CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 2CVE-2022-47880 – Jedox 2022.4.2 - Disclosure of Database Credentials via Connection Checks
https://notcve.org/view.php?id=CVE-2022-47880
An Information disclosure vulnerability in /be/rpc.php in Jedox GmbH Jedox 2020.2.5 allow remote, authenticated users with permissions to modify database connections to disclose a connections' cleartext password via the 'test connection' function. Jedox version 2022.4.2 has an information disclosure vulnerability in /be/rpc.php that allows remote authenticated users with the appropriate permissions to modify database connections to disclose the clear text credentials via the test connection function. • https://www.exploit-db.com/exploits/51429 http://jedox.com https://docs.syslifters.com/assets/vulnerability-disclosure/Vulnerability-Disclosure-Jedox-Jedox-04-2023.pdf • CWE-522: Insufficiently Protected Credentials •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-38707 – IBM Cognos Command Center information disclosure
https://notcve.org/view.php?id=CVE-2022-38707
IBM Cognos Command Center 10.2.4.1 could allow a local attacker to obtain sensitive information due to insufficient session expiration. IBM X-Force ID: 234179. • https://exchange.xforce.ibmcloud.com/vulnerabilities/234179 https://www.ibm.com/support/pages/node/6983274 • CWE-613: Insufficient Session Expiration •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-27630 – WordPress Community by PeepSo plugin <= 6.0.9.0 - Server Information Disclosure
https://notcve.org/view.php?id=CVE-2023-27630
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in PeepSo Community by PeepSo.This issue affects Community by PeepSo: from n/a through 6.0.9.0. Exposición de información confidencial a una vulnerabilidad de actor no autorizado en PeepSo Community por PeepSo. Este problema afecta a Community by PeepSo: desde n/a hasta 6.0.9.0. The Community by PeepSo plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 6.0.9.0 due to missing authorization checks on the action_admin_export() function. This makes it possible for unauthenticated attackers to trigger a system report export and obtain sensitive information about the servers configuration. • https://patchstack.com/database/vulnerability/peepso-core/wordpress-community-by-peepso-plugin-6-0-9-0-server-information-disclosure? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-862: Missing Authorization •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32135 – Sante DICOM Viewer Pro DCM File Parsing Use-After-Free Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-32135
Sante DICOM Viewer Pro DCM File Parsing Use-After-Free Information Disclosure Vulnerability. • https://www.zerodayinitiative.com/advisories/ZDI-23-527 • CWE-416: Use After Free •
CVSS: 4.3EPSS: 0%CPEs: -EXPL: 0CVE-2023-32137 – D-Link DAP-1360 webproc WEB_DisplayPage Directory Traversal Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-32137
D-Link DAP-1360 webproc WEB_DisplayPage Directory Traversal Information Disclosure Vulnerability. ... D-Link DAP-1360 webproc WEB_DisplayPage Directory Traversal Information Disclosure Vulnerability. • https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10324 https://www.zerodayinitiative.com/advisories/ZDI-23-529 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •