NextGEN Gallery <= 3.59 - Missing Authorization to Unauthenticated Information Disclosure
The WordPress Gallery Plugin – NextGEN Gallery plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the get_item function in versions up to, and including, 3.59. This makes it possible for unauthenticated attackers to extract sensitive data...
5.3CVSS
5.1AI Score
0.082EPSS
Podlove Web Player < 5.7.4 - Missing Authorization to Unauthenticated Information Exposure
Description The Podlove Web Player plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the /shortcode REST API endpoint in all versions up to, and including, 5.7.3. This makes it possible for unauthenticated attackers to view information they...
5.3CVSS
6.4AI Score
0.0004EPSS
Exploit for Cleartext Storage of Sensitive Information in Keepass
CVE-2023-24055 POC and Scanner for CVE-2023-24055 Use at...
5.5CVSS
6.2AI Score
0.001EPSS
TYPO3 Disclosure of Information about Installed Extensions
It has been discovered that mechanisms used for configuration of RequireJS package loading are susceptible to information disclosure. This way a potential attack can retrieve additional information about installed system and third party...
6.7AI Score
MediaWiki information disclosure
In MediaWiki through 1.33.0, Special:Redirect allows information disclosure of suppressed usernames via a User ID...
5.3CVSS
6.4AI Score
0.007EPSS
CVE-2024-24919 Name: CVE-2024-24919 Scanner Author:...
8.6CVSS
9.1AI Score
0.945EPSS
Ansible-core information disclosure flaw
An information disclosure flaw was found in ansible-core due to a failure to respect the ANSIBLE_NO_LOG configuration in some scenarios. It was discovered that information is still included in the output in certain tasks, such as loop items. Depending on the task, this issue may include sensitive.....
5.5CVSS
6.5AI Score
0.0004EPSS
CVE-2024-24919 Esse projeto tem como objetivo criar uma...
8.6CVSS
6.3AI Score
0.945EPSS
Ansible-core information disclosure flaw
An information disclosure flaw was found in ansible-core due to a failure to respect the ANSIBLE_NO_LOG configuration in some scenarios. It was discovered that information is still included in the output in certain tasks, such as loop items. Depending on the task, this issue may include sensitive.....
5.5CVSS
6.5AI Score
0.0004EPSS
D-LINK DNS-320L,DNS-320LW and DNS-327L - Information Disclosure
A vulnerability has been found in D-Link DNS-320L, DNS-320LW and DNS-327L up to 20240403 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /cgi-bin/info.cgi of the component HTTP GET Request...
5.3CVSS
6.9AI Score
0.001EPSS
Zitadel exposing internal database user name and host information
Impact In case ZITADEL could not connect to the database, connection information including db name, username and db host name could be returned to the user. Patches 2.x versions are fixed on >= 2.50.3 2.49.x versions are fixed on >= 2.49.5 2.48.x versions are fixed on >= 2.48.5 2.47.x vers...
5.3CVSS
6.8AI Score
0.0004EPSS
Important: pcp security update
Performance Co-Pilot (PCP) is a suite of tools, services, and libraries for acquisition, archiving, and analysis of system-level performance measurements. Its light-weight distributed architecture makes it particularly well-suited to centralized analysis of complex systems. Security Fix(es): pcp:.....
8.8CVSS
7.1AI Score
0.0004EPSS
VMware vCenter Server vmdir Information Disclosure
This module uses an anonymous-bind LDAP connection to dump data from the vmdir service in VMware vCenter Server version 6.7 prior to the 6.7U3f update, only if upgraded from a previous release line, such as 6.0 or 6.5. If the bind username and password are provided (BIND_DN and BIND_PW options),...
9.8CVSS
9.3AI Score
0.745EPSS
CVE-2024-24919-PoC ![Screenshot of the exploit...
8.6CVSS
8.8AI Score
0.945EPSS
Leak of sensitive information to log files in github.com/hashicorp/go-retryablehttp
URLs were not sanitized when writing them to log files. This could lead to writing sensitive HTTP basic auth credentials to the log...
7AI Score
Rails has possible Sensitive Session Information Leak in Active Storage
Possible Sensitive Session Information Leak in Active Storage There is a possible sensitive session information leak in Active Storage. By default, Active Storage sends a Set-Cookie header along with the user's session cookie when serving blobs. It also sets Cache-Control to public. Certain...
