HashiCorp Nomad and Nomad Enterprise 0.11.0 up to 1.5.6 and 1.4.1 HTTP search API can reveal names of available CSI plugins to unauthenticated users or users without the plugin:read policy. Fixed in 1.6.0, 1.5.7, and...
5.3CVSS
7.1AI Score
0.001EPSS
Gutenify < 1.4.1 - Unauthenticated Sensitive Information Exposure
Description The Gutenify – Visual Site Builder Blocks & Site Templates. plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.0. This makes it possible for unauthenticated attackers to extract sensitive user or configuration...
5.3CVSS
6.3AI Score
0.0004EPSS
6.5AI Score
libshadow.so is vulnerable to Information Disclosure. The vulnerability exists in change_passwd function at gpasswd.c because the password field is not properly zeroed out if the confirmation...
5.5CVSS
7.1AI Score
0.0004EPSS
Apache ServiceComb Service-Center Exposure of Sensitive Information to an Unauthorized Actor vulnerability in...
7.5CVSS
6.6AI Score
0.001EPSS
Microsoft Windows Process Module Information
Report details on the running processes modules on the machine. This plugin is informative only and could be used for forensic investigation, malware detection, and to that confirm your system processes conform to your system...
1.3AI Score
Ecava IntegraXor < 4.1.4410 Information Disclosure
The version of Ecava IntegraXor installed on the remote host is a version prior to 4.1 Build 4410. It is, therefore, affected by an unspecified information disclosure...
2.2AI Score
elFinder <= 2.1.44 Information Disclosure Vulnerability
elFinder is prone to an information disclosure...
5.9CVSS
5.5AI Score
0.002EPSS
WP Job Manager < 2.3.0 - Unauthenticated Information Exposure
Description The WP Job Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2.2. This makes it possible for unauthenticated attackers to extract sensitive user or configuration...
5.3CVSS
6.3AI Score
0.0004EPSS
exim is vulnerable to Information Disclosure. The vulnerability exists due to the absence of validation for user-supplied data during the handling of NTLM challenge requests. This allows an attacker to read beyond allocated data structures, potentially leading to the disclosure of information...
3.7CVSS
6.2AI Score
0.001EPSS
Release Information for Hitachi Plug-In for Veeam Backup & Replication
Release Information for Hitachi Plug-In for Veeam Backup &...
0.6AI Score
Atlassian Jira < 9.4.21 Information Disclosure
According to its self-reported version number, the Atlassian Jira application running on the remote host is prior to 9.4.21, 9.5.x prior to 9.12.8 or 9.13.x prior to 9.16.0. It is, therefore, affected by an information disclosure vulnerability. Note that the scanner has not tested for these issues....
7AI Score
Magento Information Disclosure via File upload functionality
An arbitrary file access vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can leverage file upload controller for downloadable products to read/delete an arbitary...
8.8CVSS
6.7AI Score
0.001EPSS
Release Information for Veeam Backup & Replication 11a Cumulative Patches
Release Information for Veeam Backup & Replication 11a Cumulative...
1.1AI Score
Security Bulletin: AIX is vulnerable to information disclosure due to openCryptoki (CVE-2024-0914)
Summary Vulnerability in openCryptoki could allow a remote attacker to obtain sensitive information (CVE-2024-0914). Vulnerability Details ** CVEID: CVE-2024-0914 DESCRIPTION: **openCryptoki could allow a remote attacker to obtain sensitive information, caused by a flaw when processing RSA PKCS#1.....
5.9CVSS
6AI Score
0.001EPSS
exim4 is vulnerable to Information Disclosure. An out-of-bounds read vulnerability exists in the smtp service of Exim which allows an attacker to disclose sensitive information on a vulnerable system by sending a specially crafted SMTP...
3.1CVSS
6.3AI Score
0.001EPSS
7.5CVSS
6.7AI Score
0.013EPSS
This plugin displays, for each tested host, information about the scan itself : The version of the plugin set. The type of scanner (Nessus or Nessus Home). The version of the Nessus Engine. The port scanner(s) used. The port range scanned. The ping round trip time Whether credentialed or...
7.1AI Score
Kimai information disclosure vulnerability
A vulnerability was found in Kimai up to 2.15.0 and classified as problematic. Affected by this issue is some unknown functionality of the component Session Handler. The manipulation of the argument PHPSESSIONID leads to information disclosure. The attack may be launched remotely. The complexity...
3.7CVSS
4.1AI Score
0.0004EPSS
Summary A vulnerabilitiy in IBM® SDK Java™ Technology Edition that is shipped as part of multiple IBM Tivoli Monitoring (ITM) components. CVE-2024-3933 Vulnerability Details ** CVEID: CVE-2024-3933 DESCRIPTION: **Eclipse Openj9 could allow a local authenticated attacker to bypass security...
5.3CVSS
6.7AI Score
0.0004EPSS
9.8CVSS
10AI Score
0.975EPSS
Summary IBM Sterling Partner Engagement Manager is vulnerable to information disclosure. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details ** CVEID: CVE-2022-35718 DESCRIPTION: **IBM Sterling Partner Engagement Manager stores sensitive information in.....
6AI Score
EPSS
7.5CVSS
7.1AI Score
EPSS
(RHSA-2024:3323) Important: pcp security update
Performance Co-Pilot (PCP) is a suite of tools, services, and libraries for acquisition, archiving, and analysis of system-level performance measurements. Its light-weight distributed architecture makes it particularly well-suited to centralized analysis of complex systems. Security Fix(es): pcp:.....
7.2AI Score
0.0004EPSS
OpenStack Identity Keystone Exposure of Sensitive Information
The catalog url replacement in OpenStack Identity (Keystone) before 2013.2.3 and 2014.1 before 2014.1.2.1 allows remote authenticated users to read sensitive configuration options via a crafted endpoint, as demonstrated by "$(admin_token)" in the publicurl endpoint...
6.5AI Score
0.003EPSS
apache-airflow is vulnerable to Information Disclosure. The vulnerability is found in the config_endpoint.py due to the fact that conf.getboolean("webserver", "expose_config") handles only the boolean cases and does not properly handle the case of non-sensitive-only. This oversight enables an...
4.3CVSS
6.7AI Score
0.0005EPSS
(RHSA-2024:3325) Important: pcp security update
Performance Co-Pilot (PCP) is a suite of tools, services, and libraries for acquisition, archiving, and analysis of system-level performance measurements. Its light-weight distributed architecture makes it particularly well-suited to centralized analysis of complex systems. Security Fix(es): pcp:.....
7.2AI Score
0.0004EPSS
(RHSA-2024:3322) Important: pcp security update
Performance Co-Pilot (PCP) is a suite of tools, services, and libraries for acquisition, archiving, and analysis of system-level performance measurements. Its light-weight distributed architecture makes it particularly well-suited to centralized analysis of complex systems. Security Fix(es): pcp:.....
7.2AI Score
0.0004EPSS
(RHSA-2024:3321) Important: pcp security update
Performance Co-Pilot (PCP) is a suite of tools, services, and libraries for acquisition, archiving, and analysis of system-level performance measurements. Its light-weight distributed architecture makes it particularly well-suited to centralized analysis of complex systems. Security Fix(es): pcp:.....
7.2AI Score
0.0004EPSS
Cross-site request forgery (CSRF) vulnerability in ELECOM wireless LAN routers and wireless LAN repeater allows a remote unauthenticated attacker to hijack the authentication of administrators and to perform unintended operations to the affected product. Note that WMC-X1800GST-B and WSC-X1800GS-B.....
7.1AI Score
0.0004EPSS
Summary IBM® SDK, Java™ Technology Edition is shipped as a component of IBM Tivoli Business Service Manager. Information about security vulnerabilities affecting IBM® SDK, Java™ Technology Edition has been published in a security bulletin. Vulnerability Details Refer to the security bulletin(s)...
5.9CVSS
6.5AI Score
0.001EPSS
Academy LMS < 1.9.26 - Unauthenticated Sensitive Information Exposure
Description The Academy LMS – eLearning and online course solution for WordPress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.9.25. This makes it possible for unauthenticated attackers to extract sensitive user or configuration...
5.3CVSS
6.3AI Score
0.0004EPSS
OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent attacker with an administrative privilege to execute arbitrary OS commands by sending a specially crafted request to the product. Note that WMC-X1800GST-B is also included in e-Mesh Starter Kit...
7.8AI Score
0.0004EPSS
(RHSA-2024:3324) Important: pcp security, bug fix, and enhancement update
Performance Co-Pilot (PCP) is a suite of tools, services, and libraries for acquisition, archiving, and analysis of system-level performance measurements. Its light-weight distributed architecture makes it particularly well-suited to centralized analysis of complex systems. Security Fix(es): pcp:.....
7.2AI Score
0.0004EPSS
NextScripts: Social Networks Auto-Poster < 4.4.4 - Subscriber+ Sensitive Information Exposure
Description The plugin is vulnerable to Sensitive Information Exposure via the 'nxs_getExpSettings' function. This makes it possible for authenticated attackers, with subscriber access and above, to extract sensitive data including social network API keys and...
8.5CVSS
6.5AI Score
0.001EPSS
com.sonymobile.jenkins.plugins.mq, mq-notifier is vulnerable to Information Disclosure. The vulnerability is due to logging potentially sensitive build parameters as part of debug information in build logs by default, which could lead to the unintentional exposure of sensitive...
6.6AI Score
0.0004EPSS
OS command injection vulnerability in WRC-X3200GST3-B v1.25 and earlier, and WRC-G01-W v1.24 and earlier allows a network-adjacent attacker with credentials to execute arbitrary OS commands by sending a specially crafted request to the...
8.1AI Score
0.0004EPSS
Kimai information disclosure vulnerability
A vulnerability was found in Kimai up to 2.15.0 and classified as problematic. Affected by this issue is some unknown functionality of the component Session Handler. The manipulation of the argument PHPSESSIONID leads to information disclosure. The attack may be launched remotely. The complexity...
3.7CVSS
6.4AI Score
0.0004EPSS
Insecure Permissions vulnerability in Guangzhou Yingshi Electronic Technology Co. Ncast Yingshi high-definition intelligent recording and playback system 2007-2017 allows a remote attacker to execute arbitrary code via the /manage/IPSetup.php backend...
7.8AI Score
0.0004EPSS
MinIO Information Disclosure (CVE-2023-28432)
The version of MinIO installed on the remote host is prior to RELEASE.2023-03-20T20-16-18Z. It is, therefore, affected by an information disclosure vulnerability. When deployed in a cluster/in distributed mode MinIO returns all environment variables, including 'MINIO_SECRET_KEY' and...
7.5CVSS
6.8AI Score
0.865EPSS
MSSQL Host Information in NTLM SSP
Nessus can obtain information about the host by examining the NTLM SSP challenge issued during NTLM authentication, over...
0.4AI Score
SEOPress < 7.7 - Information Exposure
Description The SEOPress – On-site SEO plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.6.1. This makes it possible for unauthenticated attackers to extract sensitive user or configuration...
5.3CVSS
6.7AI Score
0.0004EPSS
Insecure Permissions vulnerability in Guangzhou Yingshi Electronic Technology Co. Ncast Yingshi high-definition intelligent recording and playback system 2007-2017 allows a remote attacker to execute arbitrary code via the /manage/IPSetup.php backend...
7.8AI Score
0.0004EPSS
apache-airflow is vulnerable to Information Exposure. The vulnerability is due a flaw in the "configuration" UI page when "non-sensitive-only" was set as webserver.expose_config configuration. An attacker can exploit this vulnerability by sending a specially crafted request to see sensitive...
6.6AI Score
0.0004EPSS
Microsoft Power BI Client JavaScript SDK Information Disclosure Vulnerability
Microsoft Power BI Client JavaScript SDK Information Disclosure...
6.5CVSS
6.2AI Score
0.001EPSS
Dynamics 365 Integration < 1.3.18 - Unauthenticated Sensitive Information Exposure
Description The Dynamics 365 Integration plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.17 through publicly exposed log files. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in....
5.3CVSS
6AI Score
0.0004EPSS
Microsoft Silverlight Information Disclosure Vulnerability (2890788)
This host is missing an important security update according to Microsoft Bulletin...
5.5CVSS
5.4AI Score
0.101EPSS
OpenStack Glance sensitive information disclosure via logs
OpenStack Image Registry and Delivery Service (Glance) 2013.2 through 2013.2.1 and Icehouse before icehouse-2 logs a URL containing the Swift store backend password when authentication fails and WARNING level logging is enabled, which allows local users to obtain sensitive information by reading...
6.7AI Score
0.0004EPSS
Exploit for Improper Access Control in Ruijie Rg-Ew1200G Firmware
Ruijie-RG-EW1200G CVE-2023-4169_CVE-2023-3306_CVE-2023-4415...
9.1AI Score
CVE-2024-4653 BlueNet Technology Clinical Browsing System outIndex.php sql injection
A vulnerability was found in BlueNet Technology Clinical Browsing System 1.2.1 and classified as critical. Affected by this issue is some unknown functionality of the file /xds/outIndex.php. The manipulation of the argument name leads to sql injection. The attack may be launched remotely. The...
6.3CVSS
7AI Score
0.0004EPSS