Page 22 of 12657 results (0.021 seconds)

CVSS: 9.2EPSS: 0%CPEs: 1EXPL: 0

21 Apr 2025 — Local File Inclusion (LFI) vulnerability in a Render function of Formulatrix Rock Maker Web (RMW) allows a remote attacker to obtain sensitive data via arbitrary code execution. A malicious actor could execute malicious scripts to automatically download configuration files in known locations to exfiltrate data including credentials, and with no rate limiting a malicious actor could enumerate the filesystem of the host machine and potentially lead to full host compromise. This issue affects Rock Maker Web: f... • https://www.formulatrix.com/downloads/apps/repository/rockmaker • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

18 Apr 2025 — Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Solid Plugins AnalyticsWP allows Retrieve Embedded Sensitive Data.This issue affects AnalyticsWP: from n/a through 2.1.2. The AnalyticsWP plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.1.2. This makes it possible for unauthenticated attackers to extract sensitive user or configuration data. • https://patchstack.com/database/wordpress/plugin/analyticswp/vulnerability/wordpress-analyticswp-plugin-2-1-2-sensitive-data-exposure-vulnerability? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •

CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0

18 Apr 2025 — An information disclosure vulnerability in the component /socket.io/1/websocket/ of Soundcraft Ui Series Model(s) Ui12 and Ui16 Firmware v1.0.7x and v1.0.5x allows attackers to access Administrator credentials in plaintext. • https://github.com/shiky8/my--cve-vulnerability-research/tree/main/CVE-2025-28235 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 3.1EPSS: 0%CPEs: 1EXPL: 0

17 Apr 2025 — An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Information disclosure. • https://www.dell.com/support/kbdoc/en-in/000300068/dsa-2025-097-security-update-for-dell-objectscale-4-0-multiple-vulnerabilities • CWE-295: Improper Certificate Validation •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

17 Apr 2025 — Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Markus Drubba wpLike2Get allows Retrieve Embedded Sensitive Data. This issue affects wpLike2Get: from n/a through 1.2.9. The wpLike2Get plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2.9. This makes it possible for unauthenticated attackers to extract sensitive user or configuration data. • https://patchstack.com/database/wordpress/plugin/wplike2get/vulnerability/wordpress-wplike2get-plugin-1-2-9-sensitive-data-exposure-vulnerability? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •

CVSS: 9.4EPSS: 0%CPEs: -EXPL: 0

16 Apr 2025 — Out-of-Bounds Read in netfilter/ipset in Linux Kernel ChromeOS [6.1, 5.15, 5.10, 5.4, 4.19] allows a local attacker with low privileges to trigger an out-of-bounds read, potentially leading to information disclosure • https://issues.chromium.org/issues/b/380043638 • CWE-125: Out-of-bounds Read •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0

16 Apr 2025 — (Chromium security severity: High) Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. • https://chromereleases.googleblog.com/2025/04/stable-channel-update-for-desktop_15.html • CWE-416: Use After Free •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0

16 Apr 2025 — (Chromium security severity: Critical) Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. • https://chromereleases.googleblog.com/2025/04/stable-channel-update-for-desktop_15.html • CWE-122: Heap-based Buffer Overflow •

CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0

16 Apr 2025 — IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.12 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. • https://www.ibm.com/support/pages/node/7229903 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

16 Apr 2025 — The Church Admin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.0.9. This makes it possible for unauthenticated attackers to extract sensitive user or configuration data. • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •