Page 395 of 10738 results (0.092 seconds)

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Smackcoders Export All Posts, Products, Orders, Refunds & Users.This issue affects Export All Posts, Products, Orders, Refunds & Users: from n/a through 2.4.1. Exposición de información confidencial a una vulnerabilidad de actor no autorizado en Smackcoders Export All Posts, Products, Orders, Refunds & Users. Este problema afecta a Export All Posts, Products, Orders, Refunds & Users: desde n/a hasta 2.4.1. The WP Ultimate Exporter plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 2.4.1 due to insufficient protection on the directory in which exported files are stored in. This can allow unauthenticated attackers to extract sensitive data from accessible log files which can contain information from posts, pages, users, comments, and more. • https://patchstack.com/database/vulnerability/wp-ultimate-exporter/wordpress-export-all-posts-products-orders-refunds-users-plugin-2-2-sensitive-data-exposure-vulnerability? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 4.4EPSS: 0%CPEs: 16EXPL: 0

In display, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. • https://corp.mediatek.com/product-security-bulletin/October-2023 •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in ProfilePress Membership Team Paid Membership Plugin, Ecommerce, Registration Form, Login Form, User Profile & Restrict Content – ProfilePress.This issue affects Paid Membership Plugin, Ecommerce, Registration Form, Login Form, User Profile & Restrict Content – ProfilePress: from n/a through 4.13.2. Exposición de información confidencial a una vulnerabilidad de actor no autorizado en el complemento de membresía paga del equipo de membresía de ProfilePress, comercio electrónico, formulario de registro, formulario de inicio de sesión, perfil de usuario y contenido restringido: ProfilePress. Este problema afecta el complemento de membresía paga, el comercio electrónico, el formulario de registro, el formulario de inicio de sesión y el perfil de usuario. & Restringir contenido – ProfilePress: desde n/a hasta 4.13.2. The ProfilePress plugin for WordPress is vulnerable to Information Exposure in versions up to, and including, 4.13.2 via the unprotected access of debug logs. • https://patchstack.com/database/vulnerability/wp-user-avatar/wordpress-profilepress-plugin-4-13-2-sensitive-data-exposure-via-debug-log-vulnerability? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 5.7EPSS: 0%CPEs: 6EXPL: 1

An information disclosure issue in GitLab CE/EE affecting all versions starting from 13.11 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1 allows an attacker to extract non-protected CI/CD variables by tricking a user to visit a fork with a malicious CI/CD configuration. • https://gitlab.com/gitlab-org/gitlab/-/issues/417275 https://hackerone.com/reports/1875515 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-282: Improper Ownership Management •

CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0

PDF-XChange Editor EMF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. • https://www.tracker-software.com/support/security-bulletins.html https://www.zerodayinitiative.com/advisories/ZDI-23-1480 • CWE-125: Out-of-bounds Read •