Page 64 of 10805 results (0.030 seconds)

CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0

A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure. • https://www.dell.com/support/kbdoc/en-us/000228135/dsa-2024-309-security-update-for-dell-poweredge-server-for-improper-input-validation-vulnerability • CWE-20: Improper Input Validation •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

Insertion of Sensitive Information into Log File vulnerability in StylemixThemes Masterstudy LMS Starter.This issue affects Masterstudy LMS Starter: from n/a through 1.1.8. The Masterstudy - Education WordPress Theme theme for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.1.8. • https://patchstack.com/database/vulnerability/ms-lms-starter-theme/wordpress-masterstudy-lms-starter-theme-1-1-8-sensitive-data-exposure-vulnerability? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-532: Insertion of Sensitive Information into Log File •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

The The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.7.11 via the post_query_guten and post_query functions. This makes it possible for authenticated attackers, with contributor-level access and above, to extract information from posts that are not public (i.e. draft, future, etc..). • https://plugins.trac.wordpress.org/changeset/3142599/the-post-grid/trunk/app/Controllers/Blocks/BlockBase.php https://plugins.trac.wordpress.org/changeset/3142599/the-post-grid/trunk/app/Widgets/elementor/rtTPGElementorQuery.php https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3142599%40the-post-grid&new=3142599%40the-post-grid&sfp_email=&sfph_mail= https://www.wordfence.com/threat-intel/vulnerabilities/id/dddecb2e-9ad6-4e44-afce-5eba7da6322d?source=cve • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 6.3EPSS: 0%CPEs: -EXPL: 0

A vulnerability identified in NetIQ Advance Authentication that leaks sensitive server information. • https://www.netiq.com/documentation/advanced-authentication-63/advanced-authentication-releasenotes-6351/data/advanced-authentication-releasenotes-6351.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 7.5EPSS: 0%CPEs: -EXPL: 2

A traversal vulnerability in GeneralDocs.aspx in CentralSquare CryWolf (False Alarm Management) through 2024-08-09 allows unauthenticated attackers to read files outside of the working web directory via the rpt parameter, leading to the disclosure of sensitive information. • https://github.com/d4lyw/CVE-2024-45241 https://github.com/verylazytech/CVE-2024-45241 https://www.centralsquare.com/solutions/public-safety-software/public-safety-agency-operations/crywolf-false-alarm-management-solution https://daly.wtf/cve-2024-45241-path-traversal-in-centralsquare-crywolf • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •