Page 47 of 10653 results (0.026 seconds)

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

eLabFTW is an open source electronic lab notebook for research labs. An incorrect permission check has been found that could allow an authenticated user to access several kinds of otherwise restricted information. If anonymous access is allowed (something disabled by default), this extends to anyone. Users are advised to upgrade to at least version 5.1.0. System administrators can disable anonymous access in the System configuration panel. • https://github.com/elabftw/elabftw/security/advisories/GHSA-2c83-6j74-w8r5 • CWE-284: Improper Access Control •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

Mantis Bug Tracker (MantisBT) is an open source issue tracker. Using a crafted POST request, an unprivileged, registered user is able to retrieve information about other users' personal system profiles. This vulnerability is fixed in 2.26.4. • https://github.com/mantisbt/mantisbt/security/advisories/GHSA-h5q3-fjp4-2x7r https://github.com/mantisbt/mantisbt/commit/ef0f820284032350cc20a39ff9cb2010d5463b41 https://mantisbt.org/bugs/view.php?id=34640 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 4.3EPSS: 0%CPEs: -EXPL: 0

An Information Disclosure vulnerability in the Telemetry component in TP-Link Kasa KP125M V1.0.0 and Tapo P125M 1.0.0 Build 220930 Rel.143947 allows attackers to observe device state via observing network traffic. • https://github.com/Chapoly1305/tp-link-cve/blob/main/CVE-2024-35495.md • CWE-319: Cleartext Transmission of Sensitive Information •

CVSS: 5.9EPSS: 0%CPEs: -EXPL: 1

An issue in the API endpoint /AccountMaster/GetCurrentUserInfo of INROAD before v202402060 allows attackers to access sensitive information via a crafted payload to the UserNameOrPhoneNumber parameter. • https://github.com/h1thub/CVE-2024-46635 https://hithub.notion.site/Sensitive-Information-Disclosure-in-GongZhiDao-System-aaad25d2430f4a638d462194cfa87c8b • CWE-922: Insecure Storage of Sensitive Information •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in StylemixThemes uListing.This issue affects uListing: from n/a through 2.1.5. The Directory Listings WordPress plugin – uListing plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.1.5 via the /pricing-plan/payment endpoint. This makes it possible for unauthenticated attackers to render the pricing plan payment page. • https://patchstack.com/database/vulnerability/ulisting/wordpress-ulisting-plugin-2-1-5-sensitive-data-exposure-vulnerability? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •