Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2013-7435

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-01 Feb, 2018 | 17:00
Updated At-06 Aug, 2024 | 18:09
Rejected At-
Credits

The open-ils.pcrud endpoint in Evergreen before 2.5.9, 2.6.x before 2.6.7, and 2.7.x before 2.7.4 allows remote attackers to obtain sensitive settings history information by leveraging lack of user permission for retrieval in fm_IDL.xml.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:01 Feb, 2018 | 17:00
Updated At:06 Aug, 2024 | 18:09
Rejected At:
▼CVE Numbering Authority (CNA)

The open-ils.pcrud endpoint in Evergreen before 2.5.9, 2.6.x before 2.6.7, and 2.7.x before 2.7.4 allows remote attackers to obtain sensitive settings history information by leveraging lack of user permission for retrieval in fm_IDL.xml.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
http://evergreen-ils.org/downloads/ChangeLog-2.7.3-2.7.4
x_refsource_CONFIRM
http://www.openwall.com/lists/oss-security/2015/03/04/3
mailing-list
x_refsource_MLIST
https://bugs.launchpad.net/evergreen/+bug/1206589
x_refsource_CONFIRM
http://git.evergreen-ils.org/?p=Evergreen.git%3Ba=commit%3Bh=ac588e879cf73ff1b65617e0bd273361d3529063
x_refsource_CONFIRM
http://evergreen-ils.org/downloads/ChangeLog-2.6.6-2.6.7
x_refsource_CONFIRM
http://evergreen-ils.org/downloads/ChangeLog-2.5.8-2.5.9
x_refsource_CONFIRM
http://evergreen-ils.org/security-releases-evergreen-2-7-4-2-6-7-and-2-5-9/
x_refsource_CONFIRM
Hyperlink: http://evergreen-ils.org/downloads/ChangeLog-2.7.3-2.7.4
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.openwall.com/lists/oss-security/2015/03/04/3
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: https://bugs.launchpad.net/evergreen/+bug/1206589
Resource:
x_refsource_CONFIRM
Hyperlink: http://git.evergreen-ils.org/?p=Evergreen.git%3Ba=commit%3Bh=ac588e879cf73ff1b65617e0bd273361d3529063
Resource:
x_refsource_CONFIRM
Hyperlink: http://evergreen-ils.org/downloads/ChangeLog-2.6.6-2.6.7
Resource:
x_refsource_CONFIRM
Hyperlink: http://evergreen-ils.org/downloads/ChangeLog-2.5.8-2.5.9
Resource:
x_refsource_CONFIRM
Hyperlink: http://evergreen-ils.org/security-releases-evergreen-2-7-4-2-6-7-and-2-5-9/
Resource:
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
http://evergreen-ils.org/downloads/ChangeLog-2.7.3-2.7.4
x_refsource_CONFIRM
x_transferred
http://www.openwall.com/lists/oss-security/2015/03/04/3
mailing-list
x_refsource_MLIST
x_transferred
https://bugs.launchpad.net/evergreen/+bug/1206589
x_refsource_CONFIRM
x_transferred
http://git.evergreen-ils.org/?p=Evergreen.git%3Ba=commit%3Bh=ac588e879cf73ff1b65617e0bd273361d3529063
x_refsource_CONFIRM
x_transferred
http://evergreen-ils.org/downloads/ChangeLog-2.6.6-2.6.7
x_refsource_CONFIRM
x_transferred
http://evergreen-ils.org/downloads/ChangeLog-2.5.8-2.5.9
x_refsource_CONFIRM
x_transferred
http://evergreen-ils.org/security-releases-evergreen-2-7-4-2-6-7-and-2-5-9/
x_refsource_CONFIRM
x_transferred
Hyperlink: http://evergreen-ils.org/downloads/ChangeLog-2.7.3-2.7.4
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.openwall.com/lists/oss-security/2015/03/04/3
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: https://bugs.launchpad.net/evergreen/+bug/1206589
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://git.evergreen-ils.org/?p=Evergreen.git%3Ba=commit%3Bh=ac588e879cf73ff1b65617e0bd273361d3529063
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://evergreen-ils.org/downloads/ChangeLog-2.6.6-2.6.7
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://evergreen-ils.org/downloads/ChangeLog-2.5.8-2.5.9
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://evergreen-ils.org/security-releases-evergreen-2-7-4-2-6-7-and-2-5-9/
Resource:
x_refsource_CONFIRM
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:01 Feb, 2018 | 17:29
Updated At:07 Nov, 2023 | 02:18

The open-ils.pcrud endpoint in Evergreen before 2.5.9, 2.6.x before 2.6.7, and 2.7.x before 2.7.4 allows remote attackers to obtain sensitive settings history information by leveraging lack of user permission for retrieval in fm_IDL.xml.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.06.5MEDIUM
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Primary2.04.0MEDIUM
AV:N/AC:L/Au:S/C:P/I:N/A:N
Type: Primary
Version: 3.0
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Type: Primary
Version: 2.0
Base score: 4.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:S/C:P/I:N/A:N
CPE Matches

evergreen-ils
evergreen-ils
>>evergreen>>Versions before 2.5.9(exclusive)
cpe:2.3:a:evergreen-ils:evergreen:*:*:*:*:*:*:*:*
evergreen-ils
evergreen-ils
>>evergreen>>Versions from 2.6.0(inclusive) to 2.6.7(exclusive)
cpe:2.3:a:evergreen-ils:evergreen:*:*:*:*:*:*:*:*
evergreen-ils
evergreen-ils
>>evergreen>>Versions from 2.7.0(inclusive) to 2.7.4(exclusive)
cpe:2.3:a:evergreen-ils:evergreen:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-200Primarynvd@nist.gov
CWE ID: CWE-200
Type: Primary
Source: nvd@nist.gov
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
http://evergreen-ils.org/downloads/ChangeLog-2.5.8-2.5.9cve@mitre.org
Issue Tracking
Release Notes
http://evergreen-ils.org/downloads/ChangeLog-2.6.6-2.6.7cve@mitre.org
Issue Tracking
Release Notes
http://evergreen-ils.org/downloads/ChangeLog-2.7.3-2.7.4cve@mitre.org
Issue Tracking
Release Notes
http://evergreen-ils.org/security-releases-evergreen-2-7-4-2-6-7-and-2-5-9/cve@mitre.org
Issue Tracking
Release Notes
http://git.evergreen-ils.org/?p=Evergreen.git%3Ba=commit%3Bh=ac588e879cf73ff1b65617e0bd273361d3529063cve@mitre.org
N/A
http://www.openwall.com/lists/oss-security/2015/03/04/3cve@mitre.org
Mailing List
Issue Tracking
Third Party Advisory
https://bugs.launchpad.net/evergreen/+bug/1206589cve@mitre.org
Issue Tracking
Patch
Hyperlink: http://evergreen-ils.org/downloads/ChangeLog-2.5.8-2.5.9
Source: cve@mitre.org
Resource:
Issue Tracking
Release Notes
Hyperlink: http://evergreen-ils.org/downloads/ChangeLog-2.6.6-2.6.7
Source: cve@mitre.org
Resource:
Issue Tracking
Release Notes
Hyperlink: http://evergreen-ils.org/downloads/ChangeLog-2.7.3-2.7.4
Source: cve@mitre.org
Resource:
Issue Tracking
Release Notes
Hyperlink: http://evergreen-ils.org/security-releases-evergreen-2-7-4-2-6-7-and-2-5-9/
Source: cve@mitre.org
Resource:
Issue Tracking
Release Notes
Hyperlink: http://git.evergreen-ils.org/?p=Evergreen.git%3Ba=commit%3Bh=ac588e879cf73ff1b65617e0bd273361d3529063
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.openwall.com/lists/oss-security/2015/03/04/3
Source: cve@mitre.org
Resource:
Mailing List
Issue Tracking
Third Party Advisory
Hyperlink: https://bugs.launchpad.net/evergreen/+bug/1206589
Source: cve@mitre.org
Resource:
Issue Tracking
Patch

Change History

0
Information is not available yet

Similar CVEs

937Records found

CVE-2015-2203
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-2.21% / 80.42%
||
7 Day CHG~0.00%
Published-01 Feb, 2018 | 17:00
Updated-06 Aug, 2024 | 05:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Evergreen 2.5.9, 2.6.7, and 2.7.4 allows remote authenticated users with STAFF_LOGIN permission to obtain sensitive settings history information by leveraging listing of open-ils.pcrud as a controller in the IDL.

Action-Not Available
Vendor-evergreen-ilsn/a
Product-evergreenn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2015-2204
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.17% / 86.45%
||
7 Day CHG~0.00%
Published-01 Feb, 2018 | 17:00
Updated-06 Aug, 2024 | 05:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Evergreen before 2.5.9, 2.6.x before 2.6.7, and 2.7.x before 2.7.4 allows remote attackers to bypass an intended access restriction and obtain sensitive information about org unit settings by leveraging failure of open-ils.actor.ou_setting.ancestor_default to enforce view_perm when no auth token is provided.

Action-Not Available
Vendor-evergreen-ilsn/a
Product-evergreenn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2026-8766
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.32% / 23.46%
||
7 Day CHG~0.00%
Published-17 May, 2026 | 22:15
Updated-20 May, 2026 | 17:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Kilo-Org kilocode Environment Variable config.ts load information disclosure

A flaw has been found in Kilo-Org kilocode up to 7.0.47. This issue affects the function Load of the file packages/opencode/src/config/config.ts of the component Environment Variable Handler. Executing a manipulation of the argument KILO_CONFIG_CONTENT can lead to information disclosure. It is possible to launch the attack remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-kiloKilo-Org
Product-kilo_code_clikilocode
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-284
Improper Access Control
CVE-2014-125093
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.3||MEDIUM
EPSS-0.86% / 54.17%
||
7 Day CHG~0.00%
Published-10 Mar, 2023 | 02:00
Updated-06 Aug, 2024 | 14:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Ad Blocking Detector Plugin ad-blocking-detector.php information disclosure

A vulnerability has been found in Ad Blocking Detector Plugin up to 1.2.1 on WordPress and classified as problematic. This vulnerability affects unknown code of the file ad-blocking-detector.php. The manipulation leads to information disclosure. The attack can be initiated remotely. Upgrading to version 1.2.2 is able to address this issue. The patch is identified as 3312b9cd79e5710d1e282fc9216a4e5ab31b3d94. It is recommended to upgrade the affected component. VDB-222610 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-getadmiraln/a
Product-ad_blocking_detectorAd Blocking Detector Plugin
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2014-2185
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-4||MEDIUM
EPSS-0.95% / 56.82%
||
7 Day CHG~0.00%
Published-29 Apr, 2014 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Call Detail Records (CDR) Management component in Cisco Unified Communications Manager (Unified CM) allows remote authenticated users to obtain sensitive information by reading extraneous fields in an HTML document, aka Bug ID CSCun74374.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-unified_communications_managern/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2026-9583
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.24% / 15.24%
||
7 Day CHG~0.00%
Published-26 May, 2026 | 21:00
Updated-28 May, 2026 | 16:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester CET Automated Grading System with AI Predictive Analytics SQL index.php information exposure

A weakness has been identified in SourceCodester CET Automated Grading System with AI Predictive Analytics 1.0. This impacts an unknown function of the file /index.php of the component SQL Handler. Executing a manipulation can lead to information exposure through error message. The attack may be performed from remote. The exploit has been made available to the public and could be used for attacks.

Action-Not Available
Vendor-SourceCodester
Product-CET Automated Grading System with AI Predictive Analytics
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-209
Generation of Error Message Containing Sensitive Information
CVE-2014-1571
Matching Score-4
Assigner-Mozilla Corporation
ShareView Details
Matching Score-4
Assigner-Mozilla Corporation
CVSS Score-4||MEDIUM
EPSS-1.35% / 68.17%
||
7 Day CHG~0.00%
Published-13 Oct, 2014 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Bugzilla 2.x through 4.0.x before 4.0.15, 4.1.x and 4.2.x before 4.2.11, 4.3.x and 4.4.x before 4.4.6, and 4.5.x before 4.5.6 allows remote authenticated users to obtain sensitive private-comment information by leveraging a role as a flag recipient, related to Bug.pm, Flag.pm, and a mail template.

Action-Not Available
Vendor-n/aMozilla CorporationFedora Project
Product-bugzillafedoran/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-2582
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-2.46% / 82.46%
||
7 Day CHG~0.00%
Published-26 Jul, 2018 | 17:00
Updated-05 Aug, 2024 | 13:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

It was found that while parsing the SAML messages the StaxParserUtil class of keycloak before 2.5.1 replaces special strings for obtaining attribute values with system property. This could allow an attacker to determine values of system properties at the attacked system by formatting the SAML request ID field to be the chosen system property which could be obtained in the "InResponseTo" field in the response.

Action-Not Available
Vendor-Red Hat, Inc.
Product-jboss_enterprise_application_platformkeycloakenterprise_linuxkeycloak
CWE ID-CWE-201
Insertion of Sensitive Information Into Sent Data
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2014-125102
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.3||MEDIUM
EPSS-0.62% / 45.17%
||
7 Day CHG~0.00%
Published-29 May, 2023 | 22:31
Updated-05 Mar, 2025 | 18:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Bestwebsoft Relevant Plugin Thumbnail information disclosure

A vulnerability classified as problematic was found in Bestwebsoft Relevant Plugin up to 1.0.7 on WordPress. Affected by this vulnerability is an unknown functionality of the component Thumbnail Handler. The manipulation leads to information disclosure. The attack can be launched remotely. Upgrading to version 1.0.8 is able to address this issue. The identifier of the patch is 860d1891025548cf0f5f97364c1f51a888f523c3. It is recommended to upgrade the affected component. The identifier VDB-230113 was assigned to this vulnerability.

Action-Not Available
Vendor-BestWebSoft
Product-relevantRelevant Plugin
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-2606
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-4.3||MEDIUM
EPSS-1.94% / 77.62%
||
7 Day CHG~0.00%
Published-08 May, 2018 | 20:00
Updated-05 Aug, 2024 | 14:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jenkins before versions 2.44, 2.32.2 is vulnerable to an information exposure in the internal API that allows access to item names that should not be visible (SECURITY-380). This only affects anonymous users (other users legitimately have access) that were able to get a list of items via an UnprotectedRootAction.

Action-Not Available
Vendor-unspecifiedJenkins
Product-jenkinsjenkins
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2014-0882
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-1.23% / 65.36%
||
7 Day CHG~0.00%
Published-25 Apr, 2018 | 20:00
Updated-06 Aug, 2024 | 09:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integrated Management Module II (IMM2) on IBM Flex System, NeXtScale, System x3xxx, and System x iDataPlex systems might allow remote authenticated users to obtain sensitive account information via vectors related to generated Service Advisor data (FFDC). IBM X-Force ID: 91149.

Action-Not Available
Vendor-n/aIBM Corporation
Product-system_x3630_m4flex_system_x220system_x3750_m4nextscale_nx360_m4system_x3250_m4system_x3500_m4system_x3530_m4system_x3100_m4system_x_idataplex_dx360_m4flex_system_x240flex_system_manager_8731integrated_management_module_firmwaresystem_x3650_m4flex_system_manager_7955system_x3550_m4flex_system_x440n/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2014-0215
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-4||MEDIUM
EPSS-1.69% / 74.26%
||
7 Day CHG~0.00%
Published-27 May, 2014 | 00:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The blind-marking implementation in Moodle through 2.3.11, 2.4.x before 2.4.10, 2.5.x before 2.5.6, and 2.6.x before 2.6.3 allows remote authenticated users to de-anonymize student identities by (1) using a screen reader or (2) reading the HTML source.

Action-Not Available
Vendor-n/aMoodle Pty Ltd
Product-moodlen/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2014-0746
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-4||MEDIUM
EPSS-1.32% / 67.32%
||
7 Day CHG~0.00%
Published-27 Feb, 2014 | 01:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The disaster recovery system (DRS) in Cisco Unified Contact Center Express (Unified CCX) allows remote authenticated users to obtain sensitive information by reading extraneous fields in an HTML document, aka Bug ID CSCum95536.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-unified_contact_center_express_editor_softwaren/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2014-0919
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-4||MEDIUM
EPSS-1.90% / 77.18%
||
7 Day CHG~0.00%
Published-08 May, 2015 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM DB2 9.5 through 10.5 on Linux, UNIX, and Windows stores passwords during the processing of certain SQL statements by the monitoring and audit facilities, which allows remote authenticated users to obtain sensitive information via commands associated with these facilities.

Action-Not Available
Vendor-n/aIBM Corporation
Product-db2n/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2020-27612
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.67% / 47.61%
||
7 Day CHG~0.00%
Published-21 Oct, 2020 | 14:08
Updated-04 Aug, 2024 | 16:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Greenlight in BigBlueButton through 2.2.28 places usernames in room URLs, which may represent an unintended information leak to users in a room, or an information leak to outsiders if any user publishes a screenshot of a browser window.

Action-Not Available
Vendor-bigbluebuttonn/a
Product-bigbluebuttonn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2013-4832
Matching Score-4
Assigner-HP Inc.
ShareView Details
Matching Score-4
Assigner-HP Inc.
CVSS Score-4||MEDIUM
EPSS-1.15% / 62.86%
||
7 Day CHG~0.00%
Published-16 Oct, 2013 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HP Service Manager 9.30 through 9.32 allows remote authenticated users to obtain sensitive information via unspecified vectors.

Action-Not Available
Vendor-n/aHP Inc.
Product-service_managern/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2013-3825
Matching Score-4
Assigner-Oracle
ShareView Details
Matching Score-4
Assigner-Oracle
CVSS Score-4||MEDIUM
EPSS-1.23% / 65.30%
||
7 Day CHG~0.00%
Published-17 Jul, 2013 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Oracle Agile Product Collaboration component in Oracle Supply Chain Products Suite 9.3.1 allows remote authenticated users to affect confidentiality via unknown vectors related to Folders & Files Attachment.

Action-Not Available
Vendor-n/aOracle Corporation
Product-supply_chain_products_suiten/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2013-4187
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-1.45% / 70.18%
||
7 Day CHG~0.00%
Published-30 Jan, 2020 | 20:40
Updated-06 Aug, 2024 | 16:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Flippy module 7.x-1.x before 7.x-1.2 for Drupal does not properly restrict access to nodes, which allows remote authenticated users with the permission to access content to read a link or alias to a restricted node.

Action-Not Available
Vendor-flippy_projectFlippy
Product-flippyFlippy
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2013-3959
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4||MEDIUM
EPSS-1.33% / 67.67%
||
7 Day CHG~0.00%
Published-14 Jun, 2013 | 19:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Web Navigator in Siemens WinCC before 7.2 Update 1, as used in SIMATIC PCS7 8.0 SP1 and earlier and other products, exhibits different behavior for NetBIOS user names depending on whether the user account exists, which allows remote authenticated users to enumerate account names via crafted URL parameters.

Action-Not Available
Vendor-n/aSiemens AG
Product-winccsimatic_pcs7n/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2013-4088
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-2.37% / 81.74%
||
7 Day CHG~0.00%
Published-21 Feb, 2020 | 15:48
Updated-06 Aug, 2024 | 16:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Kernel/Modules/AgentTicketWatcher.pm in Open Ticket Request System (OTRS) 3.0.x before 3.0.21, 3.1.x before 3.1.17, and 3.2.x before 3.2.8 does not properly restrict tickets, which allows remote attackers with a valid agent login to read restricted tickets via a crafted URL involving the ticket split mechanism.

Action-Not Available
Vendor-n/aOTRS AG
Product-otrsn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2026-7021
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.1||MEDIUM
EPSS-0.18% / 7.69%
||
7 Day CHG~0.00%
Published-26 Apr, 2026 | 05:30
Updated-27 Apr, 2026 | 13:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SmythOS sre Connector Service utils.ts information disclosure

A weakness has been identified in SmythOS sre up to 0.0.15. This impacts an unknown function of the file packages/sdk/src/LLM/utils.ts of the component Connector Service. This manipulation of the argument baseURL causes information disclosure. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-SmythOS
Product-sre
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-284
Improper Access Control
CVE-2013-3972
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-4||MEDIUM
EPSS-1.09% / 61.47%
||
7 Day CHG~0.00%
Published-01 Oct, 2013 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Maximo Asset Management 7.1 before 7.1.1.12 and 7.5 before 7.5.0.5 allows remote authenticated users to obtain sensitive information via unspecified vectors.

Action-Not Available
Vendor-n/aIBM Corporation
Product-maximo_asset_managementn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2013-4039
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-4||MEDIUM
EPSS-1.90% / 77.18%
||
7 Day CHG~0.00%
Published-28 Aug, 2013 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM WebSphere Extended Deployment Compute Grid 8.0 before 8.0.0.3 allows remote authenticated users to obtain sensitive information, and consequently bypass intended access restrictions on jobs, via unspecified vectors.

Action-Not Available
Vendor-n/aIBM Corporation
Product-websphere_extended_deployment_compute_gridn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2013-3507
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4||MEDIUM
EPSS-1.34% / 67.78%
||
7 Day CHG~0.00%
Published-08 May, 2013 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The NeDi component in GroundWork Monitor Enterprise 6.7.0 allows remote authenticated users to obtain sensitive information via a direct request for (1) a configuration file, (2) a database dump, or (3) the Tomcat status context.

Action-Not Available
Vendor-gwosn/a
Product-groundwork_monitorn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-20109
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.3||MEDIUM
EPSS-0.52% / 40.54%
||
7 Day CHG~0.00%
Published-29 Jun, 2022 | 06:55
Updated-15 Apr, 2025 | 14:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Teleopti WFM Administration GetOneTenant Credentials information disclosure

A vulnerability classified as problematic was found in Teleopti WFM up to 7.1.0. Affected by this vulnerability is an unknown functionality of the file /TeleoptiWFM/Administration/GetOneTenant of the component Administration. The manipulation leads to information disclosure (Credentials). The attack can be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue.

Action-Not Available
Vendor-calabrioTeleopti
Product-teleopti_workforce_managementWFM
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2013-3428
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-4||MEDIUM
EPSS-0.95% / 56.83%
||
7 Day CHG~0.00%
Published-15 Jul, 2013 | 15:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The web interface in Cisco Secure Access Control System (ACS) does not properly suppress error-condition details, which allows remote authenticated users to obtain sensitive information via an unspecified request that triggers an error, aka Bug ID CSCue65957.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-secure_access_control_systemn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2013-3020
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-4||MEDIUM
EPSS-0.94% / 56.50%
||
7 Day CHG~0.00%
Published-03 Jul, 2013 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allow remote authenticated users to obtain sensitive information about application implementation via unspecified vectors, a different vulnerability than CVE-2013-0463, CVE-2013-2985, CVE-2013-2987, CVE-2013-0568, CVE-2013-0475, and CVE-2013-0567.

Action-Not Available
Vendor-n/aIBM Corporation
Product-sterling_b2b_integratorsterling_file_gatewayn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2013-2987
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-4||MEDIUM
EPSS-0.94% / 56.49%
||
7 Day CHG~0.00%
Published-03 Jul, 2013 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allow remote authenticated users to obtain sensitive information about application implementation via unspecified vectors, a different vulnerability than CVE-2013-0463, CVE-2013-2985, CVE-2013-3020, CVE-2013-0568, CVE-2013-0475, and CVE-2013-0567.

Action-Not Available
Vendor-n/aIBM Corporation
Product-sterling_b2b_integratorsterling_file_gatewayn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2013-3551
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-1.58% / 72.48%
||
7 Day CHG~0.00%
Published-21 Feb, 2020 | 15:35
Updated-06 Aug, 2024 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Kernel/Modules/AgentTicketPhone.pm in Open Ticket Request System (OTRS) 3.0.x before 3.0.20, 3.1.x before 3.1.16, and 3.2.x before 3.2.7, and OTRS ITSM 3.0.x before 3.0.8, 3.1.x before 3.1.9, and 3.2.x before 3.2.5 does not properly restrict tickets, which allows remote attackers with a valid agent login to read restricted tickets via a crafted URL involving the ticket split mechanism.

Action-Not Available
Vendor-n/aOTRS AG
Product-otrsotrs_itsmn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2013-3380
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-4||MEDIUM
EPSS-1.33% / 67.67%
||
7 Day CHG~0.00%
Published-12 Jun, 2013 | 01:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The administrative web interface in the Access Control Server in Cisco Secure Access Control System (ACS) does not properly restrict the report view page, which allows remote authenticated users to obtain sensitive information via a direct request, aka Bug ID CSCue79279.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-secure_access_control_server_solution_enginen/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2013-2985
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-4||MEDIUM
EPSS-0.94% / 56.50%
||
7 Day CHG~0.00%
Published-03 Jul, 2013 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allow remote authenticated users to obtain sensitive information about application implementation via unspecified vectors, a different vulnerability than CVE-2013-0463, CVE-2013-2987, CVE-2013-3020, CVE-2013-0568, CVE-2013-0475, and CVE-2013-0567.

Action-Not Available
Vendor-n/aIBM Corporation
Product-sterling_b2b_integratorsterling_file_gatewayn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2013-2243
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-4||MEDIUM
EPSS-1.41% / 69.32%
||
7 Day CHG~0.00%
Published-26 Jul, 2013 | 22:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

mod/lesson/pagetypes/matching.php in Moodle through 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, and 2.5.x before 2.5.1 allows remote authenticated users to obtain sensitive answer information by reading the HTML source code of a document.

Action-Not Available
Vendor-n/aMoodle Pty Ltd
Product-moodlen/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2025-1606
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.63% / 45.63%
||
7 Day CHG~0.00%
Published-24 Feb, 2025 | 00:00
Updated-28 Feb, 2025 | 18:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Best Employee Management System backups.php information disclosure

A vulnerability classified as problematic was found in SourceCodester Best Employee Management System 1.0. This vulnerability affects unknown code of the file /admin/backup/backups.php. The manipulation leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-SourceCodestermayuri_k
Product-best_employee_management_systemBest Employee Management System
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-284
Improper Access Control
CVE-2013-2308
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-4||MEDIUM
EPSS-1.17% / 63.71%
||
7 Day CHG~0.00%
Published-09 May, 2013 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The (1) OWA Helper and (2) OSG Lite programs in SoftBank Online Service Gate allow remote authenticated users to discover their own passwords, and consequently bypass an Office 365 restriction, via unspecified vectors.

Action-Not Available
Vendor-softbanktechn/a
Product-online_service_gaten/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2013-1814
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-4||MEDIUM
EPSS-73.22% / 99.39%
||
7 Day CHG~0.00%
Published-14 Mar, 2013 | 00:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The users/get program in the User RPC API in Apache Rave 0.11 through 0.20 allows remote authenticated users to obtain sensitive information about all user accounts via the offset parameter, as demonstrated by discovering password hashes in the password field of a response.

Action-Not Available
Vendor-n/aThe Apache Software Foundation
Product-raven/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2013-0568
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-4||MEDIUM
EPSS-0.94% / 56.49%
||
7 Day CHG~0.00%
Published-03 Jul, 2013 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allow remote authenticated users to obtain sensitive information about application implementation via unspecified vectors, a different vulnerability than CVE-2013-0463, CVE-2013-2985, CVE-2013-2987, CVE-2013-3020, CVE-2013-0475, and CVE-2013-0567.

Action-Not Available
Vendor-n/aIBM Corporation
Product-sterling_b2b_integratorsterling_file_gatewayn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2013-10030
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.3||MEDIUM
EPSS-0.75% / 50.40%
||
7 Day CHG~0.00%
Published-05 Jun, 2023 | 22:00
Updated-06 Aug, 2024 | 18:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Exit Box Lite Plugin wordpress-exit-box-lite.php information disclosure

A vulnerability, which was classified as problematic, has been found in Exit Box Lite Plugin up to 1.06 on WordPress. Affected by this issue is some unknown functionality of the file wordpress-exit-box-lite.php. The manipulation leads to information disclosure. The attack may be launched remotely. Upgrading to version 1.10 is able to address this issue. The name of the patch is fad26701addb862c51baf85c6e3cc136aa79c309. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-230672.

Action-Not Available
Vendor-angrybyten/a
Product-wordpress_exit_box_liteExit Box Lite Plugin
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2013-0567
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-4||MEDIUM
EPSS-1.08% / 61.09%
||
7 Day CHG~0.00%
Published-03 Jul, 2013 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allow remote authenticated users to obtain sensitive information about application implementation via unspecified vectors, a different vulnerability than CVE-2013-0463, CVE-2013-2985, CVE-2013-2987, CVE-2013-3020, CVE-2013-0568, and CVE-2013-0475.

Action-Not Available
Vendor-n/aIBM Corporation
Product-sterling_b2b_integratorsterling_file_gatewayn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2013-1107
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-4||MEDIUM
EPSS-0.95% / 56.82%
||
7 Day CHG~0.00%
Published-06 Feb, 2013 | 11:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The search function in Cisco Webex Social (formerly Cisco Quad) allows remote authenticated users to read files via unspecified parameters, aka Bug ID CSCud40235.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-webex_socialn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2013-0463
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-4||MEDIUM
EPSS-0.94% / 56.50%
||
7 Day CHG~0.00%
Published-03 Jul, 2013 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allow remote authenticated users to obtain sensitive information about application implementation via unspecified vectors, a different vulnerability than CVE-2013-2985, CVE-2013-2987, CVE-2013-3020, CVE-2013-0568, CVE-2013-0475, and CVE-2013-0567.

Action-Not Available
Vendor-n/aIBM Corporation
Product-sterling_b2b_integratorsterling_file_gatewayn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2013-0212
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-4||MEDIUM
EPSS-2.96% / 85.56%
||
7 Day CHG~0.00%
Published-24 Feb, 2013 | 21:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

store/swift.py in OpenStack Glance Essex (2012.1), Folsom (2012.2) before 2012.2.3, and Grizzly, when in Swift single tenant mode, logs the Swift endpoint's user name and password in cleartext when the endpoint is misconfigured or unusable, allows remote authenticated users to obtain sensitive information by reading the error messages.

Action-Not Available
Vendor-n/aOpenStackCanonical Ltd.
Product-ubuntu_linuximage_registry_and_delivery_service_\(glance\)n/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2012-6341
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-1.29% / 66.83%
||
7 Day CHG~0.00%
Published-06 Feb, 2020 | 18:17
Updated-06 Aug, 2024 | 21:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An Information Disclosure vulnerability exists in the my config file in NEtGEAR WGR614 v7 and v9, which could let a malicious user recover all previously used passwords on the device, for both the control panel and WEP/WPA/WPA2, in plaintext. This is a different issue than CVE-2012-6340.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-wgr614v9_firmwarewgr614v7_firmwarewgr614v9wgr614v7n/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2013-0192
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-4.9||MEDIUM
EPSS-3.76% / 88.58%
||
7 Day CHG~0.00%
Published-07 Feb, 2020 | 13:29
Updated-06 Aug, 2024 | 14:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

File Disclosure in SMF (SimpleMachines Forum) <= 2.0.3: Forum admin can read files such as the database config.

Action-Not Available
Vendor-simplemachinesSMF
Product-simple_machines_forumSMF
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2012-5570
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-4.3||MEDIUM
EPSS-1.11% / 61.92%
||
7 Day CHG~0.00%
Published-08 Feb, 2020 | 18:14
Updated-06 Aug, 2024 | 21:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Basic webmail module 6.x-1.x before 6.x-1.2 for Drupal allows remote authenticated users with the "access basic_webmail" permission to read arbitrary users' email addresses.

Action-Not Available
Vendor-basic_webmail_projectn/a
Product-basic_webmailBasic webmail module
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2012-4583
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4||MEDIUM
EPSS-0.94% / 56.49%
||
7 Day CHG~0.00%
Published-22 Aug, 2012 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email Gateway (MEG) 7.0 before Patch 1, allows remote authenticated users to obtain the session tokens of arbitrary users by navigating within the Dashboard.

Action-Not Available
Vendor-n/aMcAfee, LLC
Product-email_gatewayemail_and_web_securityn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2015-5443
Matching Score-4
Assigner-HP Inc.
ShareView Details
Matching Score-4
Assigner-HP Inc.
CVSS Score-4||MEDIUM
EPSS-1.17% / 63.53%
||
7 Day CHG~0.00%
Published-12 Oct, 2015 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HP 3PAR Service Processor SP 4.2.0.GA-29 (GA) SPOCC, SP 4.3.0.GA-17 (GA) SPOCC, and SP 4.3.0-GA-24 (MU1) SPOCC allows remote authenticated users to obtain sensitive information via unspecified vectors.

Action-Not Available
Vendor-n/aHP Inc.
Product-3par_service_processor_spn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2012-5473
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-4||MEDIUM
EPSS-1.12% / 62.15%
||
7 Day CHG~0.00%
Published-21 Nov, 2012 | 11:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Database activity module in Moodle 2.1.x before 2.1.9, 2.2.x before 2.2.6, and 2.3.x before 2.3.3 allows remote authenticated users to read activity entries of a different group's users via an advanced search.

Action-Not Available
Vendor-n/aMoodle Pty Ltd
Product-moodlen/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2025-13785
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.32% / 24.09%
||
7 Day CHG+0.01%
Published-30 Nov, 2025 | 07:32
Updated-06 Dec, 2025 | 00:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
yungifez Skuul School Management System Image profile information disclosure

A security vulnerability has been detected in yungifez Skuul School Management System up to 2.6.5. This issue affects some unknown processing of the file /user/profile of the component Image Handler. Such manipulation leads to information disclosure. The attack may be performed from remote. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-yungifezyungifez
Product-skuulSkuul School Management System
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-284
Improper Access Control
CVE-2025-13804
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.23% / 13.68%
||
7 Day CHG+0.01%
Published-01 Dec, 2025 | 03:02
Updated-24 Feb, 2026 | 07:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
nutzam NutzBoot Ethereum Wallet EthModule.java information disclosure

A security flaw has been discovered in nutzam NutzBoot up to 2.6.0-SNAPSHOT. The impacted element is an unknown function of the file nutzboot-demo/nutzboot-demo-simple/nutzboot-demo-simple-web3j/src/main/java/io/nutz/demo/simple/module/EthModule.java of the component Ethereum Wallet Handler. Performing a manipulation results in information disclosure. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks.

Action-Not Available
Vendor-nutzam
Product-NutzBoot
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-284
Improper Access Control
CVE-2025-12276
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.37% / 28.82%
||
7 Day CHG~0.00%
Published-27 Oct, 2025 | 13:02
Updated-03 Nov, 2025 | 19:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
LearnHouse Image information disclosure

A vulnerability was detected in LearnHouse up to 98dfad76aad70711a8113f6c1fdabfccf10509ca. Affected by this issue is some unknown functionality of the component Image Handler. The manipulation results in information disclosure. The attack can be executed remotely. The exploit is now public and may be used. This product implements a rolling release for ongoing delivery, which means version information for affected or updated releases is unavailable. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-learnhousen/a
Product-learnhouseLearnHouse
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-284
Improper Access Control
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 18
  • 19
  • Next
Details not found