Information Disclosure in TYPO3 Backend
The TYPO3 backend module stores the username of an authenticated backend user in its cache files. By guessing the file path to the cache files it is possible to receive valid backend...
6.9AI Score
8.6CVSS
6.6AI Score
0.945EPSS
typo3 Information Disclosure Security Note
Due to reports it has been validated that internal workspaces in Neos are accessible without authentication. Some users assumed this is a planned feature but it is not. A workspace preview should be an additional feature with respective security measures in place. Note that this only allows...
6.8AI Score
Check Point Quantum Gateway - Information Disclosure
CVE-2024-24919 is an information disclosure vulnerability that can allow an attacker to access certain information on internet-connected Gateways which have been configured with IPSec VPN, remote access VPN, or mobile access software...
8.6CVSS
8.3AI Score
0.945EPSS
Information Disclosure in TYPO3 CMS
Failing to properly check user permission on file storages, editors could gain knowledge of protected storages and its folders as well as using them in a file collection being rendered in the frontend. A valid backend user account is needed to exploit this...
7.2AI Score
Information Disclosure in TYPO3 CMS
HTTP requests being performed using the TYPO3 API expose the specific TYPO3 version to the called...
7.1AI Score
Information Disclosure in TYPO3 CMS
HTTP requests being performed using the TYPO3 API expose the specific TYPO3 version to the called...
7.1AI Score
Information Disclosure in TYPO3 Backend
The TYPO3 backend module stores the username of an authenticated backend user in its cache files. By guessing the file path to the cache files it is possible to receive valid backend...
6.9AI Score
Cilium leaks sensitive information in cilium-bugtool
Impact The output of cilium-bugtool can contain sensitive data when the tool is run (with the --envoy-dump flag set) against Cilium deployments with the Envoy proxy enabled. Users of the following features are affected: TLS inspection Ingress with TLS termination Gateway API with TLS termination...
7.9CVSS
6.7AI Score
0.0004EPSS
Wipro Holmes Orchestrator 20.4.1 - Information Disclosure
Wipro Holmes Orchestrator 20.4.1 (20.4.1_02_11_2020) allows remote attackers to download arbitrary files, such as reports containing sensitive information, because authentication is not required for API access to processexecution/DownloadExcelFile/Domain_Credential_Report_Excel,...
7.5CVSS
7.2AI Score
0.052EPSS
Eclipse Jetty - Information Disclosure
Eclipse Jetty 9.4.37-9.4.42, 10.0.1-10.0.5 and 11.0.1-11.0.5 are susceptible to improper authorization. URIs can be crafted using some encoded characters to access the content of the WEB-INF directory and/or bypass some security constraints. An attacker can potentially obtain sensitive...
5.3CVSS
5.6AI Score
0.489EPSS
Rocket.Chat <3.9.1 - Information Disclosure
Rocket.Chat through 3.9.1 is susceptible to information disclosure. An attacker can enumerate email addresses via the password reset function and thus potentially access sensitive information, modify data, and/or execute unauthorized...
5.3CVSS
5.3AI Score
0.012EPSS
scrapy is vulnerable to Information Disclosure. The vulnerability is due to redirects ignoring scheme specific proxy settings, which results in http / https schemes using the wrong proxy if the proxy was configured to be scheme...
7.5CVSS
6.7AI Score
0.0004EPSS
IBM InfoSphere Information Server 11.7 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: ...
6.5CVSS
4.9AI Score
0.0004EPSS
microsoft.powerbi.javascript is vulnerable to an Information Disclosure. The vulnerability is due to improper handling of sensitive information, which may allow an attacker to access unauthorized data if a user visits a site with malicious...
6.5CVSS
6.1AI Score
0.001EPSS
Cilium leaks sensitive information in cilium-bugtool
Impact The output of cilium-bugtool can contain sensitive data when the tool is run (with the --envoy-dump flag set) against Cilium deployments with the Envoy proxy enabled. Users of the following features are affected: TLS inspection Ingress with TLS termination Gateway API with TLS termination...
7.9CVSS
6.7AI Score
0.0004EPSS
Exploit for Cleartext Transmission of Sensitive Information in Keepass
Keepass-Dumper This is my PoC implementation for...
6.5AI Score
MinIO information disclosure vulnerability
Impact If-Modified-Since If-Unmodified-Since Headers when used with anonymous requests by sending a random object name requests you can figure out if the object exists or not on the server on a specific bucket and also gain access to some amount of information such as Last-Modified (of the...
5.3CVSS
6.2AI Score
0.0004EPSS
This module uses an anonymous-bind LDAP connection to dump data from an LDAP server. Searching for attributes with user credentials (e.g....
7.3AI Score
TerraMaster TOS < 4.2.30 Server Information Disclosure
TerraMaster NAS devices running TOS prior to version 4.2.30 are vulnerable to information...
7.5CVSS
7.8AI Score
0.939EPSS
Sensitive Information Into Log File
jberet-core is vulnerable to Insertion of Sensitive Information into Log File. The vulnerability is due to missing data masking during logging via the getConnection method within JdbcRepository.java. It occurs when error messages include sensitive information, such as database connection...
6.5CVSS
6.7AI Score
0.0004EPSS
WAVLINK WN530H4 M30H4.V5030.190403 - Information Disclosure
WAVLINK WN530H4 M30H4.V5030.190403 contains an information disclosure vulnerability in the /cgi-bin/ExportAllSettings.sh endpoint. This can allow an attacker to leak router settings, including cleartext login details, DNS settings, and other sensitive information without...
7.5CVSS
7.2AI Score
0.053EPSS
LearnDash LMS < 4.10.3 - Sensitive Information Exposure
The LearnDash LMS plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.10.2 via API. This makes it possible for unauthenticated attackers to obtain access to quiz...
5.3CVSS
5.3AI Score
0.01EPSS
5.3CVSS
7.2AI Score
0.949EPSS
ezsystems/ezpublish-legacy is vulnerable to Information Disclosure. The vulnerability is caused due to the module not properly checking access permissions when rendering the content tree menu. This allows the tree menu to display hidden items to unauthorized users if they access the backend URL...
6.9AI Score
Sensitive Information Disclosure
ezsystems/ezpublish-kernel is vulnerable to Sensitive Information Disclosure. The vulnerability is due to the REST API potentially disclosing the names of all available site...
6.8AI Score
Jeecg Boot <= 2.4.5 - Sensitive Information Disclosure
Jeecg Boot <= 2.4.5 API interface has unauthorized access and leaks sensitive information such as email,phone and Enumerate usernames that exist in the...
7.5CVSS
7.3AI Score
0.004EPSS
DataTaker DT80 dEX 1.50.012 - Information Disclosure
DataTaker DT80 dEX 1.50.012 is susceptible to information disclosure. A remote attacker can obtain sensitive credential and configuration information via a direct request for the /services/getFile.cmd?userfile=config.xml URI, thereby possibly accessing sensitive information, modifying data, and/or....
9.8CVSS
9.1AI Score
0.943EPSS
Linear eMerge E3-Series - Information Disclosure
Linear eMerge E3-Series devices are susceptible to information disclosure. Admin credentials are stored in clear text at the endpoint /test.txt in situations where the default admin credentials have been changed. An attacker can obtain admin credentials, access the admin dashboard, control...
8.2CVSS
8.1AI Score
0.003EPSS
Reprise License Manager 14.2 - Information Disclosure
Reprise License Manager 14.2 is susceptible to information disclosure via a GET request to /goforms/rlminfo. No authentication is required. The information disclosed is associated with software versions, process IDs, network configuration, hostname(s), system architecture and file/directory...
5.3CVSS
5.4AI Score
0.053EPSS
WordPress BulletProof Security 5.1 Information Disclosure
The BulletProof Security WordPress plugin is vulnerable to sensitive information disclosure due to a file path disclosure in the publicly accessible ~/db_backup_log.txt file which grants attackers the full path of the site, in addition to the path of database backup files. This affects versions up....
5.3CVSS
4.9AI Score
0.314EPSS
PRTG Network Monitor <20.1.57.1745 - Information Disclosure
PRTG Network Monitor before 20.1.57.1745 is susceptible to information disclosure. An attacker can obtain information about probes running or the server itself via an HTTP request, thus potentially being able to modify data and/or execute unauthorized administrative operations in the context of...
5.3CVSS
5.1AI Score
0.001EPSS
Moodle BigBlueButton web service leaks meeting joining information
Insufficient capability checks meant it was possible for users to gain access to BigBlueButton join URLs they did not have permission to...
7AI Score
0.0004EPSS
SimpleSAMLphp Information Disclosure vulnerability
Background SimpleSAMLphp 1.17 includes a preview of the new user interface to be included in the future version 2.0. This new user interface can be enabled by setting the usenewui configuration option to true, and it includes a new admin interface in a module called admin, which can be disabled....
6.8AI Score
TYPO3 Information Disclosure of Installed Extensions
It has been discovered that mechanisms used for configuration of RequireJS package loading are susceptible to information disclosure. This way a potential attack can retrieve additional information about installed system and third party...
6.7AI Score
Franklin Fueling Systems Colibri Controller Module 1.8.19.8580 - Local File Inclusion
Franklin Fueling Systems Colibri Controller Module 1.8.19.8580 is susceptible to local file inclusion because of insecure handling of a download function that leads to disclosure of internal files due to path traversal with root...
7.5CVSS
7.3AI Score
0.605EPSS
Information disclosure in podman in github.com/containers/libpod
Information disclosure in podman in...
5.3CVSS
5.3AI Score
0.001EPSS
Zend-developer-tools information disclosure vulnerability
The package zendframework/zend-developer-tools provides a web-based toolbar for introspecting an application. When updating the package to support PHP 7.3, a change was made that could potentially prevent toolbar entries that are enabled by default from being...
7.1AI Score
Moodle BigBlueButton web service leaks meeting joining information
Insufficient capability checks meant it was possible for users to gain access to BigBlueButton join URLs they did not have permission to...
7AI Score
0.0004EPSS
TYPO3 Information Disclosure in Install Tool
The Install Tool exposes the current TYPO3 version number to non-authenticated...
7AI Score
TYPO3 Information Disclosure of Installed Extensions
It has been discovered that mechanisms used for configuration of RequireJS package loading are susceptible to information disclosure. This way a potential attack can retrieve additional information about installed system and third party...
6.7AI Score
Elastic Beats inserts sensitive information into log file
An issue was discovered by Elastic whereby Beats and Elastic Agent would log a raw event in its own logs at the WARN or ERROR level if ingesting that event to Elasticsearch failed with any 4xx HTTP status code except 409 or 429. Depending on the nature of the event that Beats or Elastic Agent...
6.8CVSS
6.7AI Score
0.0005EPSS
Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Minio
CVE-2023-28432...
7.5CVSS
7.9AI Score
0.865EPSS
Zend-developer-tools information disclosure vulnerability
The package zendframework/zend-developer-tools provides a web-based toolbar for introspecting an application. When updating the package to support PHP 7.3, a change was made that could potentially prevent toolbar entries that are enabled by default from being...
7.1AI Score
TYPO3 Information Disclosure in Install Tool
The Install Tool exposes the current TYPO3 version number to non-authenticated...
7AI Score
Download Monitor <= 4.7.60 - Sensitive Information Exposure
The Download Monitor plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 4.7.60 via REST API. This can allow unauthenticated attackers to extract sensitive data including user reports, download reports, and user data including email, role, id and.....
7.5CVSS
6.2AI Score
0.005EPSS
FleetCart 4.1.1 - Information Disclosure
Issues with information disclosure in redirect responses. Accessing the majority of the website's pages exposes sensitive data, including the "Razorpay"...
5.3CVSS
6.7AI Score
0.001EPSS
TCExam <= 14.8.1 - Sensitive Information Exposure
When installed following the default/recommended settings, TCExam <= 14.8.1 allowed unauthenticated users to access the /cache/backup/ directory, which includes sensitive database backup...
7.5CVSS
7.5AI Score
0.01EPSS
Akkadian Provisioning Manager - Information Disclosure
Akkadian Provisioning Manager is susceptible to information disclosure. The restricted shell provided can be escaped by abusing the Edit MySQL Configuration command. This command launches a standard VI editor interface which can then be...
7.9CVSS
4.5AI Score
0.002EPSS
Stack-based buffer overflow in DMitry (Deepmagic Information Gathering Tool) version 1.3a (Unix) allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a long argument. An example threat model is automated execution of DMitry with hostname...
9.8CVSS
9.6AI Score
0.012EPSS