Page 29 of 11331 results (0.154 seconds)

CVSS: 4.3EPSS: 0%CPEs: -EXPL: 0

OvalEdge 5.2.8.0 and earlier is affected by a Sensitive Data Exposure vulnerability via a GET request to /user/getUserType. ... The information disclosed is associated with the registered user ID, status, email address, role(s), user type, license type, and personal details such as first name, last name, gender, and user preferences. • https://cve.offsecguy.com/ovaledge/vulnerabilities/sensitive-data-exposure#cve-2022-30361 • CWE-922: Insecure Storage of Sensitive Information

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

path=/var/lib/casaos/1/system.json`, expose sensitive data like installed applications and system information without requiring any authentication or authorization. This sensitive data leak can be exploited by attackers to gain detailed knowledge about the system setup, installed applications, and other critical information. • https://github.com/IceWhaleTech/ZimaOS/security/advisories/GHSA-hg2h-q5h6-r5c4 https://youtu.be/H_WoqzM-9Cc • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 5.9EPSS: 0%CPEs: -EXPL: 0

IBM Maximo Application Suite - Monitor Component 8.10, 8.11, and 9.0 could disclose information in the form of the hard-coded cryptographic key to an attacker that has compromised environment. • https://www.ibm.com/support/pages/node/7173988 • CWE-321: Use of Hard-coded Cryptographic Key •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Information Disclosure in all versions up to, and including, 1.6.43 via the hfe_template shortcode. • https://plugins.trac.wordpress.org/browser/header-footer-elementor/tags/1.6.43/inc/class-header-footer-elementor.php#L634 https://plugins.trac.wordpress.org/changeset/3173344/header-footer-elementor/trunk/inc/class-header-footer-elementor.php?contextall=1 https://www.wordfence.com/threat-intel/vulnerabilities/id/662f6ae2-2047-4bbf-b4a6-2d536051e389?source=cve • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 6.9EPSS: 0%CPEs: -EXPL: 1

The manipulation leads to information disclosure. ... Durch die Manipulation mit unbekannten Daten kann eine information disclosure-Schwachstelle ausgenutzt werden. • https://github.com/LvZCh/zzcms2023/issues/1 https://vuldb.com/?ctiid.281559 https://vuldb.com/?id.281559 https://vuldb.com/?submit.427069 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •