libshadow.so is vulnerable to Information Disclosure. The vulnerability exists in change_passwd function at gpasswd.c because the password field is not properly zeroed out if the confirmation...
5.5CVSS
7.1AI Score
0.0004EPSS
elFinder <= 2.1.44 Information Disclosure Vulnerability
elFinder is prone to an information disclosure...
5.9CVSS
5.5AI Score
0.002EPSS
6.5AI Score
Apache ServiceComb Service-Center Exposure of Sensitive Information to an Unauthorized Actor vulnerability in...
7.5CVSS
6.6AI Score
0.001EPSS
Ecava IntegraXor < 4.1.4410 Information Disclosure
The version of Ecava IntegraXor installed on the remote host is a version prior to 4.1 Build 4410. It is, therefore, affected by an unspecified information disclosure...
2.2AI Score
Microsoft Windows Process Module Information
Report details on the running processes modules on the machine. This plugin is informative only and could be used for forensic investigation, malware detection, and to that confirm your system processes conform to your system...
1.3AI Score
An issue in Bento4 Bento v.1.6.0-641 allows a remote attacker to execute arbitrary code via the...
7.8AI Score
0.0004EPSS
An issue in Bento4 Bento v.1.6.0-641 allows a remote attacker to execute arbitrary code via the...
7.9AI Score
0.0004EPSS
An issue in Bento4 Bento v.1.6.0-641 allows a remote attacker to execute arbitrary code via the...
7.8AI Score
0.0004EPSS
WP Job Manager < 2.3.0 - Unauthenticated Information Exposure
Description The WP Job Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2.2. This makes it possible for unauthenticated attackers to extract sensitive user or configuration...
5.3CVSS
6.3AI Score
0.0004EPSS
exim is vulnerable to Information Disclosure. The vulnerability exists due to the absence of validation for user-supplied data during the handling of NTLM challenge requests. This allows an attacker to read beyond allocated data structures, potentially leading to the disclosure of information...
3.7CVSS
6.2AI Score
0.001EPSS
Release Information for Hitachi Plug-In for Veeam Backup & Replication
Release Information for Hitachi Plug-In for Veeam Backup &...
0.6AI Score
Atlassian Jira < 9.4.21 Information Disclosure
According to its self-reported version number, the Atlassian Jira application running on the remote host is prior to 9.4.21, 9.5.x prior to 9.12.8 or 9.13.x prior to 9.16.0. It is, therefore, affected by an information disclosure vulnerability. Note that the scanner has not tested for these issues....
7AI Score
Security Bulletin: AIX is vulnerable to information disclosure due to openCryptoki (CVE-2024-0914)
Summary Vulnerability in openCryptoki could allow a remote attacker to obtain sensitive information (CVE-2024-0914). Vulnerability Details ** CVEID: CVE-2024-0914 DESCRIPTION: **openCryptoki could allow a remote attacker to obtain sensitive information, caused by a flaw when processing RSA PKCS#1.....
5.9CVSS
6AI Score
0.001EPSS
7.4AI Score
Magento Information Disclosure via File upload functionality
An arbitrary file access vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can leverage file upload controller for downloadable products to read/delete an arbitary...
8.8CVSS
6.7AI Score
0.001EPSS
exim4 is vulnerable to Information Disclosure. An out-of-bounds read vulnerability exists in the smtp service of Exim which allows an attacker to disclose sensitive information on a vulnerable system by sending a specially crafted SMTP...
3.1CVSS
6.3AI Score
0.001EPSS
Release Information for Veeam Backup & Replication 11a Cumulative Patches
Release Information for Veeam Backup & Replication 11a Cumulative...
1.1AI Score
Summary IBM Sterling Partner Engagement Manager is vulnerable to information disclosure. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details ** CVEID: CVE-2022-35718 DESCRIPTION: **IBM Sterling Partner Engagement Manager stores sensitive information in.....
6AI Score
EPSS
7.5CVSS
6.7AI Score
0.013EPSS
This plugin displays, for each tested host, information about the scan itself : The version of the plugin set. The type of scanner (Nessus or Nessus Home). The version of the Nessus Engine. The port scanner(s) used. The port range scanned. The ping round trip time Whether credentialed or...
7.1AI Score
Kimai information disclosure vulnerability
A vulnerability was found in Kimai up to 2.15.0 and classified as problematic. Affected by this issue is some unknown functionality of the component Session Handler. The manipulation of the argument PHPSESSIONID leads to information disclosure. The attack may be launched remotely. The complexity...
3.7CVSS
4.1AI Score
0.0004EPSS
9.8CVSS
10AI Score
0.975EPSS
7.5CVSS
7.1AI Score
EPSS
OpenStack Identity Keystone Exposure of Sensitive Information
The catalog url replacement in OpenStack Identity (Keystone) before 2013.2.3 and 2014.1 before 2014.1.2.1 allows remote authenticated users to read sensitive configuration options via a crafted endpoint, as demonstrated by "$(admin_token)" in the publicurl endpoint...
6.5AI Score
0.003EPSS
Kimai information disclosure vulnerability
A vulnerability was found in Kimai up to 2.15.0 and classified as problematic. Affected by this issue is some unknown functionality of the component Session Handler. The manipulation of the argument PHPSESSIONID leads to information disclosure. The attack may be launched remotely. The complexity...
3.7CVSS
6.4AI Score
0.0004EPSS
apache-airflow is vulnerable to Information Disclosure. The vulnerability is found in the config_endpoint.py due to the fact that conf.getboolean("webserver", "expose_config") handles only the boolean cases and does not properly handle the case of non-sensitive-only. This oversight enables an...
