FileOrganizer < 1.0.8 - Sensitive Information Exposure via Directory Listing
Description The FileOrganizer – Manage WordPress and Website Files plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.7 via the 'fileorganizer_ajax_handler' function. This makes it possible for unauthenticated attackers to extract...
7.5CVSS
6.6AI Score
0.001EPSS
Unspecified vulnerability in HP Systems Insight Manager (SIM) 5.3, 5.3 Update 1, and 6.0 allows remote attackers to obtain sensitive information and modify data via unknown...
6.4AI Score
0.002EPSS
Open Graph < 1.11.3 - Unauthenticated Sensitive Information Exposure
Description The Open Graph plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.11.2 via the 'opengraph_default_description' function. This makes it possible for unauthenticated attackers to extract sensitive data including partial content of....
5.3CVSS
6.5AI Score
0.001EPSS
Custom Field Template < 2.6.2 - Authenticated(Contributor+) Information Exposure
Description The Custom Field Template plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.1 via the 'cft' shortcode. This makes it possible for authenticated attackers with contributor access and above, to extract sensitive data including.....
4.3CVSS
6.5AI Score
0.0004EPSS
Typo3 Information Disclosure in Backend User Interface
The element information component used to display properties of a certain record is susceptible to information disclosure. The list of references from or to the record is not properly checked for the backend user’s permissions. A valid backend user account is needed in order to exploit this...
6.7AI Score
LMS by Masteriyo < 1.6.8 - Information Exposure
The plugin does not properly safeguards sensitive user information, like other user's email addresses, making it possible for any students to leak them via some of the plugin's REST API...
6.5CVSS
6.4AI Score
0.004EPSS
LearnDash LMS < 4.10.2 - Sensitive Information Exposure
The LearnDash LMS plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.10.1 via API. This makes it possible for unauthenticated attackers to obtain access to...
5.3CVSS
5.4AI Score
0.01EPSS
Sensitive Information Disclosure
ezsystems/repository-forms is vulnerable to Sensitive Information Disclosure. The vulnerability is caused due to missing permission checks before allowing access to user data. Specifically, the system did not properly verify if the user had the 'content' edit permissions, which allowed...
6.7AI Score
Hangzhou Meisoft Information Technology Co., Ltd. FineSoft <=8.0 is affected by Cross Site Scripting (XSS) which allows remote attackers to execute arbitrary code. Enter any account and password, click Login, the page will report an error, and a controllable parameter will appear at the...
6.7AI Score
0.0005EPSS
Hangzhou Meisoft Information Technology Co., Ltd. FineSoft <=8.0 is affected by Cross Site Scripting (XSS) which allows remote attackers to execute arbitrary code. Enter any account and password, click Login, the page will report an error, and a controllable parameter will appear at the...
6.1CVSS
0.0005EPSS
coldbox-elixir is vulnerable to Information Disclosure. The vulnerability exists because the library does not securely define environment variables in the defaultConfig.js variable handler, allowing an attacker to access sensitive...
7.5CVSS
6.8AI Score
0.001EPSS
Hangzhou Meisoft Information Technology Co., Ltd. FineSoft <=8.0 is affected by Cross Site Scripting (XSS) which allows remote attackers to execute arbitrary code. Enter any account and password, click Login, the page will report an error, and a controllable parameter will appear at the...
0.0005EPSS
Time-Based Information Disclosure Vulnerability in Flow
The PersistedUsernamePasswordProvider was prone to a information disclosure of account existance based on timing attacks as the hashing of passwords was only done in case an account was found. We changed the core so that the provider always does a password comparison in case credentials were...
6.9AI Score
Typo3 Information Disclosure in Backend User Interface
The element information component used to display properties of a certain record is susceptible to information disclosure. The list of references from or to the record is not properly checked for the backend user’s permissions. A valid backend user account is needed in order to exploit this...
6.7AI Score
Sensitive Information Disclosure
github.com/goreleaser/goreleaser is vulnerable to Sensitive Information Disclosure. The vulnerability is due to the change in log output level from DEBUG to INFO, which could allow an attacker with access to the build logs to view sensitive environment information when the go build output is...
6.6AI Score
Mattermost Exposure of Sensitive Information to an Unauthorized Actor vulnerability
Mattermost fails to check whether the "Allow users to view archived channels" setting is enabled during permalink previews display, allowing members to view permalink previews of archived channels even if the "Allow users to view archived channels" setting is...
4.3CVSS
4.6AI Score
0.0004EPSS
Adlisting Classified Ads 2.14.0 - Information Disclosure
Information disclosure issue in the redirect responses, When accessing any page on the website, Sensitive data, such as API keys, server keys, and app IDs, is being exposed in the body of these...
7.5CVSS
7.5AI Score
0.094EPSS
Smart Office Web 20.28 - Information Disclosure
An issue was discovered in Smart Office Web 20.28 and earlier allows attackers to download sensitive information via the action name parameter to ExportEmployeeDetails.aspx, and to...
7.5CVSS
7.3AI Score
0.015EPSS
WordPress Sensei LMS <4.5.0 - Information Disclosure
WordPress Sensei LMS plugin before 4.5.0 is susceptible to information disclosure. The plugin does not have proper permissions set in a REST endpoint, which can allow an attacker to access private...
5.3CVSS
4.9AI Score
0.005EPSS
CommScope Ruckus IoT Controller - Information Disclosure
CommScope Ruckus IoT Controller is susceptible to information disclosure vulnerabilities because a 'service details' API endpoint discloses system and configuration information to an attacker without requiring authentication. This information includes DNS and NTP servers that the devices use for...
9.8CVSS
9.2AI Score
0.347EPSS
Hangzhou Meisoft Information Technology Co., Ltd. FineSoft <=8.0 is affected by Cross Site Scripting (XSS) which allows remote attackers to execute arbitrary code. Enter any account and password, click Login, the page will report an error, and a controllable parameter will appear at the...
6.1CVSS
6.5AI Score
0.0005EPSS
Events information leaked with shared calendars on recurrence exceptions
Description Impact Private shared calendar events' recurrence exceptions can be read by sharees. Patches It is recommended that the Nextcloud Server is upgraded to 27.1.10 or 28.0.6 or 29.0.1 It is recommended that the Nextcloud Enterprise Server is upgraded to 27.1.10 or 28.0.6 or 29.0.1...
3.5CVSS
6.5AI Score
0.0004EPSS
Time-Based Information Disclosure Vulnerability in Flow
The PersistedUsernamePasswordProvider was prone to a information disclosure of account existance based on timing attacks as the hashing of passwords was only done in case an account was found. We changed the core so that the provider always does a password comparison in case credentials were...
6.9AI Score
AfterLogic Aurora and WebMail Pro < 7.7.9 - Information Disclosure
AfterLogic Aurora and WebMail Pro products with 7.7.9 and all lower versions are affected by this vulnerability, simply sending an HTTP GET request to WebDAV EndPoint with built-in “caldav_public_user@localhost” and it’s the predefined password “caldav_public_user” allows the attacker to read all.....
7.5CVSS
7.5AI Score
0.22EPSS
Lotus Domino R5 and R6 WebMail - Information Disclosure
Lotus Domino R5 and R6 WebMail with 'Generate HTML for all fields' enabled (which is by default) allows remote attackers to read the HTML source to obtain sensitive information including the password hash in the HTTPPassword field, the password change date in the HTTPPasswordChangeDate field, and.....
5.8AI Score
0.012EPSS
Puppet Server/PuppetDB - Sensitive Information Disclosure
Puppet Server and PuppetDB provide useful performance and debugging information via their metrics API endpoints, which may contain sensitive information when left...
7.5CVSS
7.3AI Score
0.073EPSS
Cisco RV132W/RV134W Router - Information Disclosure
Cisco RV132W ADSL2+ Wireless-N VPN Routers and Cisco RV134W VDSL2 Wireless-AC VPN Routers could allow an unauthenticated, remote attacker to view configuration parameters for an affected device via the web interface, which could lead to the disclosure of confidential...
9.8CVSS
9.4AI Score
0.1EPSS
Mattermost Exposure of Sensitive Information to an Unauthorized Actor vulnerability
Mattermost fails to properly validate the "Show Full Name" option in a few endpoints in Mattermost Boards, allowing a member to get the full name of another user even if the Show Full Name option was...
4.3CVSS
4.6AI Score
0.0004EPSS
Mattermost Exposure of Sensitive Information to an Unauthorized Actor vulnerability
Mattermost is grouping calls in the /metrics endpoint by id and reports that id in the response. Since this id is the channelID, the public /metrics endpoint is revealing...
5.3CVSS
5.3AI Score
0.0005EPSS
Denial Of Service (DoS) / Information Disclosure
io.airlift: aircompressor is vulnerable to Denial Of Service (DoS) / Information Disclosure. The vulnerability is due to improper memory bounds checking during data decompression, caused by the use of the sun.misc.Unsafe class without additional safeguards. This can lead to out-of-bounds memory...
8.6CVSS
7AI Score
0.0004EPSS
TYPO3 Information Disclosure in User Authentication
It has been discovered that login failures have been logged on the default stream with log level "warning" including plain-text user...
7.3AI Score
Digital Watchdog DW Spectrum Server 4.2.0.32842 - Information Disclosure
Digital Watchdog DW Spectrum Server 4.2.0.32842 allows attackers to access sensitive infromation via a crafted API...
7.5CVSS
7.4AI Score
0.008EPSS
LearnDash LMS < 4.10.2 - Sensitive Information Exposure via assignments
The LearnDash LMS plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.10.1 via direct file access due to insufficient protection of uploaded assignments. This makes it possible for unauthenticated attackers to obtain those...
5.3CVSS
5.5AI Score
0.01EPSS
TYPO3 Information Disclosure in User Authentication
It has been discovered that login failures have been logged on the default stream with log level "warning" including plain-text user...
7.3AI Score
TYPO3 Information Disclosure in Install Tool
The Install Tool exposes the current TYPO3 version number to non-authenticated...
7AI Score
User Meta WP Plugin < 3.1 - Sensitive Information Exposure
The User Meta is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.0 via the /views/debug.php file. This makes it possible for unauthenticated attackers, with to extract sensitive configuration...
5.3CVSS
5.1AI Score
0.001EPSS
Zend-Captcha Information Disclosure and Insufficient Entropy vulnerability
In Zend Framework, Zend_Captcha_Word (v1) and Zend\Captcha\Word (v2) generate a "word" for a CAPTCHA challenge by selecting a sequence of random letters from a character set. Prior to this advisory, the selection was performed using PHP's internal array_rand() function. This function does not...
6.6AI Score
Exposure Of Sensitive Information To An Unauthorized Actor
Moodle is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor. The vulnerability is due to misconfiguration in a shared hosting environment, allowing a user with access to restore workshop modules and direct access to the web server outside of the Moodle webroot to execute a...
6.4AI Score
0.0004EPSS
An update is available for pcp. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Performance Co-Pilot (PCP) is a suite of tools, services, and libraries for...
8.8CVSS
7.2AI Score
0.0004EPSS
TYPO3 Information Disclosure in Page Tree
It has been discovered backend users not having read access to specific pages still could see them in the page tree which actually should be disallowed. A valid backend user account is needed in order to exploit this...
6.8AI Score
Zendframework Potential Information Disclosure and Insufficient Entropy vulnerability
In Zend Framework, Zend_Captcha_Word (v1) and Zend\Captcha\Word (v2) generate a "word" for a CAPTCHA challenge by selecting a sequence of random letters from a character set. Prior to this advisory, the selection was performed using PHP's internal array_rand() function. This function does not...
6.6AI Score
TYPO3 Information Disclosure in Install Tool
The Install Tool exposes the current TYPO3 version number to non-authenticated...
7AI Score
ZendFramework Potential Information Disclosure and Insufficient Entropy vulnerabilities
In Zend Framework 2, the Zend\Math\Rand component generates random bytes using the OpenSSL or Mcrypt extensions when available but will otherwise use PHP's mt_rand() function as a fallback. All outputs from mt_rand() are predictable for the same PHP process if an attacker can brute force the seed.....
7.3AI Score
Release Information for Veeam Backup & Replication 12.1 and Updates
Release Information for Veeam Backup & Replication 12.1 and...
7.2AI Score
TYPO3 Information Disclosure in Page Tree
It has been discovered backend users not having read access to specific pages still could see them in the page tree which actually should be disallowed. A valid backend user account is needed in order to exploit this...
6.8AI Score
Zend-Captcha Information Disclosure and Insufficient Entropy vulnerability
In Zend Framework, Zend_Captcha_Word (v1) and Zend\Captcha\Word (v2) generate a "word" for a CAPTCHA challenge by selecting a sequence of random letters from a character set. Prior to this advisory, the selection was performed using PHP's internal array_rand() function. This function does not...
6.6AI Score
Hashicorp Vault may expose sensitive log information in github.com/hashicorp/vault
Hashicorp Vault may expose sensitive log information in...
6.5CVSS
6.4AI Score
0.001EPSS
Security Bulletin: IBM QRadar Suite software is vulnerable to information exposure
Summary IBM QRadar Suite software is vulnerable to information exposure through cache data. This has been updated in the latest release and vulnerabilities have been addressed. Please follow the instructions in the Remediation/Fixes section below to update to the latest version. Vulnerability...
4CVSS
6.7AI Score
0.0004EPSS
Cilium leaks sensitive information in cilium-bugtool in github.com/cilium/cilium
Cilium leaks sensitive information in cilium-bugtool in...
7.9CVSS
6.7AI Score
0.0004EPSS
APM Server vulnerable to Insertion of Sensitive Information into Log File
An issue was discovered whereby APM Server could log at ERROR level, a response from Elasticsearch indicating that indexing the document failed and that response would contain parts of the original document. Depending on the nature of the document that the APM Server attempted to ingest, this...
7.5CVSS
6.5AI Score
0.001EPSS