Loading...
Loading...
535 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller 11.1.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in furth…
IBM Sterling File Gateway 2.2.0.0 through 6.1.0.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against t…
IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system…
IBM Security Secret Server up to 11.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. I…
IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system…
IBM Sterling File Gateway 6.0.0.0 through 6.1.1.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against t…
django-registration is a user registration package for Django. The django-registration package provides tools for implementing user-account registration flows in the Django web framework. In django-registration prior to 3.1.2, the base use…
node-etsy-client is a NodeJs Etsy ReST API Client. Applications that are using node-etsy-client and reporting client error to the end user will offer api key value too This is fixed in node-etsy-client v0.3.0 and later.
A memory disclosure vulnerability was identified in Elasticsearch 7.10.0 to 7.13.3 error reporting. A user with the ability to submit arbitrary queries to Elasticsearch could submit a malformed query that would result in an error message r…
An issue was identified in GitLab EE 13.4 or later which leaked internal IP address via error messages.
An issue has been discovered in GitLab affecting all versions starting with 7.1. A member of a private group was able to validate the use of a specific name for private project.
A verbose error message in GitLab EE affecting all versions since 12.2 could disclose the private email address of a user invited to a group
A possible information disclosure / unintended method execution vulnerability in Action Pack >= 2.0.0 when using the `redirect_to` or `polymorphic_url`helper with untrusted user input.
Exposure of System Data to an Unauthorized Control Sphere vulnerability in web UI of Argo CD allows attacker to cause leaked secret data into web UI error messages and logs. This issue affects Argo CD 1.8 versions prior to 1.8.7; 1.7 versi…
If Content Security Policy blocked frame navigation, the full destination of a redirect served in the frame was reported in the violation report; as opposed to the original frame URI. This could be used to leak sensitive information contai…
When trying to load a cross-origin resource in an audio/video context a decoding error may have resulted, and the content of that error may have revealed information about the resource. This vulnerability affects Firefox < 86, Thunderbird …
UCMS 1.5.0 was discovered to contain a physical path leakage via an error message returned by the adminchannelscache() function in top.php.
In Apache Ofbiz, versions v17.12.01 to v17.12.07 implement a try catch exception to handle errors at multiple locations but leaks out sensitive table info which may aid the attacker for further recon. A user can register with a very long p…
A remote code execution vulnerability affecting a Valmet DNA service listening on TCP port 1517, allows an attacker to execute commands with SYSTEM privileges This issue affects: Valmet DNA versions from Collection 2012 until Collection 20…
E-Series SANtricity OS Controller Software 11.x versions prior to 11.70.1 are susceptible to a vulnerability which when successfully exploited could allow a remote attacker to discover information via error messaging which may aid in craft…
User input included in error response, which could be used in a phishing attack.
The JSON web services in Liferay Portal 7.3.4 and earlier, and Liferay DXP 7.0 before fix pack 97, 7.1 before fix pack 20 and 7.2 before fix pack 10 may provide overly verbose error messages, which allows remote attackers to use the conten…
IBM Security Identity Manager 7.0.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM…
IBM Security Identity Manager 7.0.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM…
IBM i2 Analyst's Notebook Premium (IBM i2 Analyze 4.3.0, 4.3.1, and 4.3.2) could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in …
IBM i2 Analyst's Notebook Premium 9.2.0, 9.2.1, and 9.2.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks a…
IBM i2 Analyze 4.3.0, 4.3.1, and 4.3.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. …
SSL Network Extender Client for Linux before build 800008302 reveals part of the contents of the configuration file supplied, which allows partially disclosing files to which the user did not have access.
Zoho ManageEngine ServiceDesk Plus MSP before 10519 is vulnerable to a User Enumeration bug due to improper error-message generation in the Forgot Password functionality, aka SDPMSP-15732.
A vulnerability has been identified in Mendix Excel Importer Module (All versions < V9.0.3). Uploading a manipulated XML File results in an exception that could expose information about the Application-Server and the used XML-Framework.
Uploading a table mapping using a manipulated XML file results in an exception that could expose information about the application-server and the used XML-framework on the Mendix Database Replication Module (All versions prior to v7.0.1).
Shopware is an open source eCommerce platform. Versions prior to 5.6.10 are vulnerable to system information leakage in error handling. Users are recommend to update to version 5.6.10. You can get the update to 5.6.10 regularly via the Aut…
Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.011, and 21.0.3, the Nextcloud Text application shipped with Nextcloud Server returned verbatim exception messages to the user. This could …
Nextcloud Text is an open source plaintext editing application which ships with the nextcloud server. In affected versions the Nextcloud Text application returned different error messages depending on whether a folder existed in a public l…
Combodo iTop is a web based IT Service Management tool. In versions prior to 2.7.4, a non admin user can get access to many class/field values through GroupBy Dashlet error message. This issue is fixed in versions 2.7.4 and 3.0.0.
An attacker can gain knowledge of a session temporary working folder where the getfile and putfile commands are used in MDT AutoSave versions prior to v6.02.06. An attacker can leverage this knowledge to provide a malicious command to the …
A vulnerability has been identified in Teamcenter Active Workspace V4 (All versions < V4.3.9), Teamcenter Active Workspace V5.0 (All versions < V5.0.7), Teamcenter Active Workspace V5.1 (All versions < V5.1.4). The affected application all…
An information leak was discovered in postgresql in versions before 13.2, before 12.6 and before 11.11. A user having UPDATE permission but not SELECT permission to a particular column could craft queries which, under some circumstances, m…
/way4acs/enroll in OpenWay WAY4 ACS before 1.2.278-2693 allows unauthenticated attackers to leverage response differences to discover whether a specific payment card number is stored in the system.
A flaw was found in keycloak where a brute force attack is possible even when the permanent lockout feature is enabled. This is due to a wrong error message displayed when wrong credentials are entered. The highest threat from this vulnera…
Sensitive information could be displayed when a detailed technical error message is posted. This information could disclose environmental details about the Web Help Desk installation.
The public share controller in the ownCloud server before version 10.8.0 allows a remote attacker to see the internal path and the username of a public share by including invalid characters in the URL.
A flaw was found in Ansible Engine's ansible-connection module, where sensitive information such as the Ansible user credentials is disclosed by default in the traceback error message. The highest threat from this vulnerability is to confi…
IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against …
IBM Maximo Asset Management 7.6.1.1 and 7.6.1.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the…
IBM Tivoli Key Lifecycle Manager (IBM Security Guardium Key Lifecycle Manager) 3.0, 3.0.1, 4.0, and 4.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This …
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks a…
IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could disclose sensitive information in a SQL error message that could aid in further attacks against the system. IBM X-Force ID: 213726.
IBM Guardium Data Encryption (GDE) 4.0.0 and 5.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against …
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5 and 6.1.0.0 through 6.1.1.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This informa…
EchelonGraph correlates every CVE — across CWE-209 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →