Total
7313 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2024-21501 | 2024-08-28 | N/A | 5.3 MEDIUM | ||
Versions of the package sanitize-html before 2.12.1 are vulnerable to Information Exposure when used on the backend and with the style attribute allowed, allowing enumeration of files in the system (including project dependencies). An attacker could exploit this vulnerability to gather details about the file system structure and dependencies of the targeted server. | |||||
CVE-2024-26470 | 2024-08-28 | N/A | 8.1 HIGH | ||
A host header injection vulnerability in the forgot password function of FullStackHero's WebAPI Boilerplate v1.0.0 and v1.0.1 allows attackers to leak the password reset token via a crafted request. | |||||
CVE-2024-28339 | 2024-08-28 | N/A | 5.4 MEDIUM | ||
An information leak in the debuginfo.htm component of Netgear CBR40 2.5.0.28, Netgear CBK40 2.5.0.28, and Netgear CBK43 2.5.0.28 allows attackers to obtain sensitive information without any authentication required. | |||||
CVE-2024-6448 | 2024-08-28 | N/A | 5.3 MEDIUM | ||
The Mollie Payments for WooCommerce plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 7.7.0. This is due to the error reporting being enabled by default in multiple plugin files. This makes it possible for unauthenticated attackers to obtain the full path to instances, which they may be able to use in combination with other vulnerabilities or to simplify reconnaissance work. On its own, this information is of very limited use. | |||||
CVE-2024-30569 | 2024-08-27 | N/A | 7.5 HIGH | ||
An information leak in currentsetting.htm of Netgear R6850 v1.1.0.88 allows attackers to obtain sensitive information without any authentication required. | |||||
CVE-2024-25839 | 2024-08-26 | N/A | 7.5 HIGH | ||
An issue was discovered in Webbax "Super Newsletter" (supernewsletter) module for PrestaShop versions 1.4.21 and before, allows local attackers to escalate privileges and obtain sensitive information. | |||||
CVE-2024-43289 | 2024-08-26 | N/A | 7.5 HIGH | ||
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in gVectors Team wpForo Forum.This issue affects wpForo Forum: from n/a through 2.3.4. | |||||
CVE-2024-43283 | 2024-08-26 | N/A | 5.3 MEDIUM | ||
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Contest Gallery.This issue affects Contest Gallery: from n/a through 23.1.2. | |||||
CVE-2024-43319 | 2024-08-26 | N/A | 4.3 MEDIUM | ||
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in bPlugins LLC Flash & HTML5 Video.This issue affects Flash & HTML5 Video: from n/a through 2.5.31. | |||||
CVE-2024-39344 | 2024-08-26 | N/A | 8.1 HIGH | ||
An issue was discovered in the Docusign API package 8.142.14 for Salesforce. The Apttus_DocuApi__DocusignAuthentication__mdt object is installed via the marketplace from this package and stores some configuration information in a manner that could be compromised. With the default settings when installed for all users, the object can be accessible and (via its fields) could disclose some keys. These disclosed components can be combined to create a valid session via the Docusign API. This will generally lead to a complete compromise of the Docusign account because the session is for an administrator service account and may have permission to re-authenticate as specific users with the same authorization flow. | |||||
CVE-2024-6499 | 2024-08-26 | N/A | 5.3 MEDIUM | ||
The WordPress Button Plugin MaxButtons plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 9.7.8. This makes it possible for unauthenticated attackers to obtain the full path to instances, which they may be able to use in combination with other vulnerabilities or to simplify reconnaissance work. On its own, this information is of very limited use. | |||||
CVE-2024-7339 | 3 Artion-sec, Provision-isr, Tvt | 7 Av108t, Dvr Firmware, Dvr Firmware and 4 more | 2024-08-23 | 5.0 MEDIUM | 5.3 MEDIUM |
A vulnerability has been found in TVT DVR TD-2104TS-CL, DVR TD-2108TS-HP, Provision-ISR DVR SH-4050A5-5L(MM) and AVISION DVR AV108T and classified as problematic. This vulnerability affects unknown code of the file /queryDevInfo. The manipulation leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-273262 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
CVE-2020-11843 | 1 Netiq | 1 Access Manager | 2024-08-23 | N/A | 6.5 MEDIUM |
This allows the information exposure to unauthorized users. This issue affects NetIQ Access Manager using version 4.5 or before | |||||
CVE-2024-7328 | 1 Youdiancms | 1 Youdiancms | 2024-08-23 | 5.0 MEDIUM | 5.3 MEDIUM |
A vulnerability, which was classified as problematic, has been found in YouDianCMS 7. This issue affects some unknown processing of the file /t.php?action=phpinfo. The manipulation leads to information disclosure. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-273251. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
CVE-2024-8072 | 2024-08-22 | N/A | 5.3 MEDIUM | ||
Mage AI allows remote unauthenticated attackers to leak the terminal server command history of arbitrary users | |||||
CVE-2022-26327 | 2024-08-21 | N/A | N/A | ||
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in OpenText Performance Center on Windows allows Retrieve Embedded Sensitive Data.This issue affects Performance Center: 12.63. | |||||
CVE-2024-28340 | 2024-08-21 | N/A | 7.5 HIGH | ||
An information leak in the currentsetting.htm component of Netgear CBR40 2.5.0.28, Netgear CBK40 2.5.0.28, and Netgear CBK43 2.5.0.28 allows attackers to obtain sensitive information without any authentication required. | |||||
CVE-2024-20991 | 2024-08-21 | N/A | 5.3 MEDIUM | ||
Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: Web Listener). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle HTTP Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle HTTP Server accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N). | |||||
CVE-2024-7842 | 1 Tamparongj 03 | 1 Online Graduate Tracer System | 2024-08-21 | 5.0 MEDIUM | 7.5 HIGH |
A vulnerability, which was classified as problematic, has been found in SourceCodester Online Graduate Tracer System 1.0. This issue affects some unknown processing of the file /tracking/admin/export_it.php. The manipulation leads to information disclosure. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
CVE-2024-7843 | 1 Tamparongj 03 | 1 Online Graduate Tracer System | 2024-08-21 | 5.0 MEDIUM | 7.5 HIGH |
A vulnerability, which was classified as problematic, was found in SourceCodester Online Graduate Tracer System 1.0. Affected is an unknown function of the file /tracking/admin/exportcs.php. The manipulation leads to information disclosure. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. |