CVE & Exploit Intelligence Database

CVE-2023-27564 7.5 HIGH 1 PoC Analysis EPSS 0.04

The n8n package 0.218.0 for Node.js allows Information Disclosure.

CWE-668 May 10, 2023

CVE-2022-40210 6.8 MEDIUM EPSS 0.00

Exposure of data element to wrong session in the Intel DCM software before version 5.0.1 may allow an authenticated user to potentially enable escalation of privilege via local access.

CWE-488 May 10, 2023

CVE-2022-38087 4.1 MEDIUM EPSS 0.00

Exposure of resource to wrong sphere in BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access.

CWE-668 May 10, 2023

CVE-2023-2069 6.4 MEDIUM 1 Writeup EPSS 0.00

An issue has been discovered in GitLab affecting all versions starting from 10.0 before 12.9.8, all versions starting from 12.10 before 12.10.7, all versions starting from 13.0 before 13.0.1. A user with the role of developer could use the import project feature to leak CI/CD variables.

CWE-668 May 03, 2023

CVE-2023-0485 6.5 MEDIUM 1 Writeup EPSS 0.00

An issue has been discovered in GitLab affecting all versions starting from 13.11 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1. It was possible that a project member demoted to a user role to read project updates by doing a diff with a pre-existing fork.

CWE-668 May 03, 2023

CVE-2023-26243 7.8 HIGH EPSS 0.00

An issue was discovered in the Hyundai Gen5W_L in-vehicle infotainment system AE_E_PE_EUR.S5W_L001.001.211214. The decryption binary used to decrypt firmware files has an information leak that allows an attacker to read the AES key and initialization vector from memory. An attacker may exploit this to create custom firmware that may be installed in the IVI system. Then, an attacker may be able to install a backdoor in the IVI system that may allow him to control it, if it is connected to the Internet through Wi-Fi.

CWE-22 Apr 27, 2023

CVE-2023-22307 5.5 MEDIUM EPSS 0.00

Sensitive data exposure in Webconf in Tribe29 Checkmk Appliance before 1.6.4 allows local attacker to retrieve passwords via reading log files.

CWE-200 Apr 18, 2023

CVE-2023-27976 8.8 HIGH EPSS 0.01

A CWE-668: Exposure of Resource to Wrong Sphere vulnerability exists that could cause remote code execution when a valid user visits a malicious link provided through the web endpoints. Affected Products: EcoStruxure Control Expert (V15.1 and above)

CWE-668 Apr 18, 2023

CVE-2021-30153 4.3 MEDIUM EPSS 0.00

An issue was discovered in the VisualEditor extension in MediaWiki before 1.31.13, and 1.32.x through 1.35.x before 1.35.2. . When using VisualEditor to edit a MediaWiki user page belonging to an existing, but hidden, user, VisualEditor will disclose that the user exists. (It shouldn't because they are hidden.) This is related to ApiVisualEditor.

CWE-668 Apr 15, 2023

CVE-2023-29208 7.5 HIGH 1 Writeup EPSS 0.00

XWiki Commons are technical libraries common to several other top level XWiki projects. Rights added to a document are not taken into account for viewing it once it's deleted. Note that this vulnerability only impact deleted documents that where containing view rights: the view rights provided on a space of a deleted document are properly checked. The problem has been patched in XWiki 14.10 by checking the rights of current user: only admin and deleter of the document are allowed to view it.

CWE-668 Apr 15, 2023

CVE-2023-29203 3.7 LOW EPSS 0.00

XWiki Commons are technical libraries common to several other top level XWiki projects. It's possible to list some users who are normally not viewable from subwiki by requesting users on a subwiki which allows only global users with `uorgsuggest.vm`. This issue only concerns hidden users from main wiki. Note that the disclosed information are the username and the first and last name of users, no other information is leaked. The problem has been patched on XWiki 13.10.8, 14.4.3 and 14.7RC1.

CWE-359 Apr 15, 2023

CVE-2023-25954 5.5 MEDIUM EPSS 0.00

KYOCERA Mobile Print' v3.2.0.230119 and earlier, 'UTAX/TA MobilePrint' v3.2.0.230119 and earlier, and 'Olivetti Mobile Print' v3.2.0.230119 and earlier are vulnerable to improper intent handling. When a malicious app is installed on the victim user's Android device, the app may send an intent and direct the affected app to download malicious files or apps to the device without notification.

CWE-668 Apr 13, 2023

CVE-2023-25409 8.1 HIGH EPSS 0.00

Aten PE8108 2.4.232 is vulnerable to Incorrect Access Control. Restricted users have access to other users outlets.

CWE-668 Apr 11, 2023

CVE-2022-47338 7.1 HIGH EPSS 0.00

In telecom service, there is a missing permission check. This could lead to local denial of service in telecom service.

CWE-668 Apr 11, 2023

CVE-2023-26588 7.5 HIGH EPSS 0.00

Use of hard-coded credentials vulnerability in Buffalo network devices allows an attacker to access the debug function of the product. The affected products and versions are as follows: BS-GSL2024 firmware Ver. 1.10-0.03 and earlier, BS-GSL2016P firmware Ver. 1.10-0.03 and earlier, BS-GSL2016 firmware Ver. 1.10-0.03 and earlier, BS-GS2008 firmware Ver. 1.0.10.01 and earlier, BS-GS2016 firmware Ver. 1.0.10.01 and earlier, BS-GS2024 firmware Ver. 1.0.10.01 and earlier, BS-GS2048 firmware Ver. 1.0.10.01 and earlier, BS-GS2008P firmware Ver. 1.0.10.01 and earlier, BS-GS2016P firmware Ver. 1.0.10.01 and earlier, and BS-GS2024P firmware Ver. 1.0.10.01 and earlier

CWE-668 Apr 11, 2023

CVE-2023-26458 6.8 MEDIUM EPSS 0.00

An information disclosure vulnerability exists in SAP Landscape Management - version 3.0, enterprise edition. It allows an authenticated SAP Landscape Management user to obtain privileged access to other systems making those other systems vulnerable to information disclosure and modification.The disclosed information is for Diagnostics Agent Connection via Java SCS Message Server of an SAP Solution Manager system and can only be accessed by authenticated SAP Landscape Management users, but they can escalate their privileges to the SAP Solution Manager system.

CWE-668 Apr 11, 2023

CVE-2023-29192 2.7 LOW EPSS 0.00

SilverwareGames.io versions before 1.2.19 allow users with access to the game upload panel to edit download links for games uploaded by other developers. This has been fixed in version 1.2.19.

CWE-668 Apr 10, 2023

CVE-2023-1777 6.5 MEDIUM EPSS 0.00

Mattermost allows an attacker to request a preview of an existing message when creating a new message via the createPost API call, disclosing the contents of the linked message.

CWE-200 Mar 31, 2023

CVE-2023-1775 4.3 MEDIUM EPSS 0.00

When running in a High Availability configuration, Mattermost fails to sanitize some of the user_updated and post_deleted events broadcast to all users, leading to disclosure of sensitive information to some of the users with currently connected Websocket clients.

CWE-200 Mar 31, 2023

CVE-2023-28336 4.3 MEDIUM EPSS 0.00

Insufficient filtering of grade report history made it possible for teachers to access the names of users they could not otherwise access.

CWE-200 Mar 23, 2023