Page 119 of 10852 results (0.074 seconds)

CVSS: 6.2EPSS: 0%CPEs: 1EXPL: 0

IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could disclose sensitive information to a local user to do improper permission controls. • https://exchange.xforce.ibmcloud.com/vulnerabilities/261195 https://www.ibm.com/support/pages/node/7158790 • CWE-276: Incorrect Default Permissions CWE-863: Incorrect Authorization •

CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0

IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. • https://exchange.xforce.ibmcloud.com/vulnerabilities/261198 https://www.ibm.com/support/pages/node/7158790 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

IBM OpenBMC FW1050.00 through FW1050.10 BMCWeb HTTPS server component could disclose sensitive URI content to an unauthorized actor that bypasses authentication channels. IBM X-ForceID: 290026. • https://exchange.xforce.ibmcloud.com/vulnerabilities/290026 https://www.ibm.com/support/pages/node/7158679 • CWE-288: Authentication Bypass Using an Alternate Path or Channel •

CVSS: 6.2EPSS: 0%CPEs: 1EXPL: 0

IBM Security Verify Access 10.0.0 through 10.0.7.1 could allow a local user to obtain sensitive information from trace logs. • https://exchange.xforce.ibmcloud.com/vulnerabilities/252183 https://www.ibm.com/support/pages/node/7158789 • CWE-532: Insertion of Sensitive Information into Log File •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

Insertion of Sensitive Information into Log File vulnerability in TrustedLogin TrustedLogin Vendor.This issue affects TrustedLogin Vendor: from n/a before 1.1.1. ... The TrustedLogin Vendor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions prior to 1.1.1 (exclusive). • https://patchstack.com/database/vulnerability/vendor/wordpress-trustedlogin-vendor-plugin-1-1-1-sensitive-data-exposure-vulnerability? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-532: Insertion of Sensitive Information into Log File •