Cleartext Storage of Sensitive Information in Gambio 4.9.2.0 allows attackers to obtain sensitive information via error-handler.log.json and legacy-error-handler.log.txt under the webroot.

Improper Input Validation of query search results for private field data in PingIDM (Query Filter module) allows for a potentially efficient brute forcing approach leading to information disclosure.

Setting SMS media allows to set GSM modem file. Later this file is used as Linux device. But due everything is a file for Linux, it is possible to set another file, e.g. log file and zabbix_server wil...

Vulnerability in the Unified Audit component of Oracle Database Server. Supported versions that are affected are 19.3-19.22 and 21.3-21.13. Easily exploitable vulnerability allows high privileged atta...

Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Package Build SEC). Supported versions that are affected are Prior to 9.2.8.1. Easily exploitable vulnerabi...

Vulnerability in Oracle Audit Vault and Database Firewall (component: Firewall). Supported versions that are affected are 20.1-20.9. Easily exploitable vulnerability allows high privileged attacker wi...

Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Enterprise Infrastructure SEC). Supported versions that are affected are Prior to 9.2.8.0. Easily exploitab...

An Improper Certificate Validation vulnerability exists in Tenable Security Center where an authenticated, privileged attacker could intercept email messages sent from Security Center via a rogue SMTP...

The Multiple Page Generator Plugin – MPG plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the mpg_upsert_project_source_block() function in all...

The Form Maker by 10Web WordPress plugin before 1.15.31 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting a...

A vulnerability was found in Keycloak. A user with high privileges could read sensitive information from a Vault file that is not within the expected context. This attacker must have previous high acc...

Organization admins can delete pending invites created in an organization they are not part of.

The Photo Gallery, Images, Slider in Rbs Image Gallery WordPress plugin before 3.2.22 does not sanitise and escape some of its Gallery settings, which could allow high privilege users such as contribu...

The ApplyOnline WordPress plugin before 2.6.3 does not protect uploaded files during the application process, allowing unauthenticated users to access them and any private information they contain

A resource misdirection vulnerability in GitLab CE/EE versions 12.0 prior to 17.0.5, 17.1 prior to 17.1.3, and 17.2 prior to 17.2.1 allows an attacker to craft a repository import in such a way as to ...

An improper privilege management vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-only administrator to revoke active XML API keys from the firewall and disrupt XML AP...

A vulnerability classified as problematic was found in Typecho 1.2.1. Affected by this vulnerability is an unknown functionality of the file /admin/manage-pages.php of the component Page Handler. The ...

The Welcart e-Commerce plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.9.6 via the upload_certificate_file function. This makes it possible for admini...

Cross-site Scripting (XSS) - Stored in GitHub repository pkp/pkp-lib prior to 3.3.0-16.

Cross-site Scripting (XSS) - Stored in GitHub repository pkp/pkp-lib prior to 3.3.0-16.

Cross-site Scripting (XSS) - Stored in GitHub repository pkp/pkp-lib prior to 3.4.0-4.

The BackWPup plugin for WordPress is vulnerable to Plaintext Storage of Backup Destination Password in all versions up to, and including, 4.0.2. This is due to to the plugin improperly storing backup ...

A flaw was found in Infinispan. When serializing the configuration for a cache to XML/JSON/YAML, which contains credentials (JDBC store with connection pooling, remote store), the credentials are retu...

Mattermost fails to properly check permissions when retrieving a post allowing for a System Role with the permission to manage channels to read the posts of a DM conversation.