Page 288 of 10541 results (0.032 seconds)

CVSS: 10.0EPSS: 94%CPEs: 2EXPL: 4

Docker may export sensitive environment variables including ownCloud, DB, redis, SMTP, and S3 credentials, as well as other host information. ownCloud graphapi contains an information disclosure vulnerability that can reveal sensitive data stored in phpinfo() via GetPhpInfo.php, including administrative credentials. • https://github.com/creacitysec/CVE-2023-49103 https://github.com/merlin-ke/OwnCloud-CVE-2023-49103 https://github.com/MixColumns/CVE-2023-49103 https://github.com/d0rb/CVE-2023-49103 https://owncloud.com/security-advisories/disclosure-of-sensitive-credentials-and-configuration-in-containerized-deployments https://owncloud.org/security • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

WordPress UserPro plugin versions 5.1.1 and below suffer from an insecure password reset mechanism, information disclosure, and authentication bypass vulnerabilities. • http://packetstormsecurity.com/files/175871/WordPress-UserPro-5.1.x-Password-Reset-Authentication-Bypass-Escalation.html https://codecanyon.net/item/userpro-user-profiles-with-social-login/5958681 https://www.wordfence.com/threat-intel/vulnerabilities/id/de9be7bc-4f8a-4393-8ebb-1b1f141b7585?source=cve • CWE-620: Unverified Password Change •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2

WordPress UserPro plugin versions 5.1.1 and below suffer from an insecure password reset mechanism, information disclosure, and authentication bypass vulnerabilities. • https://github.com/RxRCoder/CVE-2023-2437 http://packetstormsecurity.com/files/175871/WordPress-UserPro-5.1.x-Password-Reset-Authentication-Bypass-Escalation.html https://codecanyon.net/item/userpro-user-profiles-with-social-login/5958681 https://www.wordfence.com/threat-intel/vulnerabilities/id/b3cf9f38-c20e-40dc-a7a1-65b0c6ba7925?source=cve • CWE-287: Improper Authentication CWE-288: Authentication Bypass Using an Alternate Path or Channel •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

WordPress UserPro plugin versions 5.1.1 and below suffer from an insecure password reset mechanism, information disclosure, and authentication bypass vulnerabilities. • http://packetstormsecurity.com/files/175871/WordPress-UserPro-5.1.x-Password-Reset-Authentication-Bypass-Escalation.html https://codecanyon.net/item/userpro-user-profiles-with-social-login/5958681 https://www.wordfence.com/threat-intel/vulnerabilities/id/e8bed9c0-dae3-405e-a946-5f28a3c30851?source=cve • CWE-266: Incorrect Privilege Assignment •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 2

The Quttera Web Malware Scanner WordPress plugin before 3.4.2.1 doesn't restrict access to detailed scan logs, which allows a malicious actor to discover local paths and portions of the site's code El complemento Quttera Web Malware Scanner de WordPress anterior a 3.4.2.1 no restringe el acceso a registros de escaneo detallados, lo que permite a un actor malintencionado descubrir rutas locales y partes del código del sitio. The Quttera Web Malware Scanner plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.4.1.48 via easy to guess scan log file names. This makes it possible for unauthenticated attackers to extract sensitive data. • https://drive.google.com/file/d/1w83xWsVLS_gCpQy4LDwbjNK9JaB87EEf/view?usp=sharing https://wpscan.com/vulnerability/64f2557f-c5e4-4779-9e28-911dfaf2dda5 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •