MinIO information disclosure vulnerability in github.com/minio/minio
MinIO information disclosure vulnerability in...
5.3CVSS
5AI Score
0.0004EPSS
An issue in Shenzhen Weitillage Industrial Co., Ltd the access management specialist V6.62.51215 allows a remote attacker to obtain sensitive...
0.001EPSS
Stack-based buffer overflow in DMitry (Deepmagic Information Gathering Tool) version 1.3a (Unix) allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a long argument. An example threat model is automated execution of DMitry with hostname...
9.8CVSS
9.6AI Score
0.012EPSS
An issue in Shenzhen Weitillage Industrial Co., Ltd the access management specialist V6.62.51215 allows a remote attacker to obtain sensitive...
7.5CVSS
0.001EPSS
SimpleSAMLphp Information Disclosure vulnerability
Background SimpleSAMLphp 1.17 includes a preview of the new user interface to be included in the future version 2.0. This new user interface can be enabled by setting the usenewui configuration option to true, and it includes a new admin interface in a module called admin, which can be disabled....
6.8AI Score
TCExam <= 14.8.1 - Sensitive Information Exposure
When installed following the default/recommended settings, TCExam <= 14.8.1 allowed unauthenticated users to access the /cache/backup/ directory, which includes sensitive database backup...
7.5CVSS
7.5AI Score
0.01EPSS
Akkadian Provisioning Manager - Information Disclosure
Akkadian Provisioning Manager is susceptible to information disclosure. The restricted shell provided can be escaped by abusing the Edit MySQL Configuration command. This command launches a standard VI editor interface which can then be...
7.9CVSS
4.5AI Score
0.002EPSS
WordPress Metform <=2.1.3 - Information Disclosure
WordPress Metform plugin through 2.1.3 is susceptible to information disclosure due to improper access control in the ~/core/forms/action.php file. An attacker can view all API keys and secrets of integrated third-party APIs such as that of PayPal, Stripe, Mailchimp, Hubspot, HelpScout, reCAPTCHA.....
7.5CVSS
7.2AI Score
0.033EPSS
Hongdian H8922 3.0.5 - Information Disclosure
Hongdian H8922 3.0.5 is susceptible to information disclosure. An attacker can access cli.conf (with the administrator password and other sensitive data) via /backup2.cgi and thereby possibly obtain sensitive information, modify data, and/or execute unauthorized...
5.5CVSS
5.5AI Score
0.003EPSS
Eclipse Jetty ConcatServlet - Information Disclosure
Eclipse Jetty through 9.4.40, through 10.0.2, and through 11.0.2 is susceptible to information disclosure. Requests to the ConcatServlet with a doubly encoded path can access protected resources within the WEB-INF directory, thus enabling an attacker to potentially obtain sensitive information,...
5.3CVSS
5.4AI Score
0.006EPSS
Typo3 Information Disclosure in User Authentication
It has been discovered that login failures have been logged on the default stream with log level "warning" including plain-text user...
7.3AI Score
Typo3 Information Disclosure in User Authentication
It has been discovered that login failures have been logged on the default stream with log level "warning" including plain-text user...
7.3AI Score
IBM QRadar SIEM 7.5 could disclose sensitive email information in responses from offense rules. IBM X-Force ID: ...
5.3CVSS
5AI Score
0.0004EPSS
Important: pcp security update
Performance Co-Pilot (PCP) is a suite of tools, services, and libraries for acquisition, archiving, and analysis of system-level performance measurements. Its light-weight distributed architecture makes it particularly well-suited to centralized analysis of complex systems. Security Fix(es): pcp:.....
8.8CVSS
7.1AI Score
0.0004EPSS
FleetCart 4.1.1 - Information Disclosure
Issues with information disclosure in redirect responses. Accessing the majority of the website's pages exposes sensitive data, including the "Razorpay"...
5.3CVSS
6.7AI Score
0.001EPSS
Vulnerability: Information Leak in Print Spooler [#b/277961001 H]
In multiple files, there is a possible way that trimmed content could be included in PDF output due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...
6.4AI Score
0.0004EPSS
Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Python Requests
POC for CVE-2023-32681 This is a Python 3 implementation of...
6.1CVSS
7.4AI Score
0.002EPSS
rConfig <3.9.4 - Sensitive Information Disclosure
rConfig prior to version 3.9.4 is susceptible to sensitive information disclosure. An unauthenticated attacker can retrieve saved cleartext credentials via a GET request to settings.php. Because the application does not exit after a redirect is applied, the rest of the page still executes,...
7.5CVSS
7.2AI Score
0.016EPSS
Typo3 Information Disclosure in Page Tree
It has been discovered backend users not having read access to specific pages still could see them in the page tree which actually should be disallowed. A valid backend user account is needed in order to exploit this...
6.8AI Score
Typo3 Information Disclosure in Page Tree
It has been discovered backend users not having read access to specific pages still could see them in the page tree which actually should be disallowed. A valid backend user account is needed in order to exploit this...
6.8AI Score
MicroStrategy Web 10.4 - Information Disclosure
MicroStrategy Web 10.4 is susceptible to information disclosure. The JVM configuration, CPU architecture, installation folder, and other information are exposed through /MicroStrategyWS/happyaxis.jsp. An attacker can use this vulnerability to learn more about the application environment and...
7.5CVSS
7.4AI Score
0.666EPSS
WordPress Directorist <7.3.1 - Information Disclosure
WordPress Directorist plugin before 7.3.1 is susceptible to information disclosure. The plugin discloses the email address of all users in an AJAX action available to both unauthenticated and authenticated...
5.3CVSS
5AI Score
0.037EPSS
Elasticsearch 7.10.0-7.13.3 - Information Disclosure
ElasticSsarch 7.10.0 to 7.13.3 is susceptible to information disclosure. A user with the ability to submit arbitrary queries can submit a malformed query that results in an error message containing previously used portions of a data buffer. This buffer can contain sensitive information such as...
6.5CVSS
6.3AI Score
0.962EPSS
HP Advance Mobile Application – Potential Information Disclosure
HP Advance Mobile Applications for iOS and Android are potentially vulnerable to information disclosure when using an outdated version of the application via mobile devices. Update your...
6.5AI Score
0.0004EPSS
Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Fit2Cloud Jumpserver
CVE-2023-42820 CVE-2023-42820 漏洞说明 JumpServer 密码重置漏洞...
8.2CVSS
8.3AI Score
0.0005EPSS
Cross Site Scripting vulnerability in Hangzhou Meisoft Information Technology Co., Ltd. Finesoft v.8.0 and before allows a remote attacker to execute arbitrary code via a crafted...
7.3AI Score
0.0004EPSS
Cross Site Scripting vulnerability in Hangzhou Meisoft Information Technology Co., Ltd. Finesoft v.8.0 and before allows a remote attacker to execute arbitrary code via a crafted...
7.2AI Score
0.0004EPSS
securenvoy-cve-2024-37393 RESPONSIBLE DISCLOSURE...
7.5CVSS
7.7AI Score
0.013EPSS
Cross Site Scripting vulnerability in Hangzhou Meisoft Information Technology Co., Ltd. Finesoft v.8.0 and before allows a remote attacker to execute arbitrary code via a crafted...
0.0004EPSS
Reolink E1 Zoom Camera <=3.0.0.716 - Information Disclosure
Reolink E1 Zoom camera through 3.0.0.716 is susceptible to information disclosure. The web server discloses its configuration via the /conf/ directory that is mapped to a publicly accessible path. An attacker with network-level access to the camera can can download the entire NGINX/FastCGI...
7.5CVSS
7.3AI Score
0.01EPSS
Jira Server and Data Center - Information Disclosure
Jira Server and Data Center is susceptible to information disclosure. An attacker can enumerate users via the /ViewUserHover.jspa endpoint and thus potentially access sensitive information, modify data, and/or execute unauthorized operations. Affected versions are before version 7.13.6, from...
5.3CVSS
5AI Score
0.965EPSS
Cross Site Scripting vulnerability in Hangzhou Meisoft Information Technology Co., Ltd. Finesoft v.8.0 and before allows a remote attacker to execute arbitrary code via a crafted...
0.0004EPSS
JD Edwards EnterpriseOne Tools 9.2 - Information Disclosure
JD Edwards EnterpriseOne Tools 9.2 is susceptible to information disclosure via the Monitoring and Diagnostics component. An attacker with network access via HTTP can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the...
9.8CVSS
9.2AI Score
0.199EPSS
PKP Open Journal Systems 2.4.8-3.3 - Cross-Site Scripting
PKP Open Journal Systems 2.4.8 to 3.3 contains a cross-site scripting vulnerability which allows remote attackers to inject arbitrary code via the X-Forwarded-Host...
