Page 4 of 12962 results (0.005 seconds)

CVSS: 3.5EPSS: 0%CPEs: 1EXPL: 0

11 Jul 2025 — A flaw was found in Ansible. Three API endpoints are accessible and return verbose, unauthenticated responses. This flaw allows a malicious user to access data that may contain important information. • https://access.redhat.com/security/cve/CVE-2025-53862 • CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •

CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0

10 Jul 2025 — This can result in information disclosure, including sensitive database credentials. • https://www.advantech.com/en/support/details/firmware-?id=1-HIPU-183 • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •

CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0

10 Jul 2025 — This can result in information disclosure, including sensitive database credentials. • https://www.advantech.com/en/support/details/firmware-?id=1-HIPU-183 • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •

CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 0

10 Jul 2025 — This vulnerability can be exploited by an authenticated attacker with at least user-level privileges, potentially leading to information disclosure or a denial-of-service condition. • https://www.advantech.com/en/support/details/firmware-?id=1-HIPU-183 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0

10 Jul 2025 — By manipulating certain input parameters, an attacker could execute unauthorized scripts in the user's browser, potentially leading to information disclosure or other malicious activities. • https://www.advantech.com/en/support/details/firmware-?id=1-HIPU-183 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0

10 Jul 2025 — By manipulating specific parameters, an attacker could execute unauthorized scripts in the user's browser, potentially leading to information disclosure or other malicious activities. • https://www.advantech.com/en/support/details/firmware-?id=1-HIPU-183 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0

10 Jul 2025 — By exploiting this flaw, an attacker could execute unauthorized scripts in the user's browser, potentially leading to information disclosure or other malicious activities. • https://www.advantech.com/en/support/details/firmware-?id=1-HIPU-183 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.4EPSS: 0%CPEs: 1EXPL: 0

10 Jul 2025 — Improper certificate validation in Zoom Workplace for Linux before version 6.4.13 may allow an unauthorized user to conduct an information disclosure via network access. • https://https://www.zoom.com/en/trust/security-bulletin/zsb-25023 • CWE-295: Improper Certificate Validation •

CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0

10 Jul 2025 — IBM Analytics Content Hub 2.0, 2.1, 2.2, and 2.3 is vulnerable to information exposure and further attacks due to an exposed JavaScript source map which could assist an attacker to read and debug JavaScript used in the application's API. • https://www.ibm.com/support/pages/node/7234122 • CWE-540: Inclusion of Sensitive Information in Source Code •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

10 Jul 2025 — IBM Analytics Content Hub 2.0, 2.1, 2.2, and 2.3 could allow a remote attacker to obtain information about the application framework which could be used in reconnaissance to gather information for future attacks from a detailed technical error message. • https://www.ibm.com/support/pages/node/7234122 • CWE-209: Generation of Error Message Containing Sensitive Information •