Page 35 of 11339 results (0.051 seconds)

CVSS: 8.6EPSS: 0%CPEs: -EXPL: 0

Missing authorization in Power Platform allows an unauthenticated attacker to view sensitive information through a network attack vector. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38190 • CWE-862: Missing Authorization •

CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0

Improper Access Control in Imagine Cup allows an authorized attacker to elevate privileges over a network. Improper access control in Imagine Cup allows an authorized attacker to elevate privileges over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38204 • CWE-284: Improper Access Control •

CVSS: 6.0EPSS: 0%CPEs: 2EXPL: 0

This vulnerability allows local attackers to disclose sensitive information on affected installations of Oracle VirtualBox. • https://www.oracle.com/security-alerts/cpuoct2024.html •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in BogdanFix WP SendFox allows Retrieve Embedded Sensitive Data.This issue affects WP SendFox: from n/a through 1.3.1. The WP SendFox plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.1. • https://patchstack.com/database/vulnerability/wp-sendfox/wordpress-wp-sendfox-plugin-1-3-1-sensitive-data-exposure-vulnerability? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 7.1EPSS: 0%CPEs: -EXPL: 0

PostHog database_schema Server-Side Request Forgery Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PostHog. ... This vulnerability allows remote attackers to disclose sensitive information on affected installations of PostHog. • https://github.com/PostHog/posthog/pull/25388 https://www.zerodayinitiative.com/advisories/ZDI-24-1383 • CWE-918: Server-Side Request Forgery (SSRF) •