Vulnerabilities > Information Exposure

DATE CVE VULNERABILITY TITLE RISK
2023-09-23 CVE-2023-5134 Information Exposure vulnerability in Easyregistrationforms Easy Registration Forms
The Easy Registration Forms for WordPress is vulnerable to Information Disclosure via the 'erforms_user_meta' shortcode in versions up to, and including, 2.1.1 due to insufficient controls on the information retrievable via the shortcode.
network
low complexity
easyregistrationforms CWE-200
4.3
2023-09-18 CVE-2023-42454 Information Exposure vulnerability in Lovasoa Sqlpage
SQLpage is a SQL-only webapp builder.
network
low complexity
lovasoa CWE-200
critical
9.1
2023-09-15 CVE-2023-36472 Information Exposure vulnerability in Strapi
Strapi is an open-source headless content management system.
network
low complexity
strapi CWE-200
5.7
2023-09-13 CVE-2021-44172 Information Exposure vulnerability in Fortinet Forticlient Endpoint Management Server
An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiClientEMS versions 7.0.0 through 7.0.4, 7.0.6 through 7.0.7, in all 6.4 and 6.2 version management interface may allow an unauthenticated attacker to gain information on environment variables such as the EMS installation path.
network
low complexity
fortinet CWE-200
5.3
2023-09-13 CVE-2023-4917 Information Exposure vulnerability in Te-St Leyka
The Leyka plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 3.30.3 via the 'leyka_ajax_get_env_and_options' function.
network
low complexity
te-st CWE-200
6.5
2023-09-12 CVE-2023-40712 Information Exposure vulnerability in Apache Airflow
Apache Airflow, versions before 2.7.1, is affected by a vulnerability that allows authenticated users who have access to see the task/dag in the UI, to craft a URL, which could lead to unmasking the secret configuration of the task that otherwise would be masked in the UI. Users are strongly advised to upgrade to version 2.7.1 or later which has removed the vulnerability.
network
low complexity
apache CWE-200
6.5
2023-09-12 CVE-2023-40622 Information Exposure vulnerability in SAP Businessobjects Business Intelligence 420/430
SAP BusinessObjects Business Intelligence Platform (Promotion Management) - versions 420, 430, under certain condition allows an authenticated attacker to view sensitive information which is otherwise restricted.
network
low complexity
sap CWE-200
critical
9.9
2023-09-06 CVE-2023-41050 Information Exposure vulnerability in Zope Accesscontrol
AccessControl provides a general security framework for use in Zope.
network
low complexity
zope CWE-200
7.7
2023-09-05 CVE-2023-32271 Information Exposure vulnerability in Openautomationsoftware OAS Platform 18.00.0072
An information disclosure vulnerability exists in the OAS Engine configuration management functionality of Open Automation Software OAS Platform v18.00.0072.
network
low complexity
openautomationsoftware CWE-200
6.5
2023-09-01 CVE-2023-4714 Information Exposure vulnerability in Playtube 3.0.1
A vulnerability was found in PlayTube 3.0.1 and classified as problematic.
network
low complexity
playtube CWE-200
7.5