Microsoft System Center Configuration Manager Database Information
ConfigMgr stores information such as clients it manages, OS version and software packages installed on the client in a database. Much of this information is exposed through Windows Management Instrumentation (WMI). By querying WMI, information about managed clients can be obtained. This script...
1.8AI Score
CVE-2024-4584 Faraday GM8181/GM828x command_port.ini information disclosure
A vulnerability, which was classified as problematic, has been found in Faraday GM8181 and GM828x up to 20240429. Affected by this issue is some unknown functionality of the file /command_port.ini. The manipulation leads to information disclosure. The attack may be launched remotely. The exploit...
5.3CVSS
5.3AI Score
0.0004EPSS
Kubernetes client-go vulnerable to Sensitive Information Leak via Log File
In Kubernetes, if the logging level is set to at least 9, authorization and bearer tokens will be written to log files. This can occur both in API server logs and client tool output like kubectl. This affects <= v1.19.5, <= v1.18.13, <= v1.17.15, <...
5.5CVSS
6.1AI Score
0.0004EPSS
CVE-2023-50937 IBM PowerSC information disclosure
IBM PowerSC 1.3, 2.0, and 2.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: ...
5.9CVSS
7.2AI Score
0.001EPSS
CVE-2023-50939 IBM PowerSC information Disclosure
IBM PowerSC 1.3, 2.0, and 2.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: ...
5.9CVSS
7.2AI Score
0.001EPSS
Summary DB2 JDBC driver is shipped with IBM Tivoli Netcool Impact as part of the db2 data source adapter. Information about security vulnerabilities affecting DB2 JDBC driver has been published in a security bulletin. Vulnerability Details ** CVEID: CVE-2023-47152 DESCRIPTION: **IBM Db2 for...
7.5CVSS
6.2AI Score
0.001EPSS
Kaseya VSA Information Disclosure Vulnerability - Active Check
Kaseya VSA is prone to an information disclosure...
6.9AI Score
CVE-2023-50939 IBM PowerSC information Disclosure
IBM PowerSC 1.3, 2.0, and 2.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: ...
5.9CVSS
7.3AI Score
0.001EPSS
A vulnerability, which was classified as problematic, has been found in Faraday GM8181 and GM828x up to 20240429. Affected by this issue is some unknown functionality of the file /command_port.ini. The manipulation leads to information disclosure. The attack may be launched remotely. The exploit...
5.3CVSS
5AI Score
0.0004EPSS
PHP 7.3.x < 7.3.2 Information Disclosure.
According to its banner, the version of PHP running on the remote web server is 7.3.x prior to 7.3.2. It is, therefore, affected by: An out-of-bounds read error exists in the dns_get_record function due to improper parsing of DNS responses. An unauthenticated, remote attacker can exploit...
7.5CVSS
8.5AI Score
0.606EPSS
VMware Harbor Information Disclosure (CVE-2019-19030)
An information disclosure vulnerability exists in Harbor versions 1.7.x prior to 1.10.3 and 2.x prior to 2.0.1. An unauthenticated, remote attacker can exploit an enumeration flaw to determine what resources...
5.3CVSS
2.1AI Score
0.001EPSS
Kubernetes client-go vulnerable to Sensitive Information Leak via Log File
In Kubernetes, if the logging level is set to at least 9, authorization and bearer tokens will be written to log files. This can occur both in API server logs and client tool output like kubectl. This affects <= v1.19.5, <= v1.18.13, <= v1.17.15, <...
5.5CVSS
6.1AI Score
0.0004EPSS
Microsoft SQL Server Information Disclosure Vulnerability (KB4036996)
Microsoft SQL Server is prone to an information disclosure ...
7.5CVSS
7.5AI Score
0.005EPSS
Microsoft SQL Server Information Disclosure Vulnerability (KB4019092)
This host is missing an important security update according to Microsoft...
7.5CVSS
7.4AI Score
0.005EPSS
A vulnerability, which was classified as problematic, has been found in Faraday GM8181 and GM828x up to 20240429. Affected by this issue is some unknown functionality of the file /command_port.ini. The manipulation leads to information disclosure. The attack may be launched remotely. The exploit...
5.3CVSS
6.2AI Score
0.0004EPSS
Microsoft XML Editor Information Disclosure Vulnerability (2543893)
This host is missing an important security update according to Microsoft Bulletin...
6.4AI Score
0.009EPSS
Sensitive Information Disclosure
github.com/apache/solr-operator is vulnerable to Sensitive Information Disclosure. The vulnerability is due to the operator's mishandling of authentication credentials in log files, which could expose sensitive information such as usernames and...
6.6AI Score
0.0004EPSS
Sensitive Information Disclosure
Apache Linkis is vulnerable to Sensitive Information Disclosure. The vulnerability is caused by the inclusion of sensitive information (password) in the log statement. This potentially leads to exposure to sensitive...
6.3AI Score
0.0004EPSS
Atlassian Jira 9.13.x < 9.16.0 Information Disclosure
According to its self-reported version number, the Atlassian Jira application running on the remote host is prior to 9.4.21, 9.5.x prior to 9.12.8 or 9.13.x prior to 9.16.0. It is, therefore, affected by an information disclosure vulnerability. Note that the scanner has not tested for these issues....
7AI Score
Home Assistant Information Disclosure Vulnerability (Mar 2022)
Home Assistant OS and Home Assistant Supervised are prone to an information disclosure...
7.5CVSS
7.4AI Score
0.003EPSS
Microsoft SQL Server Information Disclosure Vulnerability (KB4019091)
Microsoft SQL Server is prone to an information disclosure ...
7.5CVSS
7.5AI Score
0.005EPSS
Symmetricom SyncServer Unauthenticated - Remote Command Execution
Microchip Technology (Microsemi) SyncServer S650 was discovered to contain a command injection...
9.8CVSS
9.9AI Score
0.762EPSS
Sensitive Information Disclosure
go is vulnerable to Sensitive Information Disclosure. The vulnerability is due to errors returned from MarshalJSON methods containing user-controlled data, which can break contextual auto-escaping behavior, leading to unexpected content injection into...
7.3AI Score
0.0004EPSS
eZ Publish Information disclosure in backend content tree menu
This security advisory fixes an information disclosure vulnerability in the legacy admin content tree menu. If a view has been disabled in site.ini [SiteAccessRules] Rules, and an attacker accesses the backend with the URL to this module, then the tree menu may be displayed. Since the tree menu...
6.6AI Score
Microsoft SQL Server Information Disclosure Vulnerability (KB4036996)
This host is missing an important security update according to Microsoft...
7.5CVSS
7.4AI Score
0.005EPSS
Microsoft ASP.NET Information Disclosure Vulnerability (2418042)
This host is missing a critical security update according to Microsoft Bulletin...
6.3AI Score
0.969EPSS
Microsoft Exchange Public Folders Information Leak
Microsoft Exchange Public Folders can be set to allow anonymous connections (set by default). If this is not changed it is possible for an attacker to gain critical information about the users (such as full email address, phone number, etc) that are present in the Exchange...
6.3AI Score
0.015EPSS
Microsoft SQL Server Information Disclosure Vulnerability (KB4019091)
This host is missing an important security update according to Microsoft...
7.5CVSS
7.4AI Score
0.005EPSS
A vulnerability classified as critical has been found in Shenzhen Youkate Industrial Facial Love Cloud Payment System up to 1.0.55.0.0.1. This affects an unknown part of the file /SystemMng.ashx of the component Account Handler. The manipulation of the argument operatorRole with the input 00 leads....
9.8CVSS
0.001EPSS
4.3CVSS
6.6AI Score
0.006EPSS
eZ Publish Information disclosure in backend content tree menu
This security advisory fixes an information disclosure vulnerability in the legacy admin content tree menu. If a view has been disabled in site.ini [SiteAccessRules] Rules, and an attacker accesses the backend with the URL to this module, then the tree menu may be displayed. Since the tree menu...
6.6AI Score
CVE-2024-4584 Faraday GM8181/GM828x command_port.ini information disclosure
A vulnerability, which was classified as problematic, has been found in Faraday GM8181 and GM828x up to 20240429. Affected by this issue is some unknown functionality of the file /command_port.ini. The manipulation leads to information disclosure. The attack may be launched remotely. The exploit...
5.3CVSS
5.1AI Score
0.0004EPSS
Sensitive Information Disclosure
Apache ZooKeeper is vulnerable to Sensitive Information Disclosure. The vulnerability is due to missing ACL checks in the persistent watcher feature. An attackers can monitor child znodes by attaching a persistent watcher to a parent node they already have access to. When the persistent watcher is....
6.7AI Score
0.0004EPSS
Sensitive Information Disclosure
go is vulnerable to Sensitive Information Disclosure. The vulnerability is due to the client not forwarding sensitive headers such as "Authorization" or "Cookie" when following an HTTP redirect to a domain that is not a subdomain match or exact match of the initial...
6.9AI Score
0.0004EPSS
Atlassian Jira 9.5.x < 9.12.8 Information Disclosure
According to its self-reported version number, the Atlassian Jira application running on the remote host is prior to 9.4.21, 9.5.x prior to 9.12.8 or 9.13.x prior to 9.16.0. It is, therefore, affected by an information disclosure vulnerability. Note that the scanner has not tested for these issues....
7AI Score
WordPress Pingback File Information Disclosure
The version of WordPress installed on the remote host fails to sanitize the 'sourceURI' before passing it to the 'wp_remote_fopen()' function when processing pingbacks. An unauthenticated, remote attacker can leverage this issue to determine the existence of local files and possibly to view...
6.8AI Score
0.004EPSS
'//WEB-INF/' Information Disclosure Vulnerability (HTTP)
Various application or web servers / products are prone to an information disclosure...
7.5CVSS
7.4AI Score
0.101EPSS
4.3CVSS
6.8AI Score
0.006EPSS
Sensitive Information Exposure
RhodeCode and Kallithea is vulnerable to Sensitive Information Exposure. The vulnerability is due to a lack of admin authentication which allows remote users to obtain API keys and other sensitive information via the get_repo API...
6.9AI Score
0.002EPSS
A vulnerability classified as critical has been found in Shenzhen Youkate Industrial Facial Love Cloud Payment System up to 1.0.55.0.0.1. This affects an unknown part of the file /SystemMng.ashx of the component Account Handler. The manipulation of the argument operatorRole with the input 00 leads....
9.8CVSS
9.5AI Score
0.001EPSS
A Header Injection vulnerability in the JFrog platform in versions below 7.85.0 (SaaS) and 7.84.7 (Self-Hosted) may allow threat actors to take over the end user's account when clicking on a specially crafted URL sent to the victim’s user...
6.4CVSS
7.1AI Score
0.0004EPSS
5.6CVSS
7.3AI Score
0.001EPSS
5.6CVSS
6.8AI Score
0.001EPSS
5.5CVSS
7.1AI Score
0.001EPSS
Atlassian JIRA < 8.6.1 Information Disclosure
According to its self-reported version number, the instance of Atlassian JIRA hosted on the remote web server is before 8.6.1. It is, therefore, affected by a missing authorization check that allows an authenticated remote attacker to view release version information in projects that they do not...
4.3CVSS
4.4AI Score
0.001EPSS
Movable Type mt.cfg Information Disclosure
The remote host is running Movable Type. The file 'mt.cfg' is publicly accessible, and contains information that should not be...
7.2AI Score
MantisBT Vulnerable to Exposure of Sensitive Information to an Unauthorized Actor
If an issue references a note that belongs to another issue that the user doesn't have access to, then it gets hyperlinked. Clicking on the link gives an access denied error as expected, yet some information remains available via the link, link label, and tooltip. Impact Disclosure of the...
5.3CVSS
6.8AI Score
0.0004EPSS
CVE-2024-24919 Information disclosure
Potentially allowing an attacker to read certain information on Check Point Security Gateways once connected to the internet and enabled with remote Access VPN or Mobile Access Software Blades. A Security fix that mitigates this vulnerability is...
8.6CVSS
8.4AI Score
0.945EPSS
OpenStack Glance is vulnerable to Exposure of Sensitive Information
The v1 API in OpenStack Glance Essex (2012.1), Folsom (2012.2), and Grizzly, when using the single-tenant Swift or S3 store, reports the location field, which allows remote authenticated users to obtain the operator's backend credentials via a request for a cached...
6.7AI Score
0.003EPSS
OpenStack Oslo utility sensitive information exposure via log files
The strutils.mask_password function in the OpenStack Oslo utility library, Cinder, Nova, and Trove before 2013.2.4 and 2014.1 before 2014.1.3 does not properly mask passwords when logging commands, which allows local users to obtain passwords by reading the...
6.7AI Score
0.0004EPSS