5.3CVSS
6.3AI Score
0.0004EPSS
Rails has possible Sensitive Session Information Leak in Active Storage
Possible Sensitive Session Information Leak in Active Storage There is a possible sensitive session information leak in Active Storage. By default, Active Storage sends a Set-Cookie header along with the user's session cookie when serving blobs. It also sets Cache-Control to public. Certain...
5.3CVSS
6.3AI Score
0.0004EPSS
Undertow's url-encoded request path information can be broken on ajp-listener
A vulnerability was found in Undertow. URL-encoded request path information can be broken for concurrent requests on ajp-listener, causing the wrong path to be processed and resulting in a possible denial of...
7.5CVSS
6.9AI Score
0.0004EPSS
A vulnerability was found in Campcodes Simple Student Information System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/students/manage_academic.php. The manipulation of the argument student_id leads to cross site scripting. The attack can be...
6.1CVSS
6AI Score
0.001EPSS
A vulnerability was found in Campcodes Simple Student Information System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/students/manage_academic.php. The manipulation of the argument id leads to sql injection. The exploit has been disclosed to the public...
7.5CVSS
7.8AI Score
0.001EPSS
Sensitive Information Disclosure
directus is vulnerable to an Sensitive Information Disclosure. The vulnerability is due to inadequate filtering of hashed data when using the alias API, allowing users to retrieve sensitive information in plaintext that is normally...
4.9CVSS
6.6AI Score
0.0004EPSS
**Check Point Security Gateway RCE Exploit Tool...
8.6CVSS
7.2AI Score
0.945EPSS
ReadToMyShoe - Generation of Error Message Containing Sensitive Information
ReadToMyShoe generates an error message containing sensitive information prior to commit 8533b01. If an error occurs when adding an article, the website shows the user an error message. If the error originates from the Google Cloud TTS request, it will include the full URL of the request, which...
7.4CVSS
6.3AI Score
0.172EPSS
WordPress WP Security Audit Log 3.1.1 - Information Disclosure
WordPress WP Security Audit Log 3.1.1 plugin is susceptible to information disclosure. Access to wp-content/uploads/wp-security-audit-log/* files is not restricted. An attacker can obtain sensitive information, modify data, and/or execute unauthorized...
5.3CVSS
5AI Score
0.032EPSS
A vulnerability, which was classified as critical, has been found in Campcodes Simple Student Information System 1.0. This issue affects some unknown processing of the file /classes/Master.php. The manipulation of the argument f leads to sql injection. The exploit has been disclosed to the public.....
7.5CVSS
7.8AI Score
0.001EPSS
A vulnerability was found in SourceCodester Simple Student Information System 1.0. It has been classified as problematic. This affects an unknown part of the file /classes/Master.php?f=save_course of the component Add New Course. The manipulation of the argument name with the input...
4.8CVSS
4.8AI Score
0.001EPSS
LatePoint Plugin < 4.9.9.1 - Missing Authorization and Sensitive Information Exposure via IDOR
Description The LatePoint Plugin plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the 'start_or_use_session_for_customer' function in all versions up to and including 4.9.9. This makes it possible for unauthenticated...
9.1CVSS
6.6AI Score
0.001EPSS
Check Point Security Gateways Information Disclosure -...
8.6CVSS
8.6AI Score
0.945EPSS
Undertow's url-encoded request path information can be broken on ajp-listener
A vulnerability was found in Undertow. URL-encoded request path information can be broken for concurrent requests on ajp-listener, causing the wrong path to be processed and resulting in a possible denial of...
7.5CVSS
6.6AI Score
0.0004EPSS
Cilium vulnerable to information leakage via incorrect ReferenceGrant handling
Impact When the Gateway API is enabled in Cilium, the absence of a check on the namespace in which a ReferenceGrant is created could result in Cilium gaining visibility of secrets (including certificates) and services across namespaces. An attacker on an affected cluster can configure Cilium to...
5.3CVSS
6.7AI Score
0.0005EPSS
VMware Aria Operations for Networks - Code Injection Information Disclosure Vulnerability
Aria Operations for Networks contains an information disclosure vulnerability. A malicious actor with network access to VMware Aria Operations for Networks may be able to perform a command injection attack resulting in information...
7.5CVSS
7.5AI Score
0.488EPSS
A vulnerability, which was classified as critical, was found in Campcodes Simple Student Information System 1.0. Affected is an unknown function of the file /admin/students/update_status.php. The manipulation of the argument student_id leads to sql injection. The exploit has been disclosed to the.....
