CWE-200

WP SlackSync plugin through 1.8.5 for WordPress leaks a Slack Access Token in source code. An attacker can obtain a lot of information about the victim’s Slack (channels, members, etc.).

Slack-Chat through 1.5.5 leaks a Slack Access Token in source code. An attacker can obtain a lot of information about the victim’s Slack (channels, members, etc.).

An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka ‘Windows GDI Information Disclosure Vulnerability’.

In some circumstances, Craft 2 before 2.7.10 and 3 before 3.2.6 wasn’t stripping EXIF data from user-uploaded images when it was configured to do so, potentially exposing personal/geolocation data to the public.

An information vulnerability exists when Windows Modules Installer Service improperly discloses file information, aka ‘Windows Modules Installer Service Information Disclosure Vulnerability’.