Page 111 of 10852 results (0.038 seconds)

CVSS: 5.0EPSS: 0%CPEs: 7EXPL: 0

On successful exploitation this can result in information disclosure. • https://me.sap.com/notes/3467377 https://url.sap/sapsecuritypatchday • CWE-918: Server-Side Request Forgery (SSRF) •

CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 0

SAP Landscape Management allows an authenticated user to read confidential data disclosed by the REST Provider Definition response. Successful exploitation can cause high impact on confidentiality of the managed entities. SAP Landscape Management permite a un usuario autenticado leer datos confidenciales revelados por la respuesta de Provider Definition REST. La explotación exitosa puede causar un gran impacto en la confidencialidad de las entidades gestionadas. • https://me.sap.com/notes/3466801 https://url.sap/sapsecuritypatchday • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 8.1EPSS: 0%CPEs: -EXPL: 0

A CORS misconfiguration in the stitionai/devika repository allows attackers to steal sensitive information such as logs, browser sessions, and settings containing private API keys from other services. • https://github.com/stitionai/devika/commit/6acce21fb08c3d1123ef05df6a33912bf0ee77c2 https://huntr.com/bounties/7ffeb896-27c8-429d-b241-4f7d6dda0afd • CWE-346: Origin Validation Error •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

Exposure of Sensitive Information to an Unauthorized Actor, Missing Authorization vulnerability in ThemeSphere SmartMag allows Excavation, Accessing Functionality Not Properly Constrained by ACLs.This issue affects SmartMag: from n/a through 9.3.0. The SmartMag theme for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 9.3.0 through publicly exposed log files. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in the exposed log files. • https://patchstack.com/database/vulnerability/smartmag-responsive-retina-wordpress-magazine/wordpress-smartmag-theme-9-3-0-sensitive-data-exposure-via-log-file-vulnerability? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-532: Insertion of Sensitive Information into Log File CWE-862: Missing Authorization •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

This makes it possible for unauthenticated attackers to view sensitive information. • https://patchstack.com/database/vulnerability/woocommerce-openpos/wordpress-woocommerce-openpos-plugin-6-4-4-unauthenticated-sensitive-data-exposure-vulnerability? • CWE-862: Missing Authorization •