Page 289 of 10541 results (0.093 seconds)

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

The UserPro plugin for WordPress is vulnerable to sensitive information disclosure via the 'userpro' shortcode in versions up to, and including 5.1.1. ... WordPress UserPro plugin versions 5.1.1 and below suffer from an insecure password reset mechanism, information disclosure, and authentication bypass vulnerabilities. • http://packetstormsecurity.com/files/175871/WordPress-UserPro-5.1.x-Password-Reset-Authentication-Bypass-Escalation.html https://codecanyon.net/item/userpro-user-profiles-with-social-login/5958681 https://www.wordfence.com/threat-intel/vulnerabilities/id/4072ba5f-6385-4fa3-85b6-89dac7b60a92?source=cve • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0

PowerShell Information Disclosure Vulnerability Vulnerabilidad de divulgación de información de PowerShell • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36013 • CWE-668: Exposure of Resource to Wrong Sphere CWE-798: Use of Hard-coded Credentials •

CVSS: 6.2EPSS: 0%CPEs: 1EXPL: 0

in OpenHarmony v3.2.2 and prior versions allow a local attacker causes system information leak through type confusion. • https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2023/2023-12.md • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0

IBM CICS TX Advanced 10.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 260770. IBM CICS TX Advanced 10.1 utiliza algoritmos criptográficos más débiles de lo esperado que podrían permitir a un atacante descifrar información altamente confidencial. ID de IBM X-Force: 260770. • https://exchange.xforce.ibmcloud.com/vulnerabilities/260770 https://www.ibm.com/support/pages/node/7066431 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •

CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 1

Remote authenticated users can retrieve the serial number via cgi/json-req - this is an information leak because the serial number is intended to prove an actor's physical access to the device. • https://0xem.ma/posts/HH3K-CVE https://support.bell.ca/Internet/Connection-help/Access_control_in_the_Home_Hub_modems • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •