Page 13 of 10590 results (0.090 seconds)

CVSS: 4.7EPSS: 0%CPEs: 1EXPL: 0

In SAP NetWeaver Java (Software Update Manager 1.1), under certain conditions when a software upgrade encounters errors, credentials are written in plaintext to a log file. An attacker with local access to the server, authenticated as a non-administrative user, can acquire the credentials from the logs. This leads to a high impact on confidentiality, with no impact on integrity or availability. • https://me.sap.com/notes/3522953 https://url.sap/sapsecuritypatchday • CWE-522: Insufficiently Protected Credentials •

CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0

Sensitive information disclosure during file browsing due to improper soft link handling. ... Sensitive information disclosure during file browsing due to improper symbolic link handling. • https://security-advisory.acronis.com/advisories/SEC-7601 • CWE-61: UNIX Symbolic Link (Symlink) Following •

CVSS: 6.1EPSS: 0%CPEs: -EXPL: 0

Exploitation could lead to session hijacking, data leakage, and further exploitation via a multi-stage attack. • https://www.axigen.com/knowledgebase/Axigen-WebMail-Persistent-and-Reflected-XSS-Vulnerabilities-CVE-2024-50601-_403.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 3.1EPSS: 0%CPEs: 1EXPL: 0

A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure. • https://www.dell.com/support/kbdoc/en-us/000245360/dsa-2024-424-security-update-for-dell-pdsa-2024-424-security-update-for-dell-powerprotect-dd-vulnerabilityowerprotect-dd-vulnerability • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

The CE21 Suite plugin for WordPress is vulnerable to sensitive information disclosure via the plugin-log.txt in versions up to, and including, 2.2.0. • https://plugins.trac.wordpress.org/browser/ce21-suite/trunk/single-sign-on-ce21.php?rev=3097700#L237 https://plugins.trac.wordpress.org/browser/ce21-suite/trunk/single-sign-on-ce21.php?rev=3097700#L281 https://www.wordfence.com/threat-intel/vulnerabilities/id/618a9ad7-3a13-43e6-84f4-35287f07e1c0?source=cve • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •