Page 286 of 10541 results (0.074 seconds)

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

As such, writing to this directory using APIs that do not explicitly set the file/directory permissions can lead to information disclosure. • http://www.openwall.com/lists/oss-security/2023/11/23/1 https://lists.apache.org/thread/88oc1vqfjtr29cz5xts0v2wm5pmhbm0l • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Bowo Debug Log Manager.This issue affects Debug Log Manager: from n/a through 2.3.0. Exposición de información confidencial a una vulnerabilidad de actor no autorizado en Bowo Debug Log Manager. Este problema afecta a Debug Log Manager: desde n/a hasta 2.3.0. The Debug Log Manager plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the clear_log() function hooked via AJAX in all versions up to, and including, 2.2.1. This makes it possible for attackers, with subscriber-level access and above, to clear the debug logs. • https://patchstack.com/database/vulnerability/debug-log-manager/wordpress-debug-log-manager-plugin-2-2-0-sensitive-data-exposure-via-log-file-vulnerability? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-862: Missing Authorization •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in HM Plugin WordPress Job Board and Recruitment Plugin – JobWP.This issue affects WordPress Job Board and Recruitment Plugin – JobWP: from n/a through 2.1. Vulnerabilidad de exposición de información confidencial a un actor no autorizado en HM Plugin WordPress Job Board and Recruitment Plugin – JobWP. Este problema afecta a WordPress Job Board and Recruitment Plugin – JobWP: desde n/a hasta 2.1. The WordPress Job Board and Recruitment Plugin – JobWP plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.1. This makes it possible for unauthenticated attackers to extract sensitive user data via resumes. • https://patchstack.com/database/vulnerability/jobwp/wordpress-jobwp-plugin-2-1-sensitive-data-exposure-on-resume-files-vulnerability? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 6.2EPSS: 0%CPEs: 2EXPL: 0

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.8 and 6.1.0.0 through 6.1.2.1 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 247034. IBM Sterling B2B Integrator Standard Edition 6.0.0.0 a 6.0.3.8 y 6.1.0.0 a 6.1.2.1 almacena información potencialmente confidencial en archivos de registro que un usuario local podría leer. ID de IBM X-Force: 247034. • https://exchange.xforce.ibmcloud.com/vulnerabilities/247034 https://www.ibm.com/support/pages/node/7080172 • CWE-532: Insertion of Sensitive Information into Log File •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

Information leak in Content-Security-Policy header in Devolutions Server 2023.3.7.0 allows an unauthenticated attacker to list the configured Devolutions Gateways endpoints. • https://devolutions.net/security/advisories/DEVO-2023-0020 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •