Medium
CVSS: 5.5
Icinga Director is an Icinga config deployment tool. A Security vulnerability has been found starting in version 1.0.0 and prior to 1.10.4 and 1.11.4 on several director endpoints of REST API. To reproduce this vulnerability an authenticate…
Medium
CVSS: 5.7
The Responsive Addons for Elementor – Free Elementor Addons Plugin and Elementor Templates plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.6.8 the 'register_user' function. This m…
Low
CVSS: 2.1
Shescape is a simple shell escape library for JavaScript. Versions 1.7.2 through 2.1.1 are vulnerable to potential environment variable exposure on Windows with CMD. This impact users of Shescape on Windows that explicitly configure `shell:…
High
CVSS: 8.0
Frappe is a full-stack web application framework. Prior to versions 14.89.0 and 15.51.0, making crafted requests could lead to information disclosure that could further lead to account takeover. Versions 14.89.0 and 15.51.0 fix the issue. T…
Medium
CVSS: 5.3
The Easy Digital Downloads – eCommerce Payments and Subscriptions made easy plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.3.6.1 via the edd_ajax_get_download_title() function. T…
Medium
CVSS: 5.3
Vite, a provider of frontend development tooling, has a vulnerability in versions prior to 6.2.3, 6.1.2, 6.0.12, 5.4.15, and 4.5.10. `@fs` denies access to files outside of Vite serving allow list. Adding `?raw??` or `?import&raw??` to the…
Medium
CVSS: 5.0
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Commons VFS.
The FtpFileObject class can throw an exception when a file is not found, revealing the original URI in its message, which may include a passwor…
Medium
CVSS: 5.3
The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.22.1 via a misconfigured capability check in the 'permissionsCheck' function.…
High
CVSS: 7.7
Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are vulnerable to arbitrary file read in train.py's `export_pth` function. This issue may lead to reading arbitrary files on the Applio server. It can also be used in conjun…
Medium
CVSS: 5.8
A vulnerability in Beta80 Life 1st enables the retrieval of different error messages for failed authentication attempts
(in case of the usage of a wrong password or a non existent user). The difference in the
returned error messages could…
Medium
CVSS: 6.5
The Bare Metal Operator (BMO) implements a Kubernetes API for managing bare metal hosts in Metal3. Baremetal Operator enables users to load Secret from arbitrary namespaces upon deployment of the namespace scoped Custom Resource `BMCEventSu…
Medium
CVSS: 5.0
An exposure of sensitive information to an unauthorized actor vulnerability in FortiOS version 6.2.4 and below, version 6.0.10 and belowmay allow remote authenticated actors to read the SSL VPN events log entries of users in other VDOMs by…
Medium
CVSS: 5.3
A vulnerability was found in IROAD Dash Cam FX2 up to 20250308. It has been classified as problematic. Affected is an unknown function of the file /mnt/extsd/event/ of the component HTTP/RTSP. The manipulation leads to information disclosur…
High
CVSS: 7.5
Exposure of password in web-based SSH authentication component in Devolutions Server 2024.3.13 and earlier allows a user to unadvertently leak his SSH password due to missing password masking.
Medium
CVSS: 6.5
Exposure of sensitive information in My Personal Credentials password history component in Devolutions Remote Desktop Manager 2024.3.29 and earlier on Windows allows an authenticated user to inadvertently leak the My Personal Credentials in…
Medium
CVSS: 6.5
Exposure of sensitive information in hub data source export feature in Devolutions Remote Desktop Manager 2024.3.29 and earlier on Windows allows a user exporting a hub data source to include his authenticated session in the export due to f…
High
CVSS: 7.5
An issue in parse-git-config v.3.0.0 allows an attacker to obtain sensitive information via the expandKeys function
Medium
CVSS: 5.3
The NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 8.8.1 via file uploads due to insufficient directory listing prev…
Medium
CVSS: 6.5
Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network.
High
CVSS: 8.1
An exposure of sensitive information to an unauthorized actor in Fortinet FortiSIEM version 6.7.0 through 6.7.4 and 6.6.0 through 6.6.3 and 6.5.0 through 6.5.1 and 6.4.0 through 6.4.2 and 6.3.0 through 6.3.3 and 6.2.0 through 6.2.1 and 6.1.…