Clorius Controls ISC SCADA Information Disclosure
Nessus was able to obtain the contents of '/html/info.htm' on the remote Clorius Contols ISC SCADA device. This page may contain sensitive information such as the firmware version of the device, internal IP address, and MAC...
2AI Score
Exploit for Improper Access Control in Ruijie Rg-Ew1200G Firmware
Ruijie-RG-EW1200G CVE-2023-4169_CVE-2023-3306_CVE-2023-4415...
9.1AI Score
CVE-2024-4653 BlueNet Technology Clinical Browsing System outIndex.php sql injection
A vulnerability was found in BlueNet Technology Clinical Browsing System 1.2.1 and classified as critical. Affected by this issue is some unknown functionality of the file /xds/outIndex.php. The manipulation of the argument name leads to sql injection. The attack may be launched remotely. The...
6.3CVSS
7AI Score
0.0004EPSS
(RHSA-2024:3264) Important: pcp security update
Performance Co-Pilot (PCP) is a suite of tools, services, and libraries for acquisition, archiving, and analysis of system-level performance measurements. Its light-weight distributed architecture makes it particularly well-suited to centralized analysis of complex systems. Security Fix(es): pcp:.....
7.6AI Score
0.0004EPSS
Google Sheets data source plugin for Grafana information disclosure vulnerability
Grafana is an open-source platform for monitoring and observability. The Google Sheets data source plugin for Grafana, versions 0.9.0 to 1.2.2 are vulnerable to an information disclosure vulnerability. The plugin did not properly sanitize error messages, making it potentially expose the Google...
7.5CVSS
6.7AI Score
0.001EPSS
Cross-site request forgery (CSRF) vulnerability in ELECOM wireless LAN routers and wireless LAN repeater allows a remote unauthenticated attacker to hijack the authentication of administrators and to perform unintended operations to the affected product. Note that WMC-X1800GST-B and WSC-X1800GS-B.....
7.1AI Score
0.0004EPSS
CVE-2024-4654 BlueNet Technology Clinical Browsing System cloudInterface.php sql injection
A vulnerability was found in BlueNet Technology Clinical Browsing System 1.2.1. It has been classified as critical. This affects an unknown part of the file /xds/cloudInterface.php. The manipulation of the argument INSTI_CODE leads to sql injection. It is possible to initiate the attack remotely......
6.3CVSS
7AI Score
0.0004EPSS
The Intel Converged Security Management Engine (CSME) on the remote host is affected by multiple vulnerabilities in the Active Management Technology (AMT) feature, including the following: Out-of-bounds write in IPv6 subsystem for Intel(R) AMT, Intel(R) ISM versions before 11.8.80, 11.12.80, ...
9.8CVSS
3.4AI Score
0.003EPSS
Moodle LaTeX Information Disclosure
The TeX filter included with the installed version of Moodle can be exploited to reveal the contents of files on the remote host, subject to the privileges under which the web server...
7.6AI Score
0.022EPSS
The Intel Converged Security Management Engine (CSME) on the remote host is affected by multiple vulnerabilities in the Active Management Technology (AMT) feature. Note that due to the low-level implementation of Intel ME, Nessus may not be able to identify its version on the remote host at this...
1.6AI Score
CVE-2024-4653 BlueNet Technology Clinical Browsing System outIndex.php sql injection
A vulnerability was found in BlueNet Technology Clinical Browsing System 1.2.1 and classified as critical. Affected by this issue is some unknown functionality of the file /xds/outIndex.php. The manipulation of the argument name leads to sql injection. The attack may be launched remotely. The...
6.3CVSS
7.3AI Score
0.0004EPSS
CVE-2023-38264 IBM SDK, Java Technology Edition denial of service
The IBM SDK, Java Technology Edition's Object Request Broker (ORB) 7.1.0.0 through 7.1.5.21 and 8.0.0.0 through 8.0.8.21 is vulnerable to a denial of service attack in some circumstances due to improper enforcement of the JEP 290 MaxRef and MaxDepth deserialization filters. IBM X-Force ID: ...
5.9CVSS
5.7AI Score
0.0004EPSS
OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent attacker with an administrative privilege to execute arbitrary OS commands by sending a specially crafted request to the product. Note that WMC-X1800GST-B is also included in e-Mesh Starter Kit...
7.8AI Score
0.0004EPSS
Cilem Haber Information Disclosure Vulnerability
Cilem Haber is prone to an information disclosure...
6.9AI Score
Database Open Access Information Disclosure Vulnerability
Various Database server might be prone to an information disclosure vulnerability if accessible to remote...
7.3AI Score
Google Sheets data source plugin for Grafana information disclosure vulnerability
Grafana is an open-source platform for monitoring and observability. The Google Sheets data source plugin for Grafana, versions 0.9.0 to 1.2.2 are vulnerable to an information disclosure vulnerability. The plugin did not properly sanitize error messages, making it potentially expose the Google...
7.5CVSS
6.4AI Score
0.001EPSS
The Intel Converged Security Management Engine (CSME) on the remote host is affected by multiple vulnerabilities in the Active Management Technology (AMT) feature. Note that due to the low-level implementation of Intel ME, Nessus may not be able to identify its version on the remote host at this...
1.6AI Score
CVE-2023-38264 IBM SDK, Java Technology Edition denial of service
The IBM SDK, Java Technology Edition's Object Request Broker (ORB) 7.1.0.0 through 7.1.5.21 and 8.0.0.0 through 8.0.8.21 is vulnerable to a denial of service attack in some circumstances due to improper enforcement of the JEP 290 MaxRef and MaxDepth deserialization filters. IBM X-Force ID: ...
5.9CVSS
6.3AI Score
0.0004EPSS
Cross-site scripting vulnerability in EC-CUBE EC-CUBE 3.0.0 to 3.0.18-p2 (EC-CUBE 3 series) and EC-CUBE 4.0.0 to 4.0.5-p1 (EC-CUBE 4 series) allows a remote attacker to inject an arbitrary script by leading an administrator or a user to a specially crafted page and to perform a specific...
6.1CVSS
6.6AI Score
0.002EPSS
OS command injection vulnerability in WRC-X5400GS-B v1.0.10 and earlier, and WRC-X5400GSA-B v1.0.10 and earlier allows a network-adjacent attacker with an administrative privilege to execute arbitrary OS commands by sending a specially crafted request to the...
7.9AI Score
0.0004EPSS
Exploit for Improper Authentication in Ruijienetworks Rg-Ew1200G Firmware
Ruijie-RG-EW1200G CVE-2023-4169_CVE-2023-3306_CVE-2023-4415...
8.8CVSS
8.9AI Score
0.005EPSS
FreePBX gen_amp_conf.php Information Disclosure
By requesting the 'admin/modules/framework/bin/gen_amp_conf.php' script directly, an unauthenticated, remote attacker can discover all the configuration parameters, including the admin password, for the FreePBX installed on the remote host, thereby gaining administrative access to...
7.5AI Score
Summary IBM Business Automation Workflow Web Process Designer is vulnerable to information disclosure attacks. Vulnerability Details ** CVEID: CVE-2024-28849 DESCRIPTION: **Node.js follow-redirects module could allow a remote authenticated attacker to obtain sensitive information, caused by the...
6.5CVSS
6AI Score
0.0004EPSS
ELECOM wireless LAN routers contain a cross-site scripting vulnerability. Assume that a malicious administrative user configures the affected product with specially crafted content. When another administrative user logs in and operates the product, an arbitrary script may be executed on the web...
6.1AI Score
0.0004EPSS
Joomla! < 1.0.8 Information Disclosure
The version of Joomla! installed on the remote web server is affected by an information disclosure vulnerability. An unauthenticated, remote attacker can exploit this, via a specially crafted request, to disclose the full path information from the Joomla! installation. Note that the application is....
7.8AI Score
0.01EPSS
Exploit for Improper Authentication in Ruijienetworks Rg-Ew1200G Firmware
Ruijie-RG-EW1200G CVE-2023-4169_CVE-2023-3306_CVE-2023-4415...
8.8CVSS
8.9AI Score
0.005EPSS
A Fault Injection vulnerability in the SymmetricDecrypt function in cryptopp/elgamal.h of Cryptopp Crypto++ 8.9, allows an attacker to co-reside in the same system with a victim process to disclose information and escalate...
7.4AI Score
EPSS
An issue was discovered in Joomla! 4.0.0 through 4.2.3. Sites with publicly enabled debug mode exposed data of previous...
5.3CVSS
6.8AI Score
0.001EPSS
Information Disclosure org.eclipse.jetty:jetty-util Dependency in Crowd Data Center and Server
This High severity org.eclipse.jetty:jetty-util Dependency vulnerability was introduced in versions 5.0.0, 5.1.0, and 5.2.0 of Crowd Data Center and Server. This org.eclipse.jetty:jetty-util Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...
7.5CVSS
7.2AI Score
0.003EPSS
Django Information leakage in AuthenticationForm
django.contrib.auth.forms.AuthenticationForm in Django 2.0 before 2.0.2, and 1.11.8 and 1.11.9, allows remote attackers to obtain potentially sensitive information by leveraging data exposure from the confirm_login_allowed() method, as demonstrated by discovering whether a user account is...
7.5CVSS
7.1AI Score
0.002EPSS
CVE-2024-35155 IBM MQ information disclosure
IBM MQ Console 9.3 LTS and 9.3 CD could disclose could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: ...
6.5CVSS
0.0004EPSS
MoinMoin Insertion of Sensitive Information into Log File
An information leak was discovered in MoinMoin's debug reporting version 1.5.7, which could expose information about the versions of software running on the host system. MoinMoin administrators can add "show_traceback=0" to their site configurations to disable debug...
6.6AI Score
0.019EPSS
Slideshow Gallery <= 1.8 - Unauthenticated Sensitive Information Exposure
Description The plugin is vulnerable to Sensitive Information Exposure, allowing unauthenticated attackers to extract sensitive user or configuration...
5.3CVSS
6.3AI Score
0.0005EPSS
OpenStack Keystone Sensitive information disclosure via log files
OpenStack Identity (Keystone) Grizzly 2013.1.1, when DEBUG mode logging is enabled, logs the (1) admin_token and (2) LDAP password in plaintext, which allows local users to obtain sensitive by reading the log...
6.7AI Score
0.0004EPSS
Moxa AWK Series asqc.asp Information Disclosure Vulnerability
Moxa AWK series wireless access points are prone to an information disclosure...
5.3CVSS
5.2AI Score
0.001EPSS
OpenStack Keystone allows information disclosure during account locking
OpenStack Keystone 10.x through 16.x before 16.0.2, 17.x before 17.0.1, 18.x before 18.0.1, and 19.x before 19.0.1 allows information disclosure during account locking (related to PCI DSS features). By guessing the name of an account and failing to authenticate multiple times, any unauthenticated.....
7.5CVSS
6.8AI Score
0.002EPSS
CVE-2024-35156 IBM MQ information disclosure
IBM MQ 9.3 LTS and 9.3 CD could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: ...
6.5CVSS
0.0004EPSS
Easy Digital Downloads < 3.2.12 - Unauthenticated Sensitive Information Exposure
Description The Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.2.11. This makes it possible for unauthenticated attackers to extract...
5.3CVSS
6.9AI Score
0.0004EPSS
CVE-2023-50937 IBM PowerSC information disclosure
IBM PowerSC 1.3, 2.0, and 2.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: ...
5.9CVSS
7.3AI Score
0.001EPSS
CVE-2024-4220 Information Disclosure in BeyondInsight
Prior to 23.1, an information disclosure vulnerability exists within BeyondInsight which can allow an attacker to enumerate...
4.3CVSS
4.3AI Score
0.0005EPSS
A Fault Injection vulnerability in the SymmetricDecrypt function in cryptopp/elgamal.h of Cryptopp Crypto++ 8.9, allows an attacker to co-reside in the same system with a victim process to disclose information and escalate...
7.6AI Score
EPSS
Summary IBM Maximo Manage application in IBM Maximo Application Suite is vulnerable to sensitive information disclosure. Vulnerability Details ** CVEID: CVE-2024-22333 DESCRIPTION: **IBM Maximo Asset Management allows web pages to be stored locally which can be read by another user on the system......
4CVSS
6.1AI Score
0.0004EPSS
CVE-2024-4220 Information Disclosure in BeyondInsight
Prior to 23.1, an information disclosure vulnerability exists within BeyondInsight which can allow an attacker to enumerate...
4.3CVSS
6.4AI Score
0.0005EPSS
Out-of-bounds read vulnerability caused by improper checking of the option length values in IPv6 NDP packets exists in Cente middleware TCP/IP Network Series, which may allow an unauthenticated attacker to stop the device operations by sending a specially crafted...
6.7AI Score
0.0004EPSS
OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent unauthenticated attacker to execute arbitrary OS commands by sending a specially crafted request to the product. Affected products and versions are as follows: WRC-X3200GST3-B v1.25 and earlier, WRC-G01-W...
8AI Score
0.0004EPSS
CVE-2023-50937 IBM PowerSC information disclosure
IBM PowerSC 1.3, 2.0, and 2.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: ...
5.9CVSS
7.2AI Score
0.001EPSS
CVE-2023-50939 IBM PowerSC information Disclosure
IBM PowerSC 1.3, 2.0, and 2.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: ...
5.9CVSS
7.2AI Score
0.001EPSS
CVE-2024-31916 IBM OpenBMC information disclosure
IBM OpenBMC FW1050.00 through FW1050.10 BMCWeb HTTPS server component could disclose sensitive URI content to an unauthorized actor that bypasses authentication channels. IBM X-ForceID: ...
7.5CVSS
0.0004EPSS
Summary DB2 JDBC driver is shipped with IBM Tivoli Netcool Impact as part of the db2 data source adapter. Information about security vulnerabilities affecting DB2 JDBC driver has been published in a security bulletin. Vulnerability Details ** CVEID: CVE-2023-47152 DESCRIPTION: **IBM Db2 for...
7.5CVSS
6.2AI Score
0.001EPSS
VMware Harbor Information Disclosure (CVE-2020-29662)
An information disclosure vulnerability exists in Harbor. In Harbor 2.0 before 2.0.5 and 2.1.x before 2.1.2 the catalog's registry API is exposed on an unauthenticated...
5.3CVSS
0.9AI Score
0.001EPSS