Filtered by CWE-200
Filtered by vendor Subscriptions
Total 8850 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-43804 4 Debian, Fedoraproject, Python and 1 more 12 Debian Linux, Fedora, Urllib3 and 9 more 2024-12-13 5.9 Medium
urllib3 is a user-friendly HTTP client library for Python. urllib3 doesn't treat the `Cookie` HTTP header special or provide any helpers for managing cookies over HTTP, that is the responsibility of the user. However, it is possible for a user to specify a `Cookie` header and unknowingly leak information via HTTP redirects to a different origin if that user doesn't disable redirects explicitly. This issue has been patched in urllib3 version 1.26.17 or 2.0.5.
CVE-2022-33159 1 Ibm 1 Security Directory Suite Va 2024-12-13 5.3 Medium
IBM Security Directory Suite VA 8.0.1 through 8.0.1.19 stores user credentials in plain clear text which can be read by an authenticated user. IBM X-Force ID: 228567.
CVE-2023-25683 1 Ibm 1 Powervm Hypervisor 2024-12-13 5.9 Medium
IBM PowerVM Hypervisor FW950.00 through FW950.71, FW1010.00 through FW1010.40, FW1020.00 through FW1020.20, and FW1030.00 through FW1030.11 could allow an attacker to obtain sensitive information if they gain service access to the HMC. IBM X-Force ID: 247592.
CVE-2024-54117 1 Huawei 1 Harmonyos 2024-12-12 6.2 Medium
Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2024-54103 1 Huawei 1 Harmonyos 2024-12-12 6.1 Medium
Vulnerability of improper access control in the album module Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2024-21793 1 F5 1 Big-ip Next Central Manager 2024-12-12 7.5 High
An OData injection vulnerability exists in the BIG-IP Next Central Manager API (URI).  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVE-2024-26026 1 F5 1 Big-ip Next Central Manager 2024-12-12 7.5 High
An SQL injection vulnerability exists in the BIG-IP Next Central Manager API (URI).  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
CVE-2024-54119 2024-12-12 6.2 Medium
Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2024-12564 2024-12-12 N/A
Exposure of Sensitive Information to an Unauthorized Actor vulnerability was discovered in Open Design Alliance CDE inWEB SDK before 2025.3. Installing CDE Server with default settings allows unauthorized users to visit prometheus metrics page. This can allow attackers to understand more things about the target application which may help in further investigation and exploitation.
CVE-2024-12255 2024-12-12 5.3 Medium
The Accept Stripe Payments Using Contact Form 7 plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.5 via the cf7sa-info.php file that returns phpinfo() data. This makes it possible for unauthenticated attackers to extract configuration information that can be leveraged in another attack.
CVE-2024-40862 1 Apple 1 Xcode 2024-12-12 7.5 High
A privacy issue was addressed by removing sensitive data. This issue is fixed in Xcode 16. An attacker may be able to determine the Apple ID of the owner of the computer.
CVE-2024-12329 2024-12-12 4.3 Medium
The Essential Real Estate plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on several pages/post types in all versions up to, and including, 5.1.6. This makes it possible for authenticated attackers, with Contributor-level access and above, to access invoices and transaction logs
CVE-2024-23228 1 Apple 2 Ipados, Iphone Os 2024-12-12 3.3 Low
This issue was addressed through improved state management. This issue is fixed in iOS 17.3 and iPadOS 17.3. Locked Notes content may have been unexpectedly unlocked.
CVE-2023-27954 3 Apple, Debian, Redhat 8 Ipados, Iphone Os, Macos and 5 more 2024-12-12 6.5 Medium
The issue was addressed by removing origin information. This issue is fixed in macOS Ventura 13.3, Safari 16.4, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, tvOS 16.4, watchOS 9.4. A website may be able to track sensitive user information.
CVE-2023-34242 1 Cilium 1 Cilium 2024-12-12 3.4 Low
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to version 1.13.4, when Gateway API is enabled in Cilium, the absence of a check on the namespace in which a ReferenceGrant is created could result in Cilium unintentionally gaining visibility of secrets (including certificates) and services across namespaces. An attacker on an affected cluster can leverage this issue to use cluster secrets that should not be visible to them, or communicate with services that they should not have access to. Gateway API functionality is disabled by default. This vulnerability is fixed in Cilium release 1.13.4. As a workaround, restrict the creation of `ReferenceGrant` resources to admin users by using Kubernetes RBAC.
CVE-2024-11961 2 Guangzhou Huayi Intelligent Technology, Huayi-tec 2 Jeewms, Jeewms 2024-12-11 5.3 Medium
A vulnerability was found in Guangzhou Huayi Intelligent Technology Jeewms 3.7. It has been rated as problematic. This issue affects the function preHandle of the file src/main/java/com/zzjee/wm/controller/WmOmNoticeHController.java. The manipulation of the argument request leads to information disclosure. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-23662 1 Fortinet 1 Fortios 2024-12-11 5 Medium
An exposure of sensitive information to an unauthorized actor in Fortinet FortiOS at least version at least 7.4.0 through 7.4.1 and 7.2.0 through 7.2.5 and 7.0.0 through 7.0.15 and 6.4.0 through 6.4.15 allows attacker to information disclosure via HTTP requests.
CVE-2024-11008 2024-12-11 5.3 Medium
The Members – Membership & User Role Editor Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.2.10 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as administrator.
CVE-2024-11351 2024-12-11 5.3 Medium
The Restrict – membership, site, content and user access restrictions for WordPress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2.8 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as administrator.
CVE-2024-53245 2024-12-11 3.1 Low
In Splunk Enterprise versions below 9.3.0, 9.2.4, and 9.1.7 and Splunk Cloud Platform versions below 9.1.2312.206, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles, that has a username with the same name as a role with read access to dashboards, could see the dashboard name and the dashboard XML by cloning the dashboard.