CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-41740 – Synology RT6600ax uistrings.cgi Path Traversal Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-41740
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in cgi component in Synology Router Manager (SRM) before 1.3.1-9346-6 allows remote attackers to read specific files via unspecified vectors. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Synology RT6600ax routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the uistrings.cgi file. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose information in the context of the current process. • https://www.synology.com/en-global/security/advisory/Synology_SA_23_10 •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2023-39912 – ManageEngine ADManager Plus download Directory Traversal Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-39912
Zoho ManageEngine ADManager Plus before 7203 allows Help Desk Technician users to read arbitrary files on the machine where this product is installed. This vulnerability allows remote attackers to disclose sensitive information on affected installations of ManageEngine ADManager Plus. Authentication is required to exploit this vulnerability. The specific flaw exists within the download method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose information in the context of the service account. • https://manageengine.com https://www.manageengine.com/products/ad-manager/admanager-kb/cve-2023-39912.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.3EPSS: 0%CPEs: 2EXPL: 0CVE-2023-41039 – Sandbox escape via various forms of "format" in RestrictedPython
https://notcve.org/view.php?id=CVE-2023-41039
This can lead to critical information disclosure. • https://github.com/zopefoundation/RestrictedPython/commit/4134aedcff17c977da7717693ed89ce56d54c120 https://github.com/zopefoundation/RestrictedPython/security/advisories/GHSA-xjw2-6jm9-rf67 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-0689 – Metform Elementor Contact Form Builder <= 3.3.1 - Authenticated (Subscriber+) Information Disclosure via 'mf_first_name' shortcode
https://notcve.org/view.php?id=CVE-2023-0689
The Metform Elementor Contact Form Builder for WordPress is vulnerable to Information Disclosure via the 'mf_first_name' shortcode in versions up to, and including, 3.3.1. • https://plugins.trac.wordpress.org/browser/metform/trunk/base/shortcode.php?rev=2845078 https://plugins.trac.wordpress.org/changeset/2910040 https://www.wordfence.com/threat-intel/vulnerabilities/id/356cf06e-16e7-438b-83b5-c8a52a21f903?source=cve • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-40004 – Unauth. Access Token Manipulation vulnerability in multiple ServMask WordPress plugins
https://notcve.org/view.php?id=CVE-2023-40004
Multiple ServMask Plugins for WordPress are vulnerable to unauthorized modification of data due to a missing capability check on the init() function hooked via admin_init in various versions. This makes it possible for unauthenticated attackers to modify the access token which could result in sensitive information disclosure or unauthorized back-up restoration. • _s_id=cve https://patchstack.com/database/vulnerability/all-in-one-wp-migration-box-extension/wordpress-all-in-one-wp-migration-box-extension-plugin-1-53-unauthenticated-access-token-manipulation-vulnerability?_s_id=cve https://patchstack.com/database/vulnerability/all-in-one-wp-migration-dropbox-extension/wordpress-all-in-one-wp-migration-dropbox-extension-plugin-3-75-unauthenticated-access-token-manipulation-vulnerability?_s_id=cve https://patchstack.com/database/vulnerability/all-in-one-wp-migration-gdrive-extensi • CWE-862: Missing Authorization •