Page 15 of 11262 results (0.095 seconds)

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

This could lead to local information disclosure with no additional execution privileges needed. • https://source.android.com/security/bulletin/pixel/2024-10-01 • CWE-863: Incorrect Authorization •

CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0

OvalEdge 5.2.8.0 and earlier is affected by a Sensitive Data Exposure vulnerability via a GET request to /user/getUserWithTeam. ... The information disclosed is associated with all registered user ID numbers. • https://cve.offsecguy.com/ovaledge/vulnerabilities/sensitive-data-exposure#cve-2022-30354 • CWE-732: Incorrect Permission Assignment for Critical Resource •

CVSS: 5.4EPSS: 0%CPEs: -EXPL: 0

OvalEdge 5.2.8.0 and earlier is affected by a Sensitive Data Exposure vulnerability via a GET request to /user/getUserList. ... The information disclosed is associated with the all registered users, including user ID, status, email address, role(s), user type, license type, and personal details such as first name, last name, gender, and user preferences. • https://cve.offsecguy.com/ovaledge/vulnerabilities/sensitive-data-exposure#cve-2022-30359 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: -EXPL: 0

OvalEdge 5.2.8.0 and earlier is affected by a Sensitive Data Exposure vulnerability via a GET request to /user/getUserType. ... The information disclosed is associated with the registered user ID, status, email address, role(s), user type, license type, and personal details such as first name, last name, gender, and user preferences. • https://cve.offsecguy.com/ovaledge/vulnerabilities/sensitive-data-exposure#cve-2022-30361 • CWE-922: Insecure Storage of Sensitive Information

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

path=/var/lib/casaos/1/system.json`, expose sensitive data like installed applications and system information without requiring any authentication or authorization. This sensitive data leak can be exploited by attackers to gain detailed knowledge about the system setup, installed applications, and other critical information. • https://github.com/IceWhaleTech/ZimaOS/security/advisories/GHSA-hg2h-q5h6-r5c4 https://youtu.be/H_WoqzM-9Cc • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •