Total
7849 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-3262 | 2024-04-04 | N/A | 5.5 MEDIUM | ||
| Information exposure vulnerability in RT software affecting version 4.4.1. This vulnerability allows an attacker with local access to the device to retrieve sensitive information about the application, such as vulnerability tickets, because the application stores the information in the browser cache, leading to information exposure despite session termination. | |||||
| CVE-2023-38729 | 2024-04-03 | N/A | 6.8 MEDIUM | ||
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server)10.5, 11.1, and 11.5 is vulnerable to sensitive information disclosure when using ADMIN_CMD with IMPORT or EXPORT. IBM X-Force ID: 262259. | |||||
| CVE-2024-1979 | 2024-04-03 | N/A | 3.5 LOW | ||
| A vulnerability was found in Quarkus. In certain conditions related to the CI process, git credentials could be inadvertently published, which could put the git repository at risk. | |||||
| CVE-2022-32751 | 1 Ibm | 1 Security Verify Directory | 2024-04-01 | N/A | 5.3 MEDIUM |
| IBM Security Verify Directory 10.0.0 could disclose sensitive server information that could be used in further attacks against the system. IBM X-Force ID: 228437. | |||||
| CVE-2024-30469 | 2024-04-01 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in WPExperts Wholesale For WooCommerce.This issue affects Wholesale For WooCommerce: from n/a through 2.3.0. | |||||
| CVE-2024-29898 | 2024-03-28 | N/A | 4.9 MEDIUM | ||
| CreateWiki is Miraheze's MediaWiki extension for requesting & creating wikis. An oversight during the writing of the patch for CVE-2024-29897 may have exposed suppressed wiki requests to private wikis that added Special:RequestWikiQueue to the read whitelist to users without the `(read)` permission. This vulnerability is fixed in 8f8442ed5299510ea3e58416004b9334134c149c. | |||||
| CVE-2024-29897 | 2024-03-28 | N/A | 4.9 MEDIUM | ||
| CreateWiki is Miraheze's MediaWiki extension for requesting & creating wikis. It is possible for users with (delete) or (suppressrevision) on any wiki in the farm to access suppressed wiki requests by going to the request's entry on Special:RequestWikiQueue on the wiki where they have these rights. The same vulnerability was present briefly on the REST API before being quickly corrected in commit `6bc0685`. To our knowledge, the vulnerable commits of the REST API are not running in production anywhere. This vulnerability is fixed in 23415c17ffb4832667c06abcf1eadadefd4c8937. | |||||
| CVE-2023-52231 | 2024-03-28 | N/A | 6.5 MEDIUM | ||
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Booster Booster Plus for WooCommerce.This issue affects Booster Plus for WooCommerce: from n/a before 7.1.2. | |||||
| CVE-2023-52234 | 2024-03-28 | N/A | 6.5 MEDIUM | ||
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Booster Booster Elite for WooCommerce.This issue affects Booster Elite for WooCommerce: from n/a before 7.1.2. | |||||
| CVE-2024-28247 | 2024-03-28 | N/A | 7.6 HIGH | ||
| The Pi-hole is a DNS sinkhole that protects your devices from unwanted content without installing any client-side software. A vulnerability has been discovered in Pihole that allows an authenticated user on the platform to read internal server files arbitrarily, and because the application runs from behind, reading files is done as a privileged user.If the URL that is in the list of "Adslists" begins with "file*" it is understood that it is updating from a local file, on the other hand if it does not begin with "file*" depending on the state of the response it does one thing or another. The problem resides in the update through local files. When updating from a file which contains non-domain lines, 5 of the non-domain lines are printed on the screen, so if you provide it with any file on the server which contains non-domain lines it will print them on the screen. This vulnerability is fixed by 5.18. | |||||
| CVE-2020-8169 | 4 Debian, Haxx, Siemens and 1 more | 6 Debian Linux, Curl, Simatic Tim 1531 Irc and 3 more | 2024-03-27 | 5.0 MEDIUM | 7.5 HIGH |
| curl 7.62.0 through 7.70.0 is vulnerable to an information disclosure vulnerability that can lead to a partial password being leaked over the network and to the DNS server(s). | |||||
| CVE-2021-22876 | 8 Broadcom, Debian, Fedoraproject and 5 more | 12 Fabric Operating System, Debian Linux, Fedora and 9 more | 2024-03-27 | 5.0 MEDIUM | 5.3 MEDIUM |
| curl 7.1.1 to and including 7.75.0 is vulnerable to an "Exposure of Private Personal Information to an Unauthorized Actor" by leaking credentials in the HTTP Referer: header. libcurl does not strip off user credentials from the URL when automatically populating the Referer: HTTP request header field in outgoing HTTP requests, and therefore risks leaking sensitive data to the server that is the target of the second HTTP request. | |||||
| CVE-2023-27630 | 2024-03-27 | N/A | 5.3 MEDIUM | ||
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in PeepSo Community by PeepSo.This issue affects Community by PeepSo: from n/a through 6.0.9.0. | |||||
| CVE-2023-25965 | 2024-03-27 | N/A | 5.9 MEDIUM | ||
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in mbbhatti Upload Resume.This issue affects Upload Resume: from n/a through 1.2.0. | |||||
| CVE-2024-29197 | 2024-03-26 | N/A | 6.5 MEDIUM | ||
| Pimcore is an Open Source Data & Experience Management Platform. Any call with the query argument `?pimcore_preview=true` allows to view unpublished sites. In previous versions of Pimcore, session information would propagate to previews, so only a logged in user could open a preview. This no longer applies. Previews are broad open to any user and with just the hint of a restricted link one could gain access to possible confident / unreleased information. This vulnerability is fixed in 11.2.2 and 11.1.6.1. | |||||
| CVE-2024-29883 | 2024-03-26 | N/A | 4.9 MEDIUM | ||
| CreateWiki is Miraheze's MediaWiki extension for requesting & creating wikis. Suppression of wiki requests does not work as intended, and always restricts visibility to those with the `(createwiki)` user right regardless of the settings one sets on a given wiki request. This may expose information to users who are not supposed to be able to access it. | |||||
| CVE-2024-30233 | 2024-03-26 | N/A | 6.5 MEDIUM | ||
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wholesale Team WholesaleX.This issue affects WholesaleX: from n/a through 1.3.1. | |||||
| CVE-2023-45824 | 2024-03-26 | N/A | 4.3 MEDIUM | ||
| OroPlatform is a PHP Business Application Platform (BAP). A logged in user can access page state data of pinned pages of other users by pageId hash. This vulnerability is fixed in 5.1.4. | |||||
| CVE-2023-48296 | 2024-03-26 | N/A | 4.3 MEDIUM | ||
| OroPlatform is a PHP Business Application Platform (BAP). Navigation history, most viewed and favorite navigation items are returned to storefront user in JSON navigation response if ID of storefront user matches ID of back-office user. This vulnerability is fixed in 5.1.4. | |||||
| CVE-2024-29199 | 2024-03-26 | N/A | 3.7 LOW | ||
| Nautobot is a Network Source of Truth and Network Automation Platform. A number of Nautobot URL endpoints were found to be improperly accessible to unauthenticated (anonymous) users. These endpoints will not disclose any Nautobot data to an unauthenticated user unless the Nautobot configuration variable EXEMPT_VIEW_PERMISSIONS is changed from its default value (an empty list) to permit access to specific data by unauthenticated users. This vulnerability is fixed in 1.6.16 and 2.1.9. | |||||