4.3CVSS
6.7AI Score
0.0005EPSS
Academy LMS < 1.9.26 - Unauthenticated Sensitive Information Exposure
Description The Academy LMS – eLearning and online course solution for WordPress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.9.25. This makes it possible for unauthenticated attackers to extract sensitive user or configuration...
5.3CVSS
6.3AI Score
0.0004EPSS
com.sonymobile.jenkins.plugins.mq, mq-notifier is vulnerable to Information Disclosure. The vulnerability is due to logging potentially sensitive build parameters as part of debug information in build logs by default, which could lead to the unintentional exposure of sensitive...
6.6AI Score
0.0004EPSS
NextScripts: Social Networks Auto-Poster < 4.4.4 - Subscriber+ Sensitive Information Exposure
Description The plugin is vulnerable to Sensitive Information Exposure via the 'nxs_getExpSettings' function. This makes it possible for authenticated attackers, with subscriber access and above, to extract sensitive data including social network API keys and...
8.5CVSS
6.5AI Score
0.001EPSS
Microsoft Silverlight Information Disclosure Vulnerability (2890788)
This host is missing an important security update according to Microsoft Bulletin...
5.5CVSS
5.4AI Score
0.101EPSS
OS command injection vulnerability in WRC-X3200GST3-B v1.25 and earlier, and WRC-G01-W v1.24 and earlier allows a network-adjacent attacker with credentials to execute arbitrary OS commands by sending a specially crafted request to the...
8.1AI Score
0.0004EPSS
MinIO Information Disclosure (CVE-2023-28432)
The version of MinIO installed on the remote host is prior to RELEASE.2023-03-20T20-16-18Z. It is, therefore, affected by an information disclosure vulnerability. When deployed in a cluster/in distributed mode MinIO returns all environment variables, including 'MINIO_SECRET_KEY' and...
7.5CVSS
6.8AI Score
0.865EPSS
MSSQL Host Information in NTLM SSP
Nessus can obtain information about the host by examining the NTLM SSP challenge issued during NTLM authentication, over...
0.4AI Score
SEOPress < 7.7 - Information Exposure
Description The SEOPress – On-site SEO plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.6.1. This makes it possible for unauthenticated attackers to extract sensitive user or configuration...
5.3CVSS
6.7AI Score
0.0004EPSS
OpenStack Glance sensitive information disclosure via logs
OpenStack Image Registry and Delivery Service (Glance) 2013.2 through 2013.2.1 and Icehouse before icehouse-2 logs a URL containing the Swift store backend password when authentication fails and WARNING level logging is enabled, which allows local users to obtain sensitive information by reading...
6.7AI Score
0.0004EPSS
Dynamics 365 Integration < 1.3.18 - Unauthenticated Sensitive Information Exposure
Description The Dynamics 365 Integration plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.17 through publicly exposed log files. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in....
5.3CVSS
6AI Score
0.0004EPSS
apache-airflow is vulnerable to Information Exposure. The vulnerability is due a flaw in the "configuration" UI page when "non-sensitive-only" was set as webserver.expose_config configuration. An attacker can exploit this vulnerability by sending a specially crafted request to see sensitive...
6.6AI Score
0.0004EPSS
Microsoft Power BI Client JavaScript SDK Information Disclosure Vulnerability
Microsoft Power BI Client JavaScript SDK Information Disclosure...
6.5CVSS
6.2AI Score
0.001EPSS
CVE-2024-22352 IBM InfoSphere Information Server information disclosure
IBM InfoSphere Information Server 11.7 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: ...
6.5CVSS
6AI Score
0.0004EPSS
Microsoft Internet Information Services (IIS) Installed
Microsoft Internet Information Services installation (IIS) has been detected on the remote Windows...
0.6AI Score
IBM InfoSphere Information Governance Catalog Detection
The remote web server is running IBM InfoSphere Information Governance Catalog...
1.1AI Score
Oracle Endeca Information Discovery Studio Detection
Oracle Endeca Information Discovery Studio was detected on the remote host. Oracle Endeca Information Discovery Studio is a web based data discovery and analysis...
0.7AI Score
Clorius Controls ISC SCADA Information Disclosure
Nessus was able to obtain the contents of '/html/info.htm' on the remote Clorius Contols ISC SCADA device. This page may contain sensitive information such as the firmware version of the device, internal IP address, and MAC...
2AI Score
Google Sheets data source plugin for Grafana information disclosure vulnerability
Grafana is an open-source platform for monitoring and observability. The Google Sheets data source plugin for Grafana, versions 0.9.0 to 1.2.2 are vulnerable to an information disclosure vulnerability. The plugin did not properly sanitize error messages, making it potentially expose the Google...
7.5CVSS
6.7AI Score
0.001EPSS
Cross-site request forgery (CSRF) vulnerability in ELECOM wireless LAN routers and wireless LAN repeater allows a remote unauthenticated attacker to hijack the authentication of administrators and to perform unintended operations to the affected product. Note that WMC-X1800GST-B and WSC-X1800GS-B.....
7.1AI Score
0.0004EPSS
Moodle LaTeX Information Disclosure
The TeX filter included with the installed version of Moodle can be exploited to reveal the contents of files on the remote host, subject to the privileges under which the web server...
7.6AI Score
0.022EPSS
OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent attacker with an administrative privilege to execute arbitrary OS commands by sending a specially crafted request to the product. Note that WMC-X1800GST-B is also included in e-Mesh Starter Kit...
7.8AI Score
0.0004EPSS
Cilem Haber Information Disclosure Vulnerability
Cilem Haber is prone to an information disclosure...
6.9AI Score
Database Open Access Information Disclosure Vulnerability
Various Database server might be prone to an information disclosure vulnerability if accessible to remote...
7.3AI Score