Page 125 of 10816 results (0.123 seconds)

CVSS: 4.7EPSS: 0%CPEs: -EXPL: 0

A sensitive data leakage vulnerability was identified in scikit-learn's TfidfVectorizer, specifically in versions up to and including 1.4.1.post1, which was fixed in version 1.5.0. ... This behavior leads to the potential leakage of sensitive information, as the `stop_words_` attribute could contain tokens that were meant to be discarded and not stored, such as passwords or keys. • https://github.com/scikit-learn/scikit-learn/commit/70ca21f106b603b611da73012c9ade7cd8e438b8 https://huntr.com/bounties/14bc0917-a85b-4106-a170-d09d5191517c • CWE-921: Storage of Sensitive Data in a Mechanism without Access Control •

CVSS: 9.4EPSS: 0%CPEs: -EXPL: 0

Successful exploitation could lead to sensitive information disclosure, unauthorized file uploads, and potentially remote code execution by overwriting critical configuration files. • https://github.com/parisneo/lollms-webui/commit/aeba79f3ea934331b8ecd625a58bae6e4f7e7d3f https://huntr.com/bounties/39e17897-0e92-4473-91c7-f728322191aa • CWE-29: Path Traversal: '\..\filename' •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Podlove Podlove Web Player.This issue affects Podlove Web Player: from n/a through 5.7.3. ... This makes it possible for unauthenticated attackers to view information they should not have access to. • https://patchstack.com/database/vulnerability/podlove-web-player/wordpress-podlove-web-player-plugin-5-7-3-sensitive-data-exposure-vulnerability? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-862: Missing Authorization •

CVSS: 4.7EPSS: 0%CPEs: 2EXPL: 0

A security agent link following vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to disclose sensitive information about the agent on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. ... This vulnerability allows local attackers to disclose sensitive information on affected installations of Trend Micro Apex One Security Agent. ... An attacker can leverage this vulnerability to disclose information in the context of SYSTEM. • https://success.trendmicro.com/dcx/s/solution/000298063 https://www.zerodayinitiative.com/advisories/ZDI-24-573 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Themeisle Otter Blocks PRO.This issue affects Otter Blocks PRO: from n/a through 2.6.11. ... The Otter Blocks PRO – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.11. • https://patchstack.com/database/vulnerability/otter-pro/wordpress-otter-blocks-pro-plugin-2-6-11-authenticated-sensitive-data-exposure-vulnerability? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •