Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2023-38847

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-25 Oct, 2023 | 00:00
Updated At-12 Sep, 2024 | 14:20
Rejected At-
Credits

An issue in CHRISTINA JAPAN Line v.13.6.1 allows a remote attacker to obtain sensitive information via crafted GET request.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:25 Oct, 2023 | 00:00
Updated At:12 Sep, 2024 | 14:20
Rejected At:
▼CVE Numbering Authority (CNA)

An issue in CHRISTINA JAPAN Line v.13.6.1 allows a remote attacker to obtain sensitive information via crafted GET request.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://liff.line.me/1657631315-oX5J26Ak
N/A
https://github.com/syz913/CVE-reports/blob/main/CVE-2023-38847.md
N/A
Hyperlink: https://liff.line.me/1657631315-oX5J26Ak
Resource: N/A
Hyperlink: https://github.com/syz913/CVE-reports/blob/main/CVE-2023-38847.md
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://liff.line.me/1657631315-oX5J26Ak
x_transferred
https://github.com/syz913/CVE-reports/blob/main/CVE-2023-38847.md
x_transferred
Hyperlink: https://liff.line.me/1657631315-oX5J26Ak
Resource:
x_transferred
Hyperlink: https://github.com/syz913/CVE-reports/blob/main/CVE-2023-38847.md
Resource:
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Problem Types
TypeCWE IDDescription
CWECWE-200CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
Type: CWE
CWE ID: CWE-200
Description: CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:25 Oct, 2023 | 22:15
Updated At:12 Sep, 2024 | 15:35

An issue in CHRISTINA JAPAN Line v.13.6.1 allows a remote attacker to obtain sensitive information via crafted GET request.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Type: Primary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CPE Matches
linecorp
linecorp
>>line>>13.6.1
cpe:2.3:a:linecorp:line:13.6.1:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-noinfoPrimarynvd@nist.gov
CWE-200Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: NVD-CWE-noinfo
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-200
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/syz913/CVE-reports/blob/main/CVE-2023-38847.mdcve@mitre.org
Exploit
Third Party Advisory
https://liff.line.me/1657631315-oX5J26Akcve@mitre.org
Product
Hyperlink: https://github.com/syz913/CVE-reports/blob/main/CVE-2023-38847.md
Source: cve@mitre.org
Resource:
Exploit
Third Party Advisory
Hyperlink: https://liff.line.me/1657631315-oX5J26Ak
Source: cve@mitre.org
Resource:
Product

Change History

0
Information is not available yet

Similar CVEs

851Records found
CVE-2023-38849
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.22% / 44.70%
||
7 Day CHG~0.00%
Published-25 Oct, 2023 | 00:00
Updated-11 Sep, 2024 | 19:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue in tire-sales Line v.13.6.1 allows a remote attacker to obtain sensitive information via crafted GET request.

Action-Not Available
Vendor-linecorpn/alinecorp
Product-linen/aline
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2023-38845
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.22% / 44.70%
||
7 Day CHG~0.00%
Published-25 Oct, 2023 | 00:00
Updated-12 Sep, 2024 | 15:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue in Anglaise Company Anglaise.Company v.13.6.1 allows a remote attacker to obtain sensitive information via crafted GET request.

Action-Not Available
Vendor-linecorpn/a
Product-linen/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2023-38846
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.22% / 44.70%
||
7 Day CHG~0.00%
Published-25 Oct, 2023 | 00:00
Updated-12 Sep, 2024 | 15:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue in Marbre Lapin Line v.13.6.1 allows a remote attacker to obtain sensitive information via crafted GET request.

Action-Not Available
Vendor-linecorpn/a
Product-linen/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2023-48134
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.11% / 29.82%
||
7 Day CHG~0.00%
Published-16 Nov, 2023 | 00:00
Updated-14 Aug, 2024 | 19:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

nagayama_copabowl Line 13.6.1 is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor.

Action-Not Available
Vendor-linecorpn/alinecorp
Product-linen/aline
CVE-2023-38848
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.23% / 45.40%
||
7 Day CHG~0.00%
Published-25 Oct, 2023 | 00:00
Updated-12 Sep, 2024 | 15:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue in rmc R Beauty CLINIC Line v.13.6.1 allows a remote attacker to obtain sensitive information via crafted GET request.

Action-Not Available
Vendor-linecorpn/a
Product-linen/a
CWE ID-CWE-284
Improper Access Control
CVE-2023-38493
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.17% / 38.60%
||
7 Day CHG~0.00%
Published-25 Jul, 2023 | 20:51
Updated-03 Oct, 2024 | 18:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Paths contain matrix variables bypass decorators

Armeria is a microservice framework Spring supports Matrix variables. When Spring integration is used, Armeria calls Spring controllers via `TomcatService` or `JettyService` with the path that may contain matrix variables. Prior to version 1.24.3, the Armeria decorators might not invoked because of the matrix variables. If an attacker sends a specially crafted request, the request may bypass the authorizer. Version 1.24.3 contains a patch for this issue.

Action-Not Available
Vendor-linecorplinelinecorp
Product-armeriaarmeriaarmeria
CWE ID-CWE-863
Incorrect Authorization
CVE-2021-43795
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.75% / 72.22%
||
7 Day CHG~0.00%
Published-02 Dec, 2021 | 18:00
Updated-04 Aug, 2024 | 04:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in com.linecorp.armeria:armeria

Armeria is an open source microservice framework. In affected versions an attacker can access an Armeria server's local file system beyond its restricted directory by sending an HTTP request whose path contains `%2F` (encoded `/`), such as `/files/..%2Fsecrets.txt`, bypassing Armeria's path validation logic. Armeria 1.13.4 or above contains the hardened path validation logic that handles `%2F` properly. This vulnerability can be worked around by inserting a decorator that performs an additional validation on the request path.

Action-Not Available
Vendor-linecorpline
Product-armeriaarmeria
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2021-41011
Matching Score-8
Assigner-LY Corporation
ShareView Details
Matching Score-8
Assigner-LY Corporation
CVSS Score-7.5||HIGH
EPSS-0.39% / 59.25%
||
7 Day CHG~0.00%
Published-22 Sep, 2021 | 15:07
Updated-04 Aug, 2024 | 02:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

LINE client for iOS before 11.15.0 might expose authentication information for a certain service to external entities under certain conditions. This is usually impossible, but in combination with a server-side bug, attackers could get this information.

Action-Not Available
Vendor-linecorpLINE Corporation
Product-lineLINE client for iOS
CVE-2023-48135
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.17% / 38.28%
||
7 Day CHG~0.00%
Published-26 Jan, 2024 | 00:00
Updated-17 Jun, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue in mimasaka_farm mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.

Action-Not Available
Vendor-linecorpn/a
Product-linen/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2023-48130
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.17% / 38.28%
||
7 Day CHG~0.00%
Published-26 Jan, 2024 | 00:00
Updated-04 Sep, 2024 | 20:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue in GINZA CAFE mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.

Action-Not Available
Vendor-linecorpn/alinecorp
Product-linen/aline
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2023-48129
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.17% / 38.28%
||
7 Day CHG~0.00%
Published-26 Jan, 2024 | 00:00
Updated-20 Jun, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue in kimono-oldnew mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.

Action-Not Available
Vendor-linecorpn/a
Product-linen/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2023-43995
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.08% / 24.20%
||
7 Day CHG~0.00%
Published-24 Jan, 2024 | 00:00
Updated-20 Jun, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue in picot.golf mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.

Action-Not Available
Vendor-linecorpn/a
Product-linen/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2023-43997
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.08% / 24.20%
||
7 Day CHG~0.00%
Published-24 Jan, 2024 | 00:00
Updated-20 Jun, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue in Yoruichi hobby base mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.

Action-Not Available
Vendor-linecorpn/a
Product-linen/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2023-43998
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.08% / 24.20%
||
7 Day CHG~0.00%
Published-24 Jan, 2024 | 00:00
Updated-03 Sep, 2024 | 20:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue in Books-futaba mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.

Action-Not Available
Vendor-linecorpn/a
Product-linen/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2023-43992
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.08% / 24.20%
||
7 Day CHG~0.00%
Published-24 Jan, 2024 | 00:00
Updated-20 Jun, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue in STOCKMAN GROUP mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.

