| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| A vulnerability in Hitachi Command Suite prior to 8.7.1-00 and Hitachi Automation Director prior to 8.5.0-00 allow authenticated remote users to expose technical information through error messages. Hitachi Command Suite includes Hitachi Device Manager and Hitachi Compute Systems Manager. |
| A vulnerability in Hitachi Command Suite 7.x and 8.x before 8.6.5-00 allows an unauthenticated remote user to read internal information. |
| In very rare cases, a PHP type juggling vulnerability in centreonAuth.class.php in Centreon Web before 2.8.27 allows attackers to bypass authentication mechanisms in place. |
| Home Assistant before 0.67.0 was vulnerable to an information disclosure that allowed an unauthenticated attacker to read the application's error log via components/api.py. |
| The charitable plugin before 1.5.14 for WordPress has unauthorized access to user and donation details. |
| The wp-payeezy-pay plugin before 2.98 for WordPress has local file inclusion in pay.php, donate.php, donate-rec, and pay-rec. |
| The ninja-forms plugin before 3.3.9 for WordPress has insufficient restrictions on submission-data retrieval during Export Personal Data requests. |
| The ninja-forms plugin before 3.2.15 for WordPress has parameter tampering. |
| The companion-auto-update plugin before 3.2.1 for WordPress has local file inclusion. |
| The Bluetooth Low Energy (BLE) subsystem on Tapplock devices before 2018-06-12 relies on Key1 and SerialNo for unlock operations; however, these are derived from the MAC address, which is broadcasted by the device. |
| cPanel before 68.0.27 creates world-readable files during use of WHM Apache Includes Editor (SEC-388). |
| cPanel before 68.0.27 allows attackers to read zone information because a world-readable archive is created by the archive_sync_zones script (SEC-355). |
| cPanel before 68.0.27 allows attackers to read a copy of httpd.conf that is created during a syntax test (SEC-353). |
| cPanel before 68.0.27 allows attackers to read root's crontab file during a short time interval upon a post-update task (SEC-352). |
| cPanel before 68.0.27 allows attackers to read root's crontab file during a short time interval upon configuring crontab (SEC-351). |
| cPanel before 68.0.27 allows arbitrary file-read operations via restore adminbin (SEC-349). |
| cPanel before 68.0.27 allows a user to discover contents of directories (that are not owned by that user) by leveraging backups (SEC-339). |
| cPanel before 70.0.23 allows any user to disable Solr (SEC-371). |
| cPanel before 70.0.23 allows attackers to read the root accesshash via the WHM /cgi/trustclustermaster.cgi (SEC-364). |
| cPanel before 70.0.23 allows demo accounts to execute code via awstats (SEC-362). |