7.5CVSS
7.8AI Score
0.001EPSS
A vulnerability was found in Campcodes Simple Student Information System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/departments/manage_department.php. The manipulation of the argument id leads to sql injection. The exploit has been...
7.5CVSS
7.8AI Score
0.001EPSS
A vulnerability has been found in Campcodes Simple Student Information System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/courses/manage_course.php. The manipulation of the argument id leads to sql injection. The exploit has been...
7.5CVSS
7.8AI Score
0.001EPSS
A vulnerability classified as critical was found in Campcodes Simple Student Information System 1.0. This vulnerability affects unknown code of the file /admin/courses/view_course.php. The manipulation of the argument id leads to sql injection. The exploit has been disclosed to the public and may.....
7.5CVSS
7.9AI Score
0.001EPSS
A vulnerability was found in code-projects Bus Dispatch and Information System 1.0. It has been classified as critical. This affects an unknown part of the file adminHome.php. The manipulation of the argument reach_city leads to sql injection. It is possible to initiate the attack remotely. The...
8.8CVSS
8.9AI Score
0.002EPSS
Description The Widget Options - Extended plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to 5.1.3 (exclusive) for Widget Options - Extended and all versions up to, and including, 4.0.1 for Widget Options. This makes it possible for unauthenticated attackers....
6.5CVSS
6.3AI Score
EPSS
A vulnerability classified as critical has been found in Campcodes Simple Student Information System 1.0. This affects an unknown part of the file /admin/index.php. The manipulation of the argument id leads to sql injection. The exploit has been disclosed to the public and may be used. The...
7.5CVSS
7.8AI Score
0.001EPSS
thelounge is vulnerable to Information Disclosure. The vulnerability is due to inadequate handling of unique identifiers when different connections share the same local port but have various addresses, potentially leading to the public disclosure of user...
6.8AI Score
Atlassian Jira Server/Data Center <8.5.8/8.6.0 - 8.11.1 - Information Disclosure
Atlassian Jira Server and Data Center before 8.5.8 and 8.6.0 through 8.11.1 are susceptible to information disclosure via the /secure/QueryComponent!Default.jspa endpoint. An attacker can view custom field names and custom SLA...
5.3CVSS
5AI Score
0.006EPSS
CVE-2022-22733 CVE-2022-22733 is a vulnerabilit that...
6.5CVSS
6.8AI Score
0.198EPSS
Exposure Of Sensitive Information To An Unauthorized Actor
silverstripe/userforms is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor. This vulnerability is due to insufficient authorization checks in submission notification emails, potentially enabling an attacker to access sensitive files uploaded through the forms without proper....
6.8AI Score
CVE-2024-24919 An Vulnerability detection and Exploitation...
8.6CVSS
6.1AI Score
0.945EPSS
Exposure Of Sensitive Information
github.com/openshift/cluster-monitoring-operator is vulnerable to Exposure of Sensitive Information. The vulnerability is due to an annotation in the telemeter-client pod in the openshift-monitoring namespace that contains the cluster's pull secret, which can be accessed by users with sufficient...
7.7CVSS
6.9AI Score
0.0004EPSS
A vulnerability classified as critical has been found in code-projects Bus Dispatch and Information System 1.0. Affected is an unknown function of the file delete_bus.php. The manipulation of the argument busid leads to sql injection. It is possible to launch the attack remotely. The exploit has...
9.1CVSS
9.4AI Score
0.001EPSS
A vulnerability was found in code-projects Bus Dispatch and Information System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file view_branch.php. The manipulation of the argument branchid leads to sql injection. The attack may be launched remotely....
9.8CVSS
9.6AI Score
0.002EPSS
A vulnerability has been found in code-projects Bus Dispatch and Information System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file view_admin.php. The manipulation of the argument adminid leads to sql injection. The attack can be launched...
8.8CVSS
8.9AI Score
0.002EPSS
Exposure of Sensitive Information to an Unauthorized Actor in Apache ServiceComb Service-Center. This issue affects Apache ServiceComb Service-Center before 2.1.0 (included). Users are recommended to upgrade to version 2.2.0, which fixes the...
7.5CVSS
6.8AI Score
0.001EPSS
Mediawiki information disclosure vulnerability
Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains an information disclosure flaw in the...
6.5CVSS
6.4AI Score
0.003EPSS
co-free.julius-kuehn.de Cross Site Scripting vulnerability OBB-3870099
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score