6.1CVSS
6.2AI Score
0.002EPSS
Cross Site Scripting vulnerability in Hangzhou Meisoft Information Technology Co., Ltd. Finesoft v.8.0 and before allows a remote attacker to execute arbitrary code via a crafted script to the login.jsp...
6.1CVSS
0.0005EPSS
EventON (Free < 2.2.8, Premium < 4.5.5) - Information Disclosure
The EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7 do not have authorization in an AJAX action, allowing unauthenticated users to retrieve email addresses of any users on the...
5.3CVSS
5.1AI Score
0.029EPSS
Seagate NAS OS 4.3.15.1 - Server Information Disclosure
Seagate NAS OS version 4.3.15.1 has insufficient access control which allows attackers to obtain information about the NAS without authentication via empty POST requests in...
7.5CVSS
7.5AI Score
0.014EPSS
Cisco RV110W RV130W RV215W Router - Information leakage
A vulnerability in the web-based management interface of Cisco RV110W, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to access the syslog file on an affected device. The vulnerability is due to improper authorization of an HTTP request. An attacker could exploit this...
5.3CVSS
5.2AI Score
0.066EPSS
Jira Server and Data Center - Information Disclosure
Jira Server and Data Center is susceptible to information disclosure. An attacker can enumerate users via the QueryComponentRendererValue!Default.jspa endpoint and thus potentially access sensitive information, modify data, and/or execute unauthorized operations, Affected versions are before...
5.3CVSS
5AI Score
0.97EPSS
Cross Site Scripting vulnerability in Hangzhou Meisoft Information Technology Co., Ltd. Finesoft v.8.0 and before allows a remote attacker to execute arbitrary code via a crafted script to the login.jsp...
6.1CVSS
6.9AI Score
0.0005EPSS
Cross Site Scripting vulnerability in Hangzhou Meisoft Information Technology Co., Ltd. Finesoft v.8.0 and before allows a remote attacker to execute arbitrary code via a crafted script to the login.jsp...
7.2AI Score
0.0005EPSS
WAVLINK WN579 X3 M79X3.V5030.180719 - Information Disclosure
WAVLINK WN579 X3 M79X3.V5030.180719 is susceptible to information disclosure in /cgi-bin/ExportAllSettings.sh. An attacker can obtain sensitive router information via a crafted POST request and thereby possibly obtain additional sensitive information, modify data, and/or execute unauthorized...
7.5CVSS
7.4AI Score
0.013EPSS
Gitlab CE/EE 13.4 - 13.6.2 - Information Disclosure
GitLab CE and EE 13.4 through 13.6.2 is susceptible to Information disclosure via GraphQL. User email is visible. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected...
5.3CVSS
5.2AI Score
0.786EPSS
Cross Site Scripting vulnerability in Hangzhou Meisoft Information Technology Co., Ltd. Finesoft v.8.0 and before allows a remote attacker to execute arbitrary code via a crafted script to the login.jsp...
0.0005EPSS
ZendFramework Information Disclosure and Insufficient Entropy vulnerability
In Zend Framework, Zend_Captcha_Word (v1) and Zend\Captcha\Word (v2) generate a "word" for a CAPTCHA challenge by selecting a sequence of random letters from a character set. Prior to this advisory, the selection was performed using PHP's internal array_rand() function. This function does not...
6.6AI Score
ZendFramework Information Disclosure and Insufficient Entropy vulnerability
In Zend Framework, Zend_Captcha_Word (v1) and Zend\Captcha\Word (v2) generate a "word" for a CAPTCHA challenge by selecting a sequence of random letters from a character set. Prior to this advisory, the selection was performed using PHP's internal array_rand() function. This function does not...
6.6AI Score
Keycloak exposes sensitive information in Pushed Authorization Requests (PAR)
A flaw was found in Keycloak in the OAuth 2.0 Pushed Authorization Requests (PAR). Client provided parameters were found to be included in plain text in the KC_RESTART cookie returned by the authorization server's HTTP response to a request_uri authorization request. This could lead to an...
6.6AI Score
co-iki.org Cross Site Scripting vulnerability OBB-3898416
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
turn8.co Cross Site Scripting vulnerability OBB-3899708
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
FileOrganizer < 1.0.8 - Sensitive Information Exposure via Directory Listing
Description The FileOrganizer – Manage WordPress and Website Files plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.7 via the 'fileorganizer_ajax_handler' function. This makes it possible for unauthenticated attackers to extract...
7.5CVSS
6.6AI Score
0.001EPSS