Slideshow Gallery <= 1.8 - Unauthenticated Sensitive Information Exposure
Description The plugin is vulnerable to Sensitive Information Exposure, allowing unauthenticated attackers to extract sensitive user or configuration...
5.3CVSS
6.3AI Score
0.0005EPSS
FreePBX gen_amp_conf.php Information Disclosure
By requesting the 'admin/modules/framework/bin/gen_amp_conf.php' script directly, an unauthenticated, remote attacker can discover all the configuration parameters, including the admin password, for the FreePBX installed on the remote host, thereby gaining administrative access to...
7.5AI Score
A Fault Injection vulnerability in the SymmetricDecrypt function in cryptopp/elgamal.h of Cryptopp Crypto++ 8.9, allows an attacker to co-reside in the same system with a victim process to disclose information and escalate...
7.6AI Score
EPSS
Joomla! < 1.0.8 Information Disclosure
The version of Joomla! installed on the remote web server is affected by an information disclosure vulnerability. An unauthenticated, remote attacker can exploit this, via a specially crafted request, to disclose the full path information from the Joomla! installation. Note that the application is....
7.8AI Score
0.01EPSS
Database Open Access Information Disclosure Vulnerability
Various Database server might be prone to an information disclosure vulnerability if accessible to remote...
7.3AI Score
Sensitive Information Disclosure
github.com/apache/solr-operator is vulnerable to Sensitive Information Disclosure. The vulnerability is due to the operator's mishandling of authentication credentials in log files, which could expose sensitive information such as usernames and...
6.6AI Score
0.0004EPSS
Cilem Haber Information Disclosure Vulnerability
Cilem Haber is prone to an information disclosure...
6.9AI Score
Sensitive Information Disclosure
Apache Linkis is vulnerable to Sensitive Information Disclosure. The vulnerability is caused by the inclusion of sensitive information (password) in the log statement. This potentially leads to exposure to sensitive...
6.3AI Score
0.0004EPSS
Easy Digital Downloads < 3.2.12 - Unauthenticated Sensitive Information Exposure
Description The Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.2.11. This makes it possible for unauthenticated attackers to extract...
5.3CVSS
6.9AI Score
0.0004EPSS
Microsoft Internet Information Services (IIS) Installed
Microsoft Internet Information Services installation (IIS) has been detected on the remote Windows...
0.6AI Score
IBM InfoSphere Information Governance Catalog Detection
The remote web server is running IBM InfoSphere Information Governance Catalog...
1.1AI Score
Oracle Endeca Information Discovery Studio Detection
Oracle Endeca Information Discovery Studio was detected on the remote host. Oracle Endeca Information Discovery Studio is a web based data discovery and analysis...
0.7AI Score
Clorius Controls ISC SCADA Information Disclosure
Nessus was able to obtain the contents of '/html/info.htm' on the remote Clorius Contols ISC SCADA device. This page may contain sensitive information such as the firmware version of the device, internal IP address, and MAC...
2AI Score
Sensitive Information Disclosure
go is vulnerable to Sensitive Information Disclosure. The vulnerability is due to errors returned from MarshalJSON methods containing user-controlled data, which can break contextual auto-escaping behavior, leading to unexpected content injection into...
7.3AI Score
0.0004EPSS
Kubernetes client-go vulnerable to Sensitive Information Leak via Log File
In Kubernetes, if the logging level is set to at least 9, authorization and bearer tokens will be written to log files. This can occur both in API server logs and client tool output like kubectl. This affects <= v1.19.5, <= v1.18.13, <= v1.17.15, <...
5.5CVSS
6.1AI Score
0.0004EPSS
OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent unauthenticated attacker to execute arbitrary OS commands by sending a specially crafted request to the product. Affected products and versions are as follows: WRC-X3200GST3-B v1.25 and earlier, WRC-G01-W...
8AI Score
0.0004EPSS
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Vadi Corporate Information Systems DIGIKENT GIS allows SQL Injection.This issue affects DIGIKENT GIS: through...
7.6AI Score
0.0004EPSS
Sensitive Information Disclosure
Apache ZooKeeper is vulnerable to Sensitive Information Disclosure. The vulnerability is due to missing ACL checks in the persistent watcher feature. An attackers can monitor child znodes by attaching a persistent watcher to a parent node they already have access to. When the persistent watcher is....
6.7AI Score
0.0004EPSS
An issue was discovered in Joomla! 4.0.0 through 4.2.3. Sites with publicly enabled debug mode exposed data of previous...
5.3CVSS
6.8AI Score
0.001EPSS
Sensitive Information Disclosure
go is vulnerable to Sensitive Information Disclosure. The vulnerability is due to the client not forwarding sensitive headers such as "Authorization" or "Cookie" when following an HTTP redirect to a domain that is not a subdomain match or exact match of the initial...
6.9AI Score
0.0004EPSS
eZ Publish Information disclosure in backend content tree menu
This security advisory fixes an information disclosure vulnerability in the legacy admin content tree menu. If a view has been disabled in site.ini [SiteAccessRules] Rules, and an attacker accesses the backend with the URL to this module, then the tree menu may be displayed. Since the tree menu...
6.6AI Score
Sensitive Information Exposure
RhodeCode and Kallithea is vulnerable to Sensitive Information Exposure. The vulnerability is due to a lack of admin authentication which allows remote users to obtain API keys and other sensitive information via the get_repo API...
6.9AI Score
0.002EPSS
Out-of-bounds read vulnerability caused by improper checking of the option length values in IPv6 NDP packets exists in Cente middleware TCP/IP Network Series, which may allow an unauthenticated attacker to stop the device operations by sending a specially crafted...
6.7AI Score
0.0004EPSS
Summary IBM Maximo Manage application in IBM Maximo Application Suite is vulnerable to sensitive information disclosure. Vulnerability Details ** CVEID: CVE-2024-22333 DESCRIPTION: **IBM Maximo Asset Management allows web pages to be stored locally which can be read by another user on the system......
4CVSS
6.1AI Score
0.0004EPSS
Kubernetes client-go vulnerable to Sensitive Information Leak via Log File
In Kubernetes, if the logging level is set to at least 9, authorization and bearer tokens will be written to log files. This can occur both in API server logs and client tool output like kubectl. This affects <= v1.19.5, <= v1.18.13, <= v1.17.15, <...
5.5CVSS
6.1AI Score
0.0004EPSS
CVE-2024-35155 IBM MQ information disclosure
IBM MQ Console 9.3 LTS and 9.3 CD could disclose could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: ...
6.5CVSS
0.0004EPSS
eZ Publish Information disclosure in backend content tree menu
This security advisory fixes an information disclosure vulnerability in the legacy admin content tree menu. If a view has been disabled in site.ini [SiteAccessRules] Rules, and an attacker accesses the backend with the URL to this module, then the tree menu may be displayed. Since the tree menu...
6.6AI Score
Sensitive Information Disclosure
Home Assistant is vulnerable to Sensitive Information Disclosure. The vulnerability is due to an unauthenticated attacker being able to read the application's error log via...
7.5CVSS
6.7AI Score
0.002EPSS
Moxa AWK Series asqc.asp Information Disclosure Vulnerability
Moxa AWK series wireless access points are prone to an information disclosure...
5.3CVSS
5.2AI Score
0.001EPSS
A vulnerability classified as critical has been found in Shenzhen Youkate Industrial Facial Love Cloud Payment System up to 1.0.55.0.0.1. This affects an unknown part of the file /SystemMng.ashx of the component Account Handler. The manipulation of the argument operatorRole with the input 00 leads....
9.8CVSS
9.5AI Score
0.001EPSS
Drupal sensitive information disclosure
The "have you forgotten your password" links in the User module in Drupal 7.x before 7.43 and 8.x before 8.0.4 allow remote attackers to obtain sensitive username information by leveraging a configuration that permits using an email address to login and a module that permits logging...
5.3CVSS
6.7AI Score
0.005EPSS
CVE-2023-50937 IBM PowerSC information disclosure
IBM PowerSC 1.3, 2.0, and 2.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: ...
5.9CVSS
7.3AI Score
0.001EPSS
PHP 7.3.x < 7.3.2 Information Disclosure.
According to its banner, the version of PHP running on the remote web server is 7.3.x prior to 7.3.2. It is, therefore, affected by: An out-of-bounds read error exists in the dns_get_record function due to improper parsing of DNS responses. An unauthenticated, remote attacker can exploit...
7.5CVSS
8.5AI Score
0.606EPSS
CVE-2024-35156 IBM MQ information disclosure
IBM MQ 9.3 LTS and 9.3 CD could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: ...
6.5CVSS
0.0004EPSS
OpenStack Glance is vulnerable to Exposure of Sensitive Information
The v1 API in OpenStack Glance Essex (2012.1), Folsom (2012.2), and Grizzly, when using the single-tenant Swift or S3 store, reports the location field, which allows remote authenticated users to obtain the operator's backend credentials via a request for a cached...
6.7AI Score
0.003EPSS
OpenStack Oslo utility sensitive information exposure via log files
The strutils.mask_password function in the OpenStack Oslo utility library, Cinder, Nova, and Trove before 2013.2.4 and 2014.1 before 2014.1.3 does not properly mask passwords when logging commands, which allows local users to obtain passwords by reading the...
6.7AI Score
0.0004EPSS
MantisBT Vulnerable to Exposure of Sensitive Information to an Unauthorized Actor
If an issue references a note that belongs to another issue that the user doesn't have access to, then it gets hyperlinked. Clicking on the link gives an access denied error as expected, yet some information remains available via the link, link label, and tooltip. Impact Disclosure of the...
5.3CVSS
6.8AI Score
0.0004EPSS
CVE-2024-4220 Information Disclosure in BeyondInsight
Prior to 23.1, an information disclosure vulnerability exists within BeyondInsight which can allow an attacker to enumerate...
4.3CVSS
6.4AI Score
0.0005EPSS
Quanxun Huiju Network Technology (Beijing) Co.,Ltd IK-Q3000 3.7.10 x64 Build202401261655 was discovered to be vulnerable to an ICMP redirect...
6.8AI Score
EPSS
VMware Harbor Information Disclosure (CVE-2020-29662)
An information disclosure vulnerability exists in Harbor. In Harbor 2.0 before 2.0.5 and 2.1.x before 2.1.2 the catalog's registry API is exposed on an unauthenticated...
5.3CVSS
0.9AI Score
0.001EPSS
Microsoft Internet Information Services (IIS) Sites Enumeration
Microsoft Internet Information Services configuration file has been parsed to extract information about the existing sites, their protocols, domains and IP...
1.5AI Score
Microsoft System Center Configuration Manager Database Information
ConfigMgr stores information such as clients it manages, OS version and software packages installed on the client in a database. Much of this information is exposed through Windows Management Instrumentation (WMI). By querying WMI, information about managed clients can be obtained. This script...
1.8AI Score
Quanxun Huiju Network Technology (Beijing) Co.,Ltd IK-Q3000 3.7.10 x64 Build202401261655 was discovered to be vulnerable to an ICMP redirect...
7.5AI Score
EPSS
Quanxun Huiju Network Technology (Beijing) Co.,Ltd IK-Q3000 3.7.10 x64 Build202401261655 was discovered to be vulnerable to an ICMP redirect...
6.8AI Score
EPSS
CVE-2024-4220 Information Disclosure in BeyondInsight
Prior to 23.1, an information disclosure vulnerability exists within BeyondInsight which can allow an attacker to enumerate...
4.3CVSS
4.3AI Score
0.0005EPSS
CVE-2023-50937 IBM PowerSC information disclosure
IBM PowerSC 1.3, 2.0, and 2.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: ...
5.9CVSS
7.2AI Score
0.001EPSS
CVE-2023-50939 IBM PowerSC information Disclosure
IBM PowerSC 1.3, 2.0, and 2.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: ...
5.9CVSS
7.2AI Score
0.001EPSS
WordPress Pingback File Information Disclosure
The version of WordPress installed on the remote host fails to sanitize the 'sourceURI' before passing it to the 'wp_remote_fopen()' function when processing pingbacks. An unauthenticated, remote attacker can leverage this issue to determine the existence of local files and possibly to view...
6.8AI Score
0.004EPSS
Microsoft SQL Server Information Disclosure Vulnerability (KB4036996)
Microsoft SQL Server is prone to an information disclosure ...
7.5CVSS
7.5AI Score
0.005EPSS
Microsoft SQL Server Information Disclosure Vulnerability (KB4019092)
This host is missing an important security update according to Microsoft...
7.5CVSS
7.4AI Score
0.005EPSS