Critical
CVSS: 9.9
Exposure of Sensitive System Information to an Unauthorized Control Sphere (CWE-497) in the Gallagher Morpho integration could allow an authenticated operator with limited site permissions to make critical changes to local Morpho devices.…
Medium
CVSS: 5.0
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Stylemix MasterStudy LMS masterstudy-lms-learning-management-system allows Retrieve Embedded Sensitive Data.This issue affects MasterStudy LMS: from…
Medium
CVSS: 6.5
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in ThemeAtelier IDonatePro idonate-pro allows Retrieve Embedded Sensitive Data.This issue affects IDonatePro: from n/a through
Medium
CVSS: 5.3
HCL Unica 12.1.10 can expose sensitive system information. An attacker could use this information to form an attack plan by leveraging known vulnerabilities in the application.
Medium
CVSS: 4.8
An information disclosure vulnerability in Palo Alto Networks PAN-OS® software enables an authenticated administrator to view session tokens of users authenticated to the firewall web UI. This may allow impersonation of users whose session…
Critical
CVSS: 9.9
Nagios Log Server before 2024R1.3.2 allows authenticated users to retrieve cleartext administrative API keys via a /nagioslogserver/index.php/api/system/get_users call. This is GL:NLS#475.
Low
CVSS: 2.2
The YoSmart YoLink Smart Hub device 0382 exposes a UART debug interface. An attacker with direct physical access can leverage this interface to read a boot log, which includes network access credentials.
Medium
CVSS: 5.3
Multiple endpoints with sensitive information do not require authentication, making the application susceptible to information gathering.
Medium
CVSS: 5.3
The application provides access to a login protected H2 database for caching purposes. The username is prefilled.
Medium
CVSS: 5.3
Due to a lack of authentication, it is possible for an unauthenticated user to request data from this endpoint, making the application vulnerable for user enumeration.
Unknown
CVSS: -
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in honzat Page Manager for Elementor page-manager-for-elementor allows Retrieve Embedded Sensitive Data.This issue affects Page Manager for Elementor:…
Unknown
CVSS: -
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in CoSchedule CoSchedule coschedule-by-todaymade allows Retrieve Embedded Sensitive Data.This issue affects CoSchedule: from n/a through
Unknown
CVSS: -
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Shahjada Download Manager download-manager allows Retrieve Embedded Sensitive Data.This issue affects Download Manager: from n/a through
Unknown
CVSS: -
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Darren Cooney Ajax Load More ajax-load-more allows Retrieve Embedded Sensitive Data.This issue affects Ajax Load More: from n/a through
High
CVSS: 7.5
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Ays Pro Quiz Maker quiz-maker allows Retrieve Embedded Sensitive Data.This issue affects Quiz Maker: from n/a through
Unknown
CVSS: -
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in NerdPress Hubbub Lite social-pug allows Retrieve Embedded Sensitive Data.This issue affects Hubbub Lite: from n/a through
Unknown
CVSS: -
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in etruel WPeMatico RSS Feed Fetcher wpematico allows Retrieve Embedded Sensitive Data.This issue affects WPeMatico RSS Feed Fetcher: from n/a through
Unknown
CVSS: -
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Nurul Amin WP System Information wp-system-info allows Retrieve Embedded Sensitive Data.This issue affects WP System Information: from n/a through
Medium
CVSS: 4.3
IBM Lakehouse (watsonx.data 2.2) could allow an authenticated user to obtain sensitive server component version information which could aid in further attacks against the system.
High
CVSS: 8.6
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Vegagrup Software Vega Master allows Directory Indexing.This issue affects Vega Master: from v.1.12.35 through 20250916.
NOTE: The vendor did not…