Exposure of Resource to Wrong Sphere

The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.

CVEs (717)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-2916 1Revmakx 1Infinitewp Client Apr 8, 2026 Aug 15, 2023 N/A· v4 5.3 MEDIUM· v3 N/A· v2 The InfiniteWP Client plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 1.11.1 via the 'admin_notice' function. This can allow authenticated attackers with subscriber-...Show more The InfiniteWP Client plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 1.11.1 via the 'admin_notice' function. This can allow authenticated attackers with subscriber-level permissions or above to extract sensitive data including configuration. It can only be exploited if the plugin has not been configured yet. If combined with another arbitrary plugin installation and activation vulnerability, it may be possible to connect a site to InfiniteWP which would make remote management possible and allow for elevation of privileges.Show less
CVE-2023-39383 1Huawei 2Emui Harmonyos Nov 21, 2024 Aug 13, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 Vulnerability of input parameters being not strictly verified in the AMS module. Successful exploitation of this vulnerability may compromise apps' data security.
CVE-2023-38830 1Phpjabbers 1Yacht Listing Script Nov 21, 2024 Aug 10, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 An information leak in PHPJabbers Yacht Listing Script v1.0 allows attackers to export clients' credit card numbers from the Reservations module.
CVE-2023-39214 1Zoom 3Meeting Software Development Kit RoomsZoom Nov 21, 2024 Aug 8, 2023 N/A· v4 8.1 HIGH· v3 N/A· v2 Exposure of sensitive information in Zoom Client SDK's before 5.15.5 may allow an authenticated user to enable a denial of service via network access.
CVE-2023-38955 1Zkteco 1Bioaccess Ivs Nov 21, 2024 Aug 3, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 ZKTeco BioAccess IVS v3.3.1 allows unauthenticated attackers to obtain sensitive information about all managed devices, including their IP addresses and device names.
CVE-2023-33368 1Assaabloy 1Control Id Idsecure Nov 21, 2024 Aug 3, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Some API routes exists in Control ID IDSecure 4.7.26.0 and prior, exfiltrating sensitive information and passwords to users accessing these API routes.
CVE-2023-3670 1Codesys 2Development System Scripting Nov 21, 2024 Jul 28, 2023 N/A· v4 7.3 HIGH· v3 N/A· v2 In CODESYS Development System 3.5.9.0 to 3.5.17.0 and CODESYS Scripting 4.0.0.0 to 4.1.0.0 unsafe directory permissions would allow an attacker with local access to the workstation to place potentially harmful and disgui...Show more In CODESYS Development System 3.5.9.0 to 3.5.17.0 and CODESYS Scripting 4.0.0.0 to 4.1.0.0 unsafe directory permissions would allow an attacker with local access to the workstation to place potentially harmful and disguised scripts that could be executed by legitimate users.Show less
CVE-2023-39155 1Jenkins 1Chef Identity Nov 21, 2024 Jul 26, 2023 N/A· v4 5.3 MEDIUM· v3 N/A· v2 Jenkins Chef Identity Plugin 2.0.3 and earlier does not mask the user.pem key form field, increasing the potential for attackers to observe and capture it.
CVE-2022-46901 1Vocera 2Report Server Voice Server Nov 21, 2024 Jul 25, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 An issue was discovered in Vocera Report Server and Voice Server 5.x through 5.8. There is an Access Control Violation for Database Operations. The Vocera Report Console contains a websocket interface that allows for the...Show more An issue was discovered in Vocera Report Server and Voice Server 5.x through 5.8. There is an Access Control Violation for Database Operations. The Vocera Report Console contains a websocket interface that allows for the unauthenticated execution of various tasks and database functions. This includes system tasks, and backing up, loading, and clearing of the database.Show less
CVE-2023-34189 1Apache 1Inlong Feb 13, 2025 Jul 25, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Exposure of Resource to Wrong Sphere Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.7.0. The attacker could use general users to delete and update the pro...Show more Exposure of Resource to Wrong Sphere Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.7.0. The attacker could use general users to delete and update the process, which only the admin can operate occurrences. Users are advised to upgrade to Apache InLong's 1.8.0 or cherry-pick https://github.com/apache/inlong/pull/8109 to solve it.Show less
CVE-2023-37645 1Eyoucms 1Eyoucms Nov 21, 2024 Jul 20, 2023 N/A· v4 5.3 MEDIUM· v3 N/A· v2 eyoucms v1.6.3 was discovered to contain an information disclosure vulnerability via the component /custom_model_path/recruit.filelist.txt.
CVE-2023-3299 1Hashicorp 1Nomad Nov 21, 2024 Jul 20, 2023 N/A· v4 2.7 LOW· v3 N/A· v2 HashiCorp Nomad Enterprise 1.2.11 up to 1.5.6, and 1.4.10 ACL policies using a block without a label generates unexpected results. Fixed in 1.6.0, 1.5.7, and 1.4.11.
CVE-2023-32760 1Archerirm 1Archer Nov 21, 2024 Jul 14, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 An issue in Archer Platform before v.6.13 fixed in v.6.12.0.6 and v.6.13.0 allows an authenticated attacker to obtain sensitive information via API calls related to data feeds and data publication.
CVE-2023-32759 1Archerirm 1Archer Nov 21, 2024 Jul 14, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 An issue in Archer Platform before v.6.13 and fixed in 6.12.0.6 and 6.13.0 allows an authenticated attacker to obtain sensitive information via a crafted URL.
CVE-2023-37599 1Issabel 1Pbx Nov 21, 2024 Jul 13, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 An issue in issabel-pbx v.4.0.0-6 allows a remote attacker to obtain sensitive information via the modules directory
CVE-2023-34119 1Zoom 1Rooms Nov 21, 2024 Jul 11, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Insecure temporary file in the installer for Zoom Rooms for Windows before version 5.15.0 may allow an authenticated user to enable an escalation of privilege via local access.
CVE-2023-31818 1Marukyu 1Marukyu Line Nov 21, 2024 Jul 11, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 An issue found in Marukyu Line v.13.4.1 allows a remote attacker to gain access to sensitive information via the channel access token in the miniapp function.
CVE-2023-30960 1Palantir 1Foundry Job Tracker Nov 21, 2024 Jul 10, 2023 N/A· v4 4.3 MEDIUM· v3 N/A· v2 A security defect was discovered in Foundry job-tracker that enabled users to query metadata related to builds on resources they did not have access to. This defect was resolved with the release of job-tracker 4.645.0. T...Show more A security defect was discovered in Foundry job-tracker that enabled users to query metadata related to builds on resources they did not have access to. This defect was resolved with the release of job-tracker 4.645.0. The service was rolled out to all affected Foundry instances. No further intervention is required. Show less
CVE-2023-3270 1Sick 1Icr890 4 Firmware Nov 21, 2024 Jul 10, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 Exposure of Sensitive Information to an Unauthorized Actor in the SICK ICR890-4 could allow an unauthenticated remote attacker to retrieve sensitive information about the system.
CVE-2023-35696 1Sick 1Icr890 4 Firmware Jun 1, 2026 Jul 10, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 Unauthenticated endpoints in the SICK ICR890-4 could allow an unauthenticated remote attacker to retrieve sensitive information about the device via HTTP requests.

Previous 1...91011...36 Next