Page 504 of 10621 results (0.074 seconds)

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1

Anonymous user may get the list of existing users managed by the application, that could ease further attacks (see CVE-2023-3065 and 3066)This issue affects Mobatime mobile application AMXGT100 through 1.3.20. • https://borelenzo.github.io/stuff/2023/06/02/cve-2023-3064_65_66.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-922: Insecure Storage of Sensitive Information •

CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0

This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. • https://exchange.xforce.ibmcloud.com/vulnerabilities/255074 https://www.ibm.com/support/pages/node/6999721 https://www.ibm.com/support/pages/node/6999747 •

CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 0

IBM Maximo Application Suite - Manage Component 8.8.0 and 8.9.0 transmits sensitive information in cleartext that could be intercepted by an attacker using man in the middle techniques. IBM X-Force ID: 249208. IBM Maximo Application Suite - Manage Component v8.8.0 y v8.9.0 transmite información confidencial en texto claro que podría ser interceptada por un atacante mediante técnicas de "man in the middle". IBM X-Force ID: 249208. • https://exchange.xforce.ibmcloud.com/vulnerabilities/249208 https://www.ibm.com/support/pages/node/6999917 • CWE-319: Cleartext Transmission of Sensitive Information •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1

The KiviCare WordPress plugin before 3.2.1 does not restrict the information returned in a response and returns all user data, allowing low privilege users such as subscriber to retrieve sensitive information such as the user email and hashed password of other users The KiviCare – Clinic & Patient Management System (EHR) plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 3.2.0. This can allow authenticated attackers to extract sensitive data including emails, hashed passwords, and usernames. • https://wpscan.com/vulnerability/85cc39b1-416f-4d23-84c1-fdcbffb0dda0 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1

emoncms v11 and later was discovered to contain an information disclosure vulnerability which allows attackers to obtain the web directory path and other information leaked by the server via a crafted web request. • https://github.com/emoncms/emoncms/issues/1856 • CWE-668: Exposure of Resource to Wrong Sphere •