Loading...
Loading...
8,722 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
Discourse is an open-source discussion platform. Prior to version 3.2.3 on the `stable` branch and version 3.3.0.beta4 on the `beta` and `tests-passed` branches, moderators using the review queue to review users may see a users email addre…
A security agent link following vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to disclose sensitive information about the agent on affected installations. Please note: an attacker must firs…
Import functionality is vulnerable to DNS rebinding attacks between verification and processing of the URL. Project administrators can run these imports, which could cause Allura to read from internal services and expose them. This issu…
A flaw was found in Keycloak. Certain endpoints in Keycloak's admin REST API allow low-privilege users to access administrative functionalities. This flaw allows users to perform actions reserved for administrators, potentially leading to …
The Premium SEO Pack – WP SEO Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.6.002. This makes it possible for unauthenticated attackers to view limited information fro…
The WP STAGING and WP STAGING Pro plugins for WordPress are vulnerable to Sensitive Information Exposure in versions up to, and including, 3.4.3, and versions up to, and including, 5.4.3, respectively, via the ajaxSendReport function. This…
Incorrect access control in Teldat M1 v11.00.05.50.01 allows attackers to obtain sensitive information via a crafted query string.
A vulnerability classified as problematic has been found in Zhejiang Land Zongheng Network Technology O2OA up to 20240403. Affected is an unknown function of the file /x_portal_assemble_surface/jaxrs/portal/list?v=8.2.3-4-43f4fe3. The mani…
In the Linux kernel, the following vulnerability has been resolved: uio_hv_generic: Don't free decrypted memory In CoCo VMs it is possible for the untrusted host to cause set_memory_encrypted() or set_memory_decrypted() to fail such that…
In the Linux kernel, the following vulnerability has been resolved: ALSA: hda: intel-sdw-acpi: fix usage of device_get_named_child_node() The documentation for device_get_named_child_node() mentions this important point: " The caller is…
In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, an authenticated user could run risky commands using the permissions of a higher-privileged user to bypass…
Information exposure vulnerability in OpenGnsys affecting version 1.1.1d (Espeto). This vulnerability allows an attacker to view a php backup file (controlaccess.php-LAST) where database credentials are stored.
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Membership Software WishList Member X.This issue affects WishList Member X: from n/a before 3.26.7.
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Membership Software WishList Member X.This issue affects WishList Member X: from n/a before 3.26.7.
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Automattic Newspack Blocks.This issue affects Newspack Blocks: from n/a through 3.0.8.
An issue in `.npmrc` support in Deno 1.44.0 was discovered where Deno would send `.npmrc` credentials for the scope to the tarball URL when the registry provided URLs for a tarball on a different domain. All users relying on .npmrc are pot…
A flaw was found in foreman-installer when puppet-candlepin is invoked cpdb with the --password parameter. This issue leaks the password in the process list and allows an attacker to take advantage and obtain the password.
Under certain conditions SAP NetWeaver Application Server for ABAP and ABAP Platform allows an attacker to access remote-enabled function module with no further authorization which would otherwise be restricted, the function can be used to…
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Starting in version 1.13.0 and prior to versions 1.13.7, 1.14.12, and 1.15.6, the output of `cilium-bugtool` can contain sensitive data when the too…
Azure Science Virtual Machine (DSVM) Elevation of Privilege Vulnerability
The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.9.15 via the ajax_load_more(…
An External XML Entity (XXE) vulnerability in the provisioning web service of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to leak API secrets.
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Pauple Table & Contact Form 7 Database – Tablesome.This issue affects Table & Contact Form 7 Database – Tablesome: from n/a through 1.0.33.
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Ninja Team FileBird Document Library.This issue affects FileBird Document Library: from n/a through 2.0.6.
aEnrich Technology a+HRD's functionality for front-end retrieval of system configuration values lacks proper restrictions on a specific parameter, allowing attackers to modify this parameter to access certain sensitive system configuration…
A vulnerability of Information Exposure has been found on Technicolor CGA2121 affecting the version 1.01, this vulnerability allows a local attacker to obtain sensitive information stored on the device such as wifi network's SSID and their…
Lobe Chat is an open-source LLMs/AI chat framework. In affected versions if an attacker can successfully authenticate through SSO/Access Code, they can obtain the real backend API Key by modifying the base URL to their own attack URL on th…
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wp2speed WP2Speed Faster allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WP2Speed Faster: from n/a through 1.0.1.
A vulnerability has been identified in SIMATIC Reader RF610R CMIIT (6GT2811-6BC10-2AA0) (All versions < V4.2), SIMATIC Reader RF610R ETSI (6GT2811-6BC10-0AA0) (All versions < V4.2), SIMATIC Reader RF610R FCC (6GT2811-6BC10-1AA0) (All versi…
Microsoft Message Queuing Information Disclosure Vulnerability
Microsoft Outlook Spoofing Vulnerability
Windows Themes Spoofing Vulnerability
Windows Kernel Information Disclosure Vulnerability
Microsoft Office Spoofing Vulnerability
In XIQ-SE before 24.2.11, a server misconfiguration may allow user enumeration when specific conditions are met.
Shenzhen Guoxin Synthesis image system before 8.3.0 allows unauthorized user information retrieval via the queryUser API.
GeoServer is an open source server that allows users to share and edit geospatial data. org.geowebcache.GeoWebCacheDispatcher.handleFrontPage(HttpServletRequest, HttpServletResponse) has no check to hide potentially sensitive information f…
An exposure of sensitive information vulnerability has been reported to affect QNAP AI Core. If exploited, the vulnerability could allow remote attackers to compromise the security of the system. We have already fixed the vulnerability in…
An authentication bypass vulnerability can allow a low privileged attacker to access the NTLM hash of service account on the VSPC server.
The Contact Form 7 Database Addon – CFDB7 plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 1.2.6.8 via the cfdb7_before_send_mail function. This can allow unauthenticated attackers to…
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in MBE Worldwide S.P.A. MBE eShip allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects MBE eShip: from n/a through 2.1.2.
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in HitPay Payment Solutions Pte Ltd HitPay Payment Gateway for WooCommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects HitPay P…
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Olive Themes Olive One Click Demo Import allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Olive One Click Demo Import: from n/a t…
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Weblizar Coming Soon allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Coming Soon: from n/a through 1.6.3.
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in David Maucher Send Users Email allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Send Users Email: from n/a through 1.5.1.
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Dylan James Zephyr Project Manager.This issue affects Zephyr Project Manager: from n/a through 3.3.99.
EDK2 contains a vulnerability in BIOS where an attacker may cause “Exposure of Sensitive Information to an Unauthorized Actor” by local access. Successful exploitation of this vulnerability will lead to possible information disclosur…
vaeThink 1.0.2 is vulnerable to Information Disclosure via the system backend,access management administrator function.
An information disclosure vulnerability in ISPmanager v6.98.0 allows attackers to access sensitive details of the root user's session via an arbitrary command (ISP6-1779).
Best House Rental Management System v1.0 was discovered to contain an arbitrary file read vulnerability via the Page parameter at index.php. This vulnerability allows attackers to read arbitrary PHP files and access other sensitive informa…
EchelonGraph correlates every CVE — across CWE-200 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →