Monthly
Nomysem, an education and consulting management platform by Turkish vendor NOMYSOFT Informatics, exposes sensitive information to authenticated low-privilege users due to incompatible ACL policies that fail to properly constrain access to restricted functionality. Network-accessible endpoints can be reached by any valid account holder, yielding high-confidentiality-impact data exposure without requiring elevated rights or user interaction. No public exploit code has been identified at time of analysis; however, the vendor failed to respond to coordinated disclosure, leaving the vulnerability unpatched.
Connections versions up to 7.0 contains a vulnerability that allows attackers to obtain limited information when a single piece of internal metadata is returned (CVSS 3.5).
Apache Airflow 3 introduced a change to the handling of sensitive information in Connections. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
IBM Concert Software 1.0.0 through 1.1.0 is vulnerable to excessive data exposure, allowing attackers to access sensitive information without proper filtering. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
The Backstage Scaffolder plugin houses types and utilities for building scaffolder-related modules. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The Dario Health Internet-based server infrastructure is vulnerable due to exposure of development environment details, which could lead to unsafe functionality. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
IBM Concert 1.0.0, 1.0.1, and 1.0.2 is vulnerable to sensitive information disclosure through specially crafted API Calls. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Under certain conditions Statutory Reports in SAP S/4 HANA allows an attacker with basic privileges to access information which would otherwise be restricted. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Exposure of Sensitive Information vulnerability in Naukowa i Akademicka Sieć Komputerowa - Państwowy Instytut Badawczy EZD RP allows logged-in user to retrieve information about IP infrastructure and. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Exposure of Sensitive Information Due to Incompatible Policies vulnerability in Mia Technology Inc. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Nomysem, an education and consulting management platform by Turkish vendor NOMYSOFT Informatics, exposes sensitive information to authenticated low-privilege users due to incompatible ACL policies that fail to properly constrain access to restricted functionality. Network-accessible endpoints can be reached by any valid account holder, yielding high-confidentiality-impact data exposure without requiring elevated rights or user interaction. No public exploit code has been identified at time of analysis; however, the vendor failed to respond to coordinated disclosure, leaving the vulnerability unpatched.
Connections versions up to 7.0 contains a vulnerability that allows attackers to obtain limited information when a single piece of internal metadata is returned (CVSS 3.5).
Apache Airflow 3 introduced a change to the handling of sensitive information in Connections. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
IBM Concert Software 1.0.0 through 1.1.0 is vulnerable to excessive data exposure, allowing attackers to access sensitive information without proper filtering. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
The Backstage Scaffolder plugin houses types and utilities for building scaffolder-related modules. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The Dario Health Internet-based server infrastructure is vulnerable due to exposure of development environment details, which could lead to unsafe functionality. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
IBM Concert 1.0.0, 1.0.1, and 1.0.2 is vulnerable to sensitive information disclosure through specially crafted API Calls. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Under certain conditions Statutory Reports in SAP S/4 HANA allows an attacker with basic privileges to access information which would otherwise be restricted. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Exposure of Sensitive Information vulnerability in Naukowa i Akademicka Sieć Komputerowa - Państwowy Instytut Badawczy EZD RP allows logged-in user to retrieve information about IP infrastructure and. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Exposure of Sensitive Information Due to Incompatible Policies vulnerability in Mia Technology Inc. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.