Filtered by CWE-200
Total 8795 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-1643 2024-11-21 N/A
By knowing an organization's ID, an attacker can join the organization without permission and gain the ability to read and modify all data within that organization. This vulnerability allows unauthorized access and modification of sensitive information, posing a significant security risk. The flaw is due to insufficient verification of user permissions when joining an organization.
CVE-2024-1591 2024-11-21 3.3 Low
Prior to version 24.1, a local authenticated attacker can view Sysvol when Privilege Management for Windows is configured to use a GPO policy. This allows them to view the policy and potentially find configuration issues.
CVE-2024-1460 2024-11-21 5.6 Medium
MSI Afterburner v4.6.5.16370 is vulnerable to a Kernel Memory Leak vulnerability by triggering the 0x80002040 IOCTL code of the RTCore64.sys driver. The handle to the driver can only be obtained from a high integrity process.
CVE-2024-1436 2024-11-21 5.3 Medium
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wiloke WooCommerce Coupon Popup, SmartBar, Slide In | MyShopKit.This issue affects WooCommerce Coupon Popup, SmartBar, Slide In | MyShopKit: from n/a through 1.0.9.
CVE-2024-1435 2024-11-21 5.3 Medium
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Tainacan.Org Tainacan.This issue affects Tainacan: from n/a through 0.20.6.
CVE-2024-1431 1 Netgear 2 R7000, R7000 Firmware 2024-11-21 4.3 Medium
A vulnerability was found in Netgear R7000 1.0.11.136_10.2.120 and classified as problematic. Affected by this issue is some unknown functionality of the file /debuginfo.htm of the component Web Management Interface. The manipulation leads to information disclosure. The exploit has been disclosed to the public and may be used. VDB-253382 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-1430 1 Netgear 2 R7000, R7000 Firmware 2024-11-21 4.3 Medium
A vulnerability has been found in Netgear R7000 1.0.11.136_10.2.120 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /currentsetting.htm of the component Web Management Interface. The manipulation leads to information disclosure. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-1406 1 Linksys 2 Wrt54gl, Wrt54gl Firmware 2024-11-21 4.3 Medium
A vulnerability was found in Linksys WRT54GL 4.30.18. It has been declared as problematic. This vulnerability affects unknown code of the file /SysInfo1.htm of the component Web Management Interface. The manipulation leads to information disclosure. The exploit has been disclosed to the public and may be used. VDB-253330 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-1405 1 Linksys 2 Wrt54gl, Wrt54gl Firmware 2024-11-21 4.3 Medium
A vulnerability was found in Linksys WRT54GL 4.30.18. It has been classified as problematic. This affects an unknown part of the file /wlaninfo.htm of the component Web Management Interface. The manipulation leads to information disclosure. The exploit has been disclosed to the public and may be used. The identifier VDB-253329 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-1404 1 Linksys 2 Wrt54gl, Wrt54gl Firmware 2024-11-21 4.3 Medium
A vulnerability was found in Linksys WRT54GL 4.30.18 and classified as problematic. Affected by this issue is some unknown functionality of the file /SysInfo.htm of the component Web Management Interface. The manipulation leads to information disclosure. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-253328. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-1302 2024-11-21 7.3 High
Information exposure vulnerability in Badger Meter Monitool affecting versions up to 4.6.3 and earlier. A local attacker could change the application's file parameter to a log file obtaining all sensitive information such as database credentials.
CVE-2024-1255 1 Sepidz 1 Sepidzdigitalmenu 2024-11-21 5.3 Medium
A vulnerability has been found in sepidz SepidzDigitalMenu up to 7.1.0728.1 and classified as problematic. This vulnerability affects unknown code of the file /Waiters. The manipulation leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-252994 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-1200 1 Jspxcms 1 Jspxcms 2024-11-21 5.3 Medium
A vulnerability was found in Jspxcms 10.2.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /template/1/default/. The manipulation leads to information disclosure. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-252698 is the identifier assigned to this vulnerability.
CVE-2024-1139 1 Redhat 2 Acm, Openshift 2024-11-21 7.7 High
A credentials leak vulnerability was found in the cluster monitoring operator in OCP. This issue may allow a remote attacker who has basic login credentials to check the pod manifest to discover a repository pull secret.
CVE-2024-1102 1 Redhat 6 Build Keycloak, Jboss Data Grid, Jboss Enterprise Application Platform and 3 more 2024-11-21 6.5 Medium
A vulnerability was found in jberet-core logging. An exception in 'dbProperties' might display user credentials such as the username and password for the database-connection.
CVE-2024-1098 1 Ruifang-tech 1 Rebuild 2024-11-21 4.3 Medium
A vulnerability was found in Rebuild up to 3.5.5 and classified as problematic. This issue affects the function QiniuCloud.getStorageFile of the file /filex/proxy-download. The manipulation of the argument url leads to information disclosure. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252455.
CVE-2024-1033 1 Openbi Project 1 Openbi 2024-11-21 4.3 Medium
A vulnerability, which was classified as problematic, has been found in openBI up to 1.0.8. Affected by this issue is the function agent of the file /application/index/controller/Datament.php. The manipulation of the argument api leads to information disclosure. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252308.
CVE-2024-11159 1 Mozilla 1 Thunderbird 2024-11-21 4.3 Medium
Using remote content in OpenPGP encrypted messages can lead to the disclosure of plaintext. This vulnerability affects Thunderbird < 128.4.3 and Thunderbird < 132.0.1.
CVE-2024-10971 2024-11-21 4.3 Medium
Improper access control in the Password History feature in Devolutions DVLS 2024.3.6 and earlier allows a malicious authenticated user to obtain sensitive data via faulty permission.
CVE-2024-0765 2024-11-21 N/A
As a default user on a multi-user instance of AnythingLLM, you could execute a call to the `/export-data` endpoint of the system and then unzip and read that export that would enable you do exfiltrate data of the system at that save state. This would require the attacked to be granted explicit access to the system, but they can do this at any role. Additionally, post-download, the data is deleted so no evidence would exist that the exfiltration occured.