12592 results (0.002 seconds)

CVSS: 5.1EPSS: %CPEs: 1EXPL: 0

31 May 2025 — django-helpdesk before 1.0.0 allows Sensitive Data Exposure because of os.umask(0) in models.py. • https://github.com/django-helpdesk/django-helpdesk/issues/591 • CWE-277: Insecure Inherited Permissions •

CVSS: 7.8EPSS: %CPEs: -EXPL: 0

30 May 2025 — Insertion of Sensitive Information Into Sent Data vulnerability in Vanquish WooCommerce Orders & Customers Exporter allows Retrieve Embedded Sensitive Data.This issue affects WooCommerce Orders & Customers Exporter: from n/a through 5.0. • https://patchstack.com/database/wordpress/plugin/woocommerce-orders-customers-exporter/vulnerability/wordpress-woocommerce-orders-customers-exporter-5-0-sensitive-data-exposure-vulnerability? • CWE-201: Insertion of Sensitive Information Into Sent Data •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

30 May 2025 — Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. In versions starting from 2.4.0 to before 2.38.0, an authenticated CVAT user may be able to retrieve the IDs and names of all tasks, projects, labels, and the IDs of all jobs and quality reports on the CVAT instance. In addition, if the instance contains many resources of a particular type, retrieving this information may tie up system resources, denying access to legitimate users. This issue has be... • https://github.com/cvat-ai/cvat/commit/7136c99fb2c3a5cb2d8c3ca54b4201b9fa6aab5a • CWE-201: Insertion of Sensitive Information Into Sent Data •

CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0

29 May 2025 — A high privileged attacker with physical access could potentially exploit this vulnerability, leading to Information Disclosure. • https://www.dell.com/support/kbdoc/en-us/000325632/dsa-2025-225 • CWE-312: Cleartext Storage of Sensitive Information •

CVSS: 4.2EPSS: 0%CPEs: 1EXPL: 0

29 May 2025 — This may lead to hash collisions, incorrect cache hits, and even data leakage or security risks. • https://github.com/vllm-project/vllm/commit/99404f53c72965b41558aceb1bc2380875f5d848 • CWE-1023: Incomplete Comparison with Missing Factors CWE-1288: Improper Validation of Consistency within Input •

CVSS: 9.4EPSS: 0%CPEs: 72EXPL: 0

29 May 2025 — Improper Validation of Specified Index, Position, or Offset in Input vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series CPU modules allows a remote unauthenticated attacker to read information in the product, to cause a Denial-of-Service (DoS) condition in MELSOFT connection, or to stop the operation of the CPU module (causing a DoS condtion on the CPU module), by sending specially crafted packets. The product is needed to reset for recovery. • https://jvn.jp/vu/JVNVU94070048 • CWE-1285: Improper Validation of Specified Index, Position, or Offset in Input •

CVSS: 5.1EPSS: 0%CPEs: 3EXPL: 0

28 May 2025 — Sensitive Information Disclosure via .env File Exposure: The .env file, which typically contains environment variables and sensitive application configurations, is directly accessible via a web browser due to missing web server configurations that restrict access to such files. Sensitive Information Disclosure via .env File Exposure: The .env file, which typically contains environment variables and sensitive application configurations, is directly accessible via a web browser due... • https://github.com/mautic/mautic/security/advisories/GHSA-h2wg-v8wg-jhxh • CWE-312: Cleartext Storage of Sensitive Information •

CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0

28 May 2025 — SummaryThis advisory addresses a security vulnerability in Mautic where unpublished page previews could be accessed by unauthenticated users and potentially indexed by search engines. This could lead to the unintended disclosure of draft content or sensitive information. Unauthorized Access to Unpublished Page Previews: The page preview functionality for unpublished content, accessible via predictable URLs (e.g., /page/preview/1, /page/preview/2), lacked proper authorization checks. This allowed any unauthe... • https://github.com/mautic/mautic/security/advisories/GHSA-cqx4-9vqf-q3m8 • CWE-1284: Improper Validation of Specified Quantity in Input •

CVSS: 5.9EPSS: 0%CPEs: 3EXPL: 0

28 May 2025 — IBM Sterling Secure Proxy 6.0.0.0 through 6.0.3.1, 6.1.0.0 through 6.1.0.0, and 6.2.0.0 through 6.2.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. • https://www.ibm.com/support/pages/node/7234888 • CWE-328: Use of Weak Hash •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

28 May 2025 — IBM Security Guardium 12.0 could allow a privileged user to download any file on the system due to improper escaping of input. • https://www.ibm.com/support/pages/node/7234827 • CWE-116: Improper Encoding or Escaping of Output •