Action-Not Available
Vendor-linecorpn/a
Product-linen/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2023-39737
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-8.2||HIGH
EPSS-0.21% / 43.95%
||
7 Day CHG~0.00%
Published-24 Oct, 2023 | 00:00
Updated-12 Sep, 2024 | 16:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The leakage of the client secret in Matsuya Line 13.6.1 allows attackers to obtain the channel access token and send crafted broadcast messages.

Action-Not Available
Vendor-linecorpn/alinecorp
Product-matsuyan/amatsuya
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2023-39735
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-8.2||HIGH
EPSS-0.21% / 43.95%
||
7 Day CHG~0.00%
Published-24 Oct, 2023 | 00:00
Updated-12 Sep, 2024 | 16:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The leakage of the client secret in Uomasa_Saiji_news Line 13.6.1 allows attackers to obtain the channel access token and send crafted broadcast messages.

Action-Not Available
Vendor-linecorpn/alinecorp
Product-uomasa_saiji_newn/auomasa_saiji_new
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2023-48131
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.17% / 38.28%
||
7 Day CHG~0.00%
Published-26 Jan, 2024 | 00:00
Updated-17 Jun, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue in CHIGASAKI BAKERY mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.

Action-Not Available
Vendor-linecorpn/a
Product-linen/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2023-48132
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.17% / 38.28%
||
7 Day CHG~0.00%
Published-26 Jan, 2024 | 00:00
Updated-20 Jun, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue in kosei entertainment esportsstudioLegends mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.

Action-Not Available
Vendor-linecorpn/a
Product-linen/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2023-43996
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.08% / 24.20%
||
7 Day CHG~0.00%
Published-24 Jan, 2024 | 00:00
Updated-20 Jun, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue in Q co ltd mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.

Action-Not Available
Vendor-linecorpn/a
Product-linen/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2023-43994
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.08% / 24.20%
||
7 Day CHG~0.00%
Published-24 Jan, 2024 | 00:00
Updated-16 Jun, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue in Cleaning_makotoya mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.

Action-Not Available
Vendor-linecorpn/a
Product-linen/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2023-43993
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.08% / 24.20%
||
7 Day CHG~0.00%
Published-24 Jan, 2024 | 00:00
Updated-04 Sep, 2024 | 20:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue in smaregi_app_market mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.

Action-Not Available
Vendor-linecorpn/alinecorp
Product-linen/aline
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2023-39736
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-8.2||HIGH
EPSS-0.21% / 43.95%
||
7 Day CHG~0.00%
Published-24 Oct, 2023 | 00:00
Updated-12 Sep, 2024 | 16:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The leakage of the client secret in Fukunaga_memberscard Line 13.6.1 allows attackers to obtain the channel access token and send crafted broadcast messages.

Action-Not Available
Vendor-linecorpn/alinecorp
Product-fukunaga_memberscardn/afukunaga_memberscard
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2023-39739
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-8.2||HIGH
EPSS-0.21% / 43.95%
||
7 Day CHG~0.00%
Published-24 Oct, 2023 | 00:00
Updated-12 Sep, 2024 | 16:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The leakage of the client secret in REGINA SWEETS&BAKERY Line 13.6.1 allows attackers to obtain the channel access token and send crafted broadcast messages.

Action-Not Available
Vendor-linecorpn/alinecorp
Product-regina_sweets\&bakeryn/aregina_sweets\&bakery
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2024-29842
Matching Score-4
Assigner-DirectCyber
ShareView Details
Matching Score-4
Assigner-DirectCyber
CVSS Score-7.5||HIGH
EPSS-0.09% / 26.93%
||
7 Day CHG~0.00%
Published-14 Apr, 2024 | 23:48
Updated-02 Aug, 2024 | 01:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Broken Access control on DESKTOP_EDIT_USER_GET_ABACARD_FIELDS in Evolution Controller allows unauthenticated attackers to retrieve ABACARD values

The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below contains poorly configured access control on DESKTOP_EDIT_USER_GET_ABACARD_FIELDS, allowing for an unauthenticated attacker to return the abacard field of any user

Action-Not Available
Vendor-CS Technologies Australiacs_technologies
Product-Evolution Controllerevolution_controller
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-284
Improper Access Control
CVE-2024-29839
Matching Score-4
Assigner-DirectCyber
ShareView Details
Matching Score-4
Assigner-DirectCyber
CVSS Score-7.5||HIGH
EPSS-0.09% / 26.93%
||
7 Day CHG~0.00%
Published-14 Apr, 2024 | 23:48
Updated-02 Aug, 2024 | 01:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Broken Access control on DESKTOP_EDIT_USER_GET_CARD in Evolution Controller allows unauthenticated attackers to retrieve card data values.

The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below contains poorly configured access control on DESKTOP_EDIT_USER_GET_CARD, allowing for an unauthenticated attacker to return the card value data of any user

Action-Not Available
Vendor-CS Technologies Australiacs_technologies
Product-Evolution Controllerevolution_controller
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-284
Improper Access Control
CVE-2019-0405
Matching Score-4
Assigner-SAP SE
ShareView Details
Matching Score-4
Assigner-SAP SE
CVSS Score-7.5||HIGH
EPSS-0.28% / 51.03%
||
7 Day CHG~0.00%
Published-11 Dec, 2019 | 21:35
Updated-04 Aug, 2024 | 17:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SAP Enable Now, before version 1911, leaks information about the existence of a particular user which can be used to construct a list of users, leading to a user enumeration vulnerability and Information Disclosure.

Action-Not Available
Vendor-SAP SE
Product-enable_nowSAP Enable Now
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2019-0352
Matching Score-4
Assigner-SAP SE
ShareView Details
Matching Score-4
Assigner-SAP SE
CVSS Score-7.5||HIGH
EPSS-0.28% / 51.03%
||
7 Day CHG~0.00%
Published-10 Sep, 2019 | 16:03
Updated-04 Aug, 2024 | 17:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In SAP Business Objects Business Intelligence Platform, before versions 4.1, 4.2 and 4.3, some dynamic pages (like jsp) are cached, which leads to an attacker can see the sensitive information via cache and can open the dynamic pages even after logout.

Action-Not Available
Vendor-SAP SE
Product-businessobjects_business_intelligence_platformSAP BusinessObjects Business Intelligence Platform (CMC)
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2021-38960
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.22% / 44.83%
||
7 Day CHG~0.00%
Published-04 Feb, 2022 | 22:33
Updated-16 Sep, 2024 | 16:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM OPENBMC OP920, OP930, and OP940 could allow an unauthenticated user to obtain sensitive information. IBM X-Force ID: 212047.

Action-Not Available
Vendor-IBM Corporation
Product-power_hardware_management_console_\(7063-cr2\)_firmwarepower_system_ac922_\(8335-gtx\)_firmwarepower_system_ac922_\(8335-gth\)_firmwarepower_system_ac922_\(8335-gth\)power_system_ac922_\(8335-gtx\)power_hardware_management_console_\(7063-cr2\)HMCOPENBMC
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2011-3613
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-0.74% / 72.06%
||
7 Day CHG~0.00%
Published-22 Jan, 2020 | 17:19
Updated-06 Aug, 2024 | 23:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue exists in Vanilla Forums before 2.0.17.9 due to the way cookies are handled.

Action-Not Available
Vendor-vanillaforumsVanilla
Product-vanillaVanilla Forums
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2011-3269
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.32% / 54.08%
||
7 Day CHG~0.00%
Published-09 Mar, 2020 | 18:11
Updated-06 Aug, 2024 | 23:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Lexmark X, W, T, E, C, 6500e, and 25xxN devices before 2011-11-15 allow attackers to obtain sensitive information via a hidden email address in a Scan To Email shortcut.

Action-Not Available
Vendor-n/aLexmark International, Inc.
Product-x736_firmwarex850e250x792dee330t644x950_firmwaree232c540x36xx546_firmwaree460_firmwarec534_firmwarex734x264c520_firmwarex945e_firmwarex954_firmwaree234c524_firmwarec760x544_firmwaret440e260x736x548de_firmwarex854_firmwarec520x850_firmwarex264_firmwarec510_firmwaret650_firmwarex952_firmwarec920e120x34xx952x544t654x782e_firmwarex792de_firmwarec532_firmwarex650t640_firmwaree460c772c736_firmwaret652_firmwaree340t650e240_firmwarec925dec789x646_firmwarec770_firmwarec534c522e360e120_firmwarex862t644_firmwarec782_firmwarec760_firmwaree240nw850e450e360_firmwarec734x772e_firmwarex860x422_firmwarec950x954t656_firmwaret652x738x422t656x940e_firmwarec925de_firmwarec734_firmwarec510x945ex46x_firmwarex782ee462_firmwarec532w840_firmwarex46xc540_firmwarex34x_firmwarec530c530_firmwarex940ee330_firmwarec792ew850_firmwarex642x772ee232_firmwarec782x546e340_firmwarex738_firmwarec770t642_firmwaree234n_firmwarex548det654_firmware25xxn_firmwaret642c950_firmwaree234_firmwarex925dee332nx650_firmwarex854x864_firmwaree240n_firmwaree234n25xxnx852_firmwarec792e_firmwarex543_firmwaree230_firmwarec522_firmwarew840e238c546e332n_firmwaree342_firmwarec772_firmwaree240e250_firmwarec789_firmwarec546_firmwarec524c762_firmwarec920_firmwarex950x862_firmwarex864e230t640c935dn_firmwaree350_firmware6500ee342e238_firmwarex644x860_firmwarec762x543x642_firmware6500e_firmwarec736x36x_firmwaree350x852x734_firmwarec935dnx925de_firmwaret440_firmwaree450_firmwarex646e462e260_firmwarex644_firmwaren/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2018-8890
Matching Score-4
Assigner-BlackBerry
ShareView Details
Matching Score-4
Assigner-BlackBerry
CVSS Score-7.5||HIGH
EPSS-0.32% / 54.65%
||
7 Day CHG~0.00%
Published-12 Oct, 2018 | 13:00
Updated-16 Sep, 2024 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability in the Management Console of BlackBerry UEM 12.8.0 and 12.8.1 could allow an attacker to take over a UEM user's session and perform administrative actions in the context of the user.

Action-Not Available
Vendor-BlackBerry Limited
Product-unified_endpoint_managerUEM
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2011-2480
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-0.42% / 60.81%
||
7 Day CHG~0.00%
Published-27 Nov, 2019 | 18:53
Updated-06 Aug, 2024 | 23:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Information Disclosure vulnerability in the 802.11 stack, as used in FreeBSD before 8.2 and NetBSD when using certain non-x86 architectures. A signedness error in the IEEE80211_IOC_CHANINFO ioctl allows a local unprivileged user to cause the kernel to copy large amounts of kernel memory back to the user, disclosing potentially sensitive information.

Action-Not Available
Vendor-NetBSDFreeBSD Foundation
Product-freebsdnetbsdFreeBSDNetBSD
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2023-1683
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.3||MEDIUM
EPSS-0.04% / 12.64%
||
7 Day CHG~0.00%
Published-29 Mar, 2023 | 01:00
Updated-02 Aug, 2024 | 05:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Xunrui CMS system_log.html information disclosure

A vulnerability was found in Xunrui CMS 4.61 and classified as problematic. Affected by this issue is some unknown functionality of the file /dayrui/Fcms/View/system_log.html. The manipulation leads to information disclosure. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-224240.

Action-Not Available
Vendor-xunruicmsXunrui
Product-xunruicmsCMS
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2023-1831
Matching Score-4
Assigner-Mattermost, Inc.
ShareView Details
Matching Score-4
Assigner-Mattermost, Inc.
CVSS Score-7.2||HIGH
EPSS-0.07% / 21.56%
||
7 Day CHG~0.00%
Published-17 Apr, 2023 | 14:21
Updated-06 Dec, 2024 | 23:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
User password logged in audit logs

Mattermost fails to redact from audit logs the user password during user creation and the user password hash in other operations if the experimental audit logging configuration was enabled (ExperimentalAuditSettings section in config).

Action-Not Available
Vendor-Mattermost, Inc.
Product-mattermost_serverMattermost
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2009-5045
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.87% / 82.35%
||
7 Day CHG~0.00%
Published-06 Nov, 2019 | 19:51
Updated-07 Aug, 2024 | 07:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dump Servlet information leak in jetty before 6.1.22.

Action-Not Available
Vendor-n/aDebian GNU/LinuxEclipse Foundation AISBL
Product-debian_linuxjettyn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2023-1769
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.3||MEDIUM
EPSS-0.10% / 27.86%
||
7 Day CHG~0.00%
Published-31 Mar, 2023 | 11:00
Updated-02 Aug, 2024 | 05:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Grade Point Average GPA Calculator index.php information disclosure

A vulnerability, which was classified as problematic, was found in SourceCodester Grade Point Average GPA Calculator 1.0. Affected is an unknown function of the file index.php. The manipulation of the argument page with the input php://filter/read=convert.base64-encode/resource=grade_table leads to information disclosure. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-224670 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-grade_point_average_\(gpa\)_calculator_projectSourceCodester
Product-grade_point_average_\(gpa\)_calculatorGrade Point Average GPA Calculator
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2023-28444
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-9.9||CRITICAL
EPSS-0.06% / 19.56%
||
7 Day CHG~0.00%
Published-24 Mar, 2023 | 19:58
Updated-24 Feb, 2025 | 19:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
angular-server-side-configuration information disclosure vulnerability in monorepo with node.js backend

angular-server-side-configuration helps configure an angular application at runtime on the server or in a docker container via environment variables. angular-server-side-configuration detects used environment variables in TypeScript (.ts) files during build time of an Angular CLI project. The detected environment variables are written to a ngssc.json file in the output directory. During deployment of an Angular based app, the environment variables based on the variables from ngssc.json are inserted into the apps index.html (or defined index file). With version 15.0.0 the environment variable detection was widened to the entire project, relative to the angular.json file from the Angular CLI. In a monorepo setup, this could lead to environment variables intended for a backend/service to be detected and written to the ngssc.json, which would then be populated and exposed via index.html. This has NO IMPACT, in a plain Angular project that has no backend component. This vulnerability has been mitigated in version 15.1.0, by adding an option `searchPattern` which restricts the detection file range by default. As a workaround, manually edit or create ngssc.json or run script after ngssc.json generation.

Action-Not Available
Vendor-angular-server-side-configuration_projectkyubisation
Product-angular-server-side-configurationangular-server-side-configuration
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-538
Insertion of Sensitive Information into Externally-Accessible File or Directory
CVE-2018-7844
Matching Score-4
Assigner-Schneider Electric
ShareView Details
Matching Score-4
Assigner-Schneider Electric
CVSS Score-7.5||HIGH
EPSS-13.83% / 94.04%
||
7 Day CHG~0.00%
Published-22 May, 2019 | 20:06
Updated-05 Aug, 2024 | 06:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-200: Information Exposure vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause the disclosure of SNMP information when reading memory blocks from the controller over Modbus.

Action-Not Available
Vendor-n/a
Product-modicon_quantummodicon_quantum_firmwaremodicon_m580_firmwaremodicon_premium_firmwaremodicon_premiummodicon_m340modicon_m340_firmwaremodicon_m580Modicon M580 Modicon M340 Modicon Quantum Modicon Premium
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2025-29992
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-Not Assigned
Published-26 Aug, 2025 | 00:00
Updated-27 Aug, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mahara before 24.04.9 exposes database connection information if the database becomes unreachable, e.g., due to the database server being temporarily down or too busy.

Action-Not Available
Vendor-n/a
Product-n/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-2183
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-30.85% / 96.57%
||
7 Day CHG~0.00%
Published-01 Sep, 2016 | 00:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a "Sweet32" attack.

Action-Not Available
Vendor-n/aNode.js (OpenJS Foundation)Cisco Systems, Inc.Red Hat, Inc.OpenSSLOracle CorporationPython Software Foundation
Product-enterprise_linuxpythonjboss_enterprise_web_serverjboss_enterprise_application_platformcontent_security_management_appliancejboss_web_servernode.jsopenssldatabasen/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2025-33051
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-0.08% / 25.54%
||
7 Day CHG~0.00%
Published-12 Aug, 2025 | 17:09
Updated-27 Aug, 2025 | 16:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Exchange Server Information Disclosure Vulnerability

Exposure of sensitive information to an unauthorized actor in Microsoft Exchange Server allows an unauthorized attacker to disclose information over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-Microsoft Exchange Server Subscription Edition RTMMicrosoft Exchange Server 2019 Cumulative Update 15Microsoft Exchange Server 2016 Cumulative Update 23Microsoft Exchange Server 2019 Cumulative Update 14
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2025-50154
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-1.11% / 77.21%
||
7 Day CHG~0.00%
Published-12 Aug, 2025 | 17:09
Updated-27 Aug, 2025 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Windows File Explorer Spoofing Vulnerability

Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_1809windows_10_22h2windows_server_2012windows_server_2008windows_server_2019windows_10_1507windows_server_2022_23h2windows_10_21h2windows_11_23h2windows_server_2022windows_server_2016windows_server_2025windows_11_24h2windows_10_1607windows_11_22h2Windows 11 Version 23H2Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012Windows Server 2016 (Server Core installation)Windows Server 2012 (Server Core installation)Windows Server 2012 R2 (Server Core installation)Windows Server 2025Windows 10 Version 1809Windows Server 2019 (Server Core installation)Windows 11 Version 24H2Windows 10 Version 1507Windows 10 Version 22H2Windows Server 2016Windows Server 2008 Service Pack 2Windows Server 2019Windows 10 Version 21H2Windows 11 version 22H2Windows Server 2008 R2 Service Pack 1Windows Server 2022Windows Server 2025 (Server Core installation)Windows 11 version 22H3Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2008 Service Pack 2Windows Server 2012 R2Windows Server 2008 Service Pack 2 (Server Core installation)Windows 10 Version 1607
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2023-1387
Matching Score-4
Assigner-Grafana Labs
ShareView Details
Matching Score-4
Assigner-Grafana Labs
CVSS Score-4.2||MEDIUM
EPSS-0.26% / 49.33%
||
7 Day CHG+0.01%
Published-26 Apr, 2023 | 13:47
Updated-13 Feb, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Grafana is an open-source platform for monitoring and observability. Starting with the 9.1 branch, Grafana introduced the ability to search for a JWT in the URL query parameter auth_token and use it as the authentication token. By enabling the "url_login" configuration option (disabled by default), a JWT might be sent to data sources. If an attacker has access to the data source, the leaked token could be used to authenticate to Grafana.

Action-Not Available
Vendor-Grafana Labs
Product-grafanaGrafana EnterpriseGrafana
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2018-8863
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-5.9||MEDIUM
EPSS-0.13% / 33.20%
||
7 Day CHG~0.00%
Published-09 Nov, 2023 | 22:46
Updated-03 Sep, 2024 | 18:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Philips EncoreAnywhere Exposure of Sensitive Information to an Unauthorized Actor

The HTTP header in Philips EncoreAnywhere contains data an attacker may be able to use to gain sensitive information.

Action-Not Available
Vendor-Philips
Product-encoreanywhereEncoreAnywhere
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2023-1790
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.3||MEDIUM
EPSS-0.10% / 27.49%
||
7 Day CHG~0.00%
Published-01 Apr, 2023 | 09:00
Updated-02 Aug, 2024 | 05:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Simple Task Allocation System index.php information disclosure

A vulnerability, which was classified as problematic, was found in SourceCodester Simple Task Allocation System 1.0. Affected is an unknown function of the file index.php. The manipulation of the argument page leads to information disclosure. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-224724.

Action-Not Available
Vendor-simple_task_allocation_system_projectSourceCodester
Product-simple_task_allocation_systemSimple Task Allocation System
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2023-1858
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 22.77%
||
7 Day CHG~0.00%
Published-05 Apr, 2023 | 08:00
Updated-02 Aug, 2024 | 06:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Earnings and Expense Tracker App index.php information disclosure

A vulnerability was found in SourceCodester Earnings and Expense Tracker App 1.0. It has been classified as problematic. This affects an unknown part of the file index.php. The manipulation of the argument page leads to information disclosure. It is possible to initiate the attack remotely. The identifier VDB-224997 was assigned to this vulnerability.

Action-Not Available
Vendor-earnings_and_expense_tracker_app_projectSourceCodester
Product-earnings_and_expense_tracker_appEarnings and Expense Tracker App
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-11059
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.32% / 54.65%
||
7 Day CHG~0.00%
Published-28 Apr, 2020 | 16:20
Updated-06 Aug, 2024 | 03:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by password exposure. This affects AC1450 before 2017-01-06, C6300 before 2017-01-06, D500 before 2017-01-06, D1500 before 2017-01-06, D3600 before 2017-01-06, D6000 before 2017-01-06, D6100 before 2017-01-06, D6200 before 2017-01-06, D6200B before 2017-01-06, D6300B before 2017-01-06, D6300 before 2017-01-06, DGN1000v3 before 2017-01-06, DGN2200v1 before 2017-01-06, DGN2200v3 before 2017-01-06, DGN2200V4 before 2017-01-06, DGN2200Bv3 before 2017-01-06, DGN2200Bv4 before 2017-01-06, DGND3700v1 before 2017-01-06, DGND3700v2 before 2017-01-06, DGND3700Bv2 before 2017-01-06, JNR1010v1 before 2017-01-06, JNR1010v2 before 2017-01-06, JNR3300 before 2017-01-06, JR6100 before 2017-01-06, JR6150 before 2017-01-06, JWNR2000v5 before 2017-01-06, R2000 before 2017-01-06, R6050 before 2017-01-06, R6100 before 2017-01-06, R6200 before 2017-01-06, R6200v2 before 2017-01-06, R6220 before 2017-01-06, R6250 before 2017-01-06, R6300 before 2017-01-06, R6300v2 before 2017-01-06, R6700 before 2017-01-06, R7000 before 2017-01-06, R7900 before 2017-01-06, R7500 before 2017-01-06, R8000 before 2017-01-06, WGR614v10 before 2017-01-06, WNR1000v2 before 2017-01-06, WNR1000v3 before 2017-01-06, WNR1000v4 before 2017-01-06, WNR2000v3 before 2017-01-06, WNR2000v4 before 2017-01-06, WNR2000v5 before 2017-01-06, WNR2200 before 2017-01-06, WNR2500 before 2017-01-06, WNR3500Lv2 before 2017-01-06, WNDR3400v2 before 2017-01-06, WNDR3400v3 before 2017-01-06, WNDR3700v3 before 2017-01-06, WNDR3700v4 before 2017-01-06, WNDR3700v5 before 2017-01-06, WNDR4300 before 2017-01-06, WNDR4300v2 before 2017-01-06, WNDR4500v1 before 2017-01-06, WNDR4500v2 before 2017-01-06, and WNDR4500v3 before 2017-01-06.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-dgnd3700r2000_firmwaredgnd3700b_firmwarewndr3700r6220_firmwarec6300wndr4300_firmwared1500r7500_firmwared6200b_firmwared6300_firmwarer6050r7000_firmwarer6220wndr4500d6200bd3600r6300_firmwaredgn2200b_firmwared6300wnr2500_firmwaredgn2200bjwnr2000_firmwarer6700wndr3700_firmwarer7000wnr2000_firmwarewnr3500l_firmwared6000r7500wnr2200_firmwarer7900_firmwareac1450dgn1000_firmwarejr6150_firmwared6200c6300_firmwarer6700_firmwarewnr2000r8000_firmwarer6250jnr1010_firmwared500dgnd3700_firmwared6000_firmwareac1450_firmwarer8000r6100_firmwarer7900wndr3400d500_firmwared3600_firmwarewnr2500wnr1000_firmwared6300b_firmwaredgn2200dgn1000wgr614jnr3300_firmwared6100_firmwarejr6100_firmwarer6100dgnd3700bwgr614_firmwarer6250_firmwared6300br6200_firmwarewndr3400_firmwarejnr3300wnr1000wndr4500_firmwarejwnr2000r6200wnr3500lr2000d6200_firmwaredgn2200_firmwarer6050_firmwared1500_firmwared6100jr6150r6300jnr1010wndr4300jr6100wnr2200n/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2023-1680
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.3||MEDIUM
EPSS-0.10% / 27.86%
||
7 Day CHG~0.00%
Published-29 Mar, 2023 | 14:10
Updated-22 Nov, 2024 | 20:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Xunrui CMS main.html information disclosure

A vulnerability, which was classified as problematic, has been found in Xunrui CMS 4.61. This issue affects some unknown processing of the file /dayrui/My/View/main.html. The manipulation leads to information disclosure. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-224237 was assigned to this vulnerability.

Action-Not Available
Vendor-xunruicmsXunrui
Product-xunruicmsCMS
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-11066
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.32% / 54.65%
||
7 Day CHG~0.00%
Published-19 Jun, 2020 | 19:23
Updated-06 Aug, 2024 | 03:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Mattermost Server before 3.2.0. The initial_load API disclosed unnecessary personal information.

Action-Not Available
Vendor-n/aMattermost, Inc.
Product-mattermost_servern/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 17
  • 18
  • Next
Details not found