Lucene search
K

1446 matches found

Cvelist
Cvelist
added 2026/06/24 7:24 p.m.14 views

CVE-2026-27708 FOSSBilling: IDOR in Servicecustom Client API allows cross-client data access

FOSSBilling is a free, open-source billing and client management system. In versions 0.7.2 and prior, the Servicecustom Client API's call method accepts an orderid parameter and fetches the associated order without verifying the authenticated client owns it, potentially exposing cross-client data...

7.1CVSS0.00265EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/05/19 1:28 p.m.9 views

postgresql: PostgreSQL oidvector discloses a few bytes of memory

A type validation flaw has been discovered in postgresql. Improper validation of the type "oidvector" in PostgreSQL allows a database user to disclose a few bytes of server memory. It is possible that this may expose confidential information but it is unlikely...

4.3CVSS5.7AI score0.00281EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.12 views

Open WebUI 信息泄露漏洞

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted WebUI under open source. Versions of Open WebUI prior to 0.9.5 had a vulnerability related to information leakage. This vulnerability occurred when group members were granted read access to model settings, allowing them to...

4.3CVSS5.8AI score0.0022EPSS
Exploits1References1
EUVD
EUVD
added 2026/04/14 6:30 p.m.3 views

EUVD-2026-22286

CWE-532 Insertion of Sensitive Information into Log File vulnerability exists that could cause confidential information to be exposed when a Web Admin user executes a malicious file provided by an attacker...

2.4CVSS5.8AI score0.00103EPSS
Exploits0References2
Cisco
Cisco
added 2026/03/25 4:0 p.m.12 views

Cisco IOS XE Software Secure Channel for Meraki Information Disclosure Vulnerability

A vulnerability in Cisco IOS XE Software for Cisco Meraki could allow a remote, unauthenticated attacker to view confidential device information. This vulnerability is due to a device configuration upload being performed over an insecure tunnel. An attacker could exploit this vulnerability by...

6.1CVSS5.8AI score0.00152EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/03/18 12:0 a.m.4 views

SUSE SLED15: kea / kea-devel / kea-doc / kea-hooks / libkea-asiodns49 / etc (SUSE-SU-2026:0907-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0907-1 advisory. Update to release 2.6.3 bsc1243240: - CVE-2025-32801: Loading a malicious hook library can lead to local...

7.8CVSS5.9AI score0.00235EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/03/12 10:40 p.m.4 views

postgresql: PostgreSQL oidvector discloses a few bytes of memory

A type validation flaw has been discovered in postgresql. Improper validation of the type "oidvector" in PostgreSQL allows a database user to disclose a few bytes of server memory. It is possible that this may expose confidential information but it is unlikely...

4.3CVSS5.7AI score0.00281EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/03/10 12:0 a.m.7 views

PT-2026-24226

A vulnerability has been identified in SINEC Security Monitor All versions V4.9.0. The affected application leaks confidential information in metadata, and files such as information on contributors and email address, on SSM Server...

5.3CVSS5.7AI score0.00259EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/03/09 1:49 p.m.2 views

postgresql: PostgreSQL oidvector discloses a few bytes of memory

A type validation flaw has been discovered in postgresql. Improper validation of the type "oidvector" in PostgreSQL allows a database user to disclose a few bytes of server memory. It is possible that this may expose confidential information but it is unlikely...

4.3CVSS5.7AI score0.00281EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/03/05 1:16 p.m.2 views

postgresql: PostgreSQL oidvector discloses a few bytes of memory

A type validation flaw has been discovered in postgresql. Improper validation of the type "oidvector" in PostgreSQL allows a database user to disclose a few bytes of server memory. It is possible that this may expose confidential information but it is unlikely...

4.3CVSS5.7AI score0.00281EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/02/03 11:33 a.m.29 views

CVE-2025-11598 Exposure of Confidential Information in mObywatel application

In mObywatel iOS application an unauthorized user can use the App Switcher to view the account owner's personal information in the minimized app window, even after the login session has ended reopening the app would require the user to log in. The data exposed depends on the last application view...

1CVSS0.00151EPSS
Exploits0References2
CVE
CVE
added 2026/01/27 4:30 p.m.16 views

CVE-2026-1478

The CVE-2026-1478 issue concerns the Performance Evaluation (EDD) application from Gabinete Técnico de Programación. It describes an out-of-band SQL injection (OOB SQLi) in the API endpoints, specifically in the parameters Id_usuario and Id_evaluacion of /evaluacion_hca_evalua.aspx. The vulnerabi...

9.3CVSS5.8AI score0.00327EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/09 12:32 p.m.12 views

CVE-2023-31717

A SQL Injection attack in FUXA = 1.1.12 allows exfiltration of confidential information from the database...

7.5CVSS7.8AI score0.01568EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:28 a.m.8 views

CVE-2021-33727

A vulnerability has been identified in SINEC NMS All versions V1.0 SP2 Update 1. An authenticated attacker could download the user profile of any user. With this, the attacker could leak confidential information of any user in the affected system...

6.5CVSS6.3AI score0.00824EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:39 a.m.10 views

CVE-2022-35413

WAPPLES through 6.0 has a hardcoded systemi account. A threat actor could use this account to access the system configuration and confidential information such as SSL keys via an HTTPS request to the /webapi/ URI on port 443 or 5001...

9.8CVSS6.7AI score0.12476EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:0 a.m.7 views

CVE-2020-7585

A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier All versions, SIMATIC PCS 7 V9.0 All versions V9.0 SP3, SIMATIC PDM All versions V9.2, SIMATIC STEP 7 V5.X All versions V5.6 SP2 HF3, SINAMICS STARTER containing STEP 7 OEM version All versions V5.4 HF2. A DLL Hijacking...

7.8CVSS7.1AI score0.00433EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:58 a.m.7 views

CVE-2020-7001

In Moxa EDS-G516E Series firmware, Version 5.2 or lower, the affected products use a weak cryptographic algorithm, which may allow confidential information to be disclosed...

7.5CVSS6.6AI score0.00812EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:27 a.m.6 views

CVE-2023-45598

A CWE-425 “Direct Request 'Forced Browsing'” vulnerability in the “measure” functionality of the web application allows a remote unauthenticated attacker to access confidential measure information. This issue affects: AiLux imx6 bundle below version imx61.0.7-2...

5.3CVSS7.1AI score0.00487EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:56 a.m.9 views

CVE-2023-40730

A vulnerability has been identified in QMS Automotive All versions V12.39. The QMS.Mobile module of the affected application lacks sufficient authorization checks. This could allow an attacker to access confidential information, perform administrative functions, or lead to a denial-of-service...

8.8CVSS6.7AI score0.00467EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:48 a.m.6 views

CVE-2022-27241

A vulnerability has been identified in Mendix Applications using Mendix 7 All versions V7.23.31, Mendix Applications using Mendix 8 All versions V8.18.18, Mendix Applications using Mendix 9 All versions V9.11, Mendix Applications using Mendix 9 V9.6 All versions V9.6.12. Applications built with a...

7.5CVSS6.9AI score0.01331EPSS
Exploits0References1
Rows per page
Query Builder