Page 52 of 10653 results (0.070 seconds)

CVSS: 7.7EPSS: 0%CPEs: 1EXPL: 0

This issue may lead to Information Disclosure. • https://codeql.github.com/codeql-query-help/ruby/rb-path-injection https://github.com/owen2345/camaleon-cms/security/advisories/GHSA-cp65-5m9r-vc2c https://owasp.org/www-community/attacks/Path_Traversal https://www.reddit.com/r/rails/comments/1exwtdm/camaleon_cms_281_has_been_released • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 8.3EPSS: 0%CPEs: 2EXPL: 0

Prior to the patched version, logged in users of Mautic are able to access areas of the application that they should be prevented from accessing. Users could potentially access sensitive data such as names and surnames, company names and stage names. • https://github.com/mautic/mautic/security/advisories/GHSA-qjx3-2g35-6hv8 • CWE-276: Incorrect Default Permissions •

CVSS: -EPSS: 0%CPEs: 4EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: x86/tdx: Fix data leak in mmio_read() The mmio_read() function makes a TDVMCALL to retrieve MMIO data for an address from the VMM. Sean noticed that mmio_read() unintentionally exposes the value of an initialized variable (val) on the stack to the VMM. This variable is only needed as an output value. • https://git.kernel.org/stable/c/31d58c4e557d46fa7f8557714250fb6f89c941ae https://git.kernel.org/stable/c/26c6af49d26ffc377e392e30d4086db19eed0ef7 https://git.kernel.org/stable/c/ef00818c50cf55a3a56bd9a9fae867c92dfb84e7 https://git.kernel.org/stable/c/b55ce742afcb8e8189d82f2f1e635ba1b5a461fa https://git.kernel.org/stable/c/b6fb565a2d15277896583d471b21bc14a0c99661 •

CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0

This misconfiguration can lead to information disclosure, leaking sensitive details such as diagnostic log traces, system logs, headunit passwords, and personally identifiable information (PII). • https://docs.google.com/document/d/1S-d8zyZreYYGSIr4zGww6F2iBfD63v10Z3YVbGnp2es/edit?usp=sharing https://mohammedshine.github.io/CVE-2024-39339.html • CWE-922: Insecure Storage of Sensitive Information •

CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 0

Windows Kernel Information Disclosure Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37985 • CWE-1037: Processor Optimization Removal or Modification of Security-critical Code •