an remote attacker to achieve root...
9.8CVSS
7.8AI Score
0.007EPSS