Page 52 of 10805 results (0.081 seconds)

CVSS: 5.2EPSS: 0%CPEs: -EXPL: 0

Improper input validation in some Intel(R) RAID Web Console software all versions may allow an authenticated user to potentially enable information disclosure via adjacent access. • https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00926.html • CWE-20: Improper Input Validation •

CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0

This could lead to local information disclosure with System execution privileges needed. • https://source.android.com/security/bulletin/pixel/2024-09-01 •

CVSS: 4.3EPSS: 0%CPEs: -EXPL: 0

An information disclosure vulnerability exists in the lunary-ai/lunary, specifically in the `runs/{run_id}/related` endpoint. ... The vulnerability allows unauthorized users to obtain information about non-public runs and their related runs, given the `run_id` of a public or non-public run. • https://github.com/lunary-ai/lunary/commit/35afd4439464571eb016318cd7b6f85a162225ca https://huntr.com/bounties/460df515-164c-4435-954b-0233a181545f • CWE-1220: Insufficient Granularity of Access Control •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

IBM Concert 1.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. • https://exchange.xforce.ibmcloud.com/vulnerabilities/351213 https://www.ibm.com/support/pages/node/7168234 • CWE-614: Sensitive Cookie in HTTPS Session Without 'Secure' Attribute •

CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Utarit Information SoliClub allows Retrieve Embedded Sensitive Data.This issue affects SoliClub: before 4.4.0 for iOS, before 5.2.1 for Android. • https://www.usom.gov.tr/bildirim/tr-24-1457 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •