Page 52 of 11332 results (0.074 seconds)

CVSS: 9.4EPSS: 0%CPEs: 1EXPL: 0

This can be exploited to access information by adding parameters like `password=...` in the URL (ORM Leak). ... This allows attackers to potentially retrieve arbitrary information. ... These vulnerabilities can be used to leak information and dump the contents of the database and have been addressed in release version 0.53.0. • https://github.com/navidrome/navidrome/security/advisories/GHSA-58vj-cv5w-v4v6 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 3.8EPSS: 0%CPEs: -EXPL: 0

Some uninitialized data may exist in the bounce.buffer, leading to an information leak. • https://access.redhat.com/security/cve/CVE-2024-8612 https://bugzilla.redhat.com/show_bug.cgi?id=2313760 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 8.7EPSS: 0%CPEs: 1EXPL: 0

An authenticated remote attacker could exploit this vulnerability by manipulating parameters in the API request body leading to exposure of sensitive information belonging to other users. • https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0296 • CWE-359: Exposure of Private Personal Information to an Unauthorized Actor •

CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0

The filters do not provide much information (they mainly contain references which are public data in XWiki), though some info could be used in combination with other vulnerabilities. • https://github.com/xwiki/xwiki-platform/commit/c8c6545f9bde6f5aade994aa5b5903a67b5c2582 https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-pg4m-3gp6-hw4w https://jira.xwiki.org/browse/XWIKI-20336 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-359: Exposure of Private Personal Information to an Unauthorized Actor •

CVSS: 7.7EPSS: 0%CPEs: 1EXPL: 0

This issue may lead to Information Disclosure. • https://codeql.github.com/codeql-query-help/ruby/rb-path-injection https://github.com/owen2345/camaleon-cms/security/advisories/GHSA-cp65-5m9r-vc2c https://owasp.org/www-community/attacks/Path_Traversal https://www.reddit.com/r/rails/comments/1exwtdm/camaleon_cms_281_has_been_released • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •