CVE-2026-22646

Certain error messages returned by the application expose internal system details that should not be visible to end users, providing attackers with valuable reconnaissance information like file paths, database errors, or software versions that can be used to map the application's internal structu...

CVE-2026-22646

Technical details about CVE-2026-22646 are not publicly provided in the connected documents. The materials reiterate the exposure of internal system details but do not specify affected products, versions, exploit information, or remediation.

CVE-2026-22646

Certain error messages returned by the application expose internal system details that should not be visible to end users, providing attackers with valuable reconnaissance information like file paths, database errors, or software versions that can be used to map the application's internal structu...

CVE-2026-22646

Certain error messages returned by the application expose internal system details that should not be visible to end users, providing attackers with valuable reconnaissance information like file paths, database errors, or software versions that can be used to map the application's internal structu...

PT-2026-3013

Certain error messages returned by the application expose internal system details that should not be visible to end users, providing attackers with valuable reconnaissance information like file paths, database errors, or software versions that can be used to map the application's internal structu...

Revive Adserver 安全漏洞

Revive Adserver is an open source ad serving system that allows advertisers, publishers, and networks to place ads on multiple platforms e.g., websites, apps, video players and supports ad effectiveness tracking, campaign management, and placement rule definition. Revive Adserver suffers from an...

EUVD-2021-6956

Malicious code in bioql PyPI...

Insertion of Sensitive Information into Log File

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File via the process of logging error details during SQL query execution. An attacker can obtain sensitive information by intentionally causing SQL errors and subsequently accessing the log...

traQ Allows Insertion of Sensitive Information into Log File

Impact A vulnerability exists where sensitive information, such as OAuth tokens, is recorded in log files when an error occurs during the execution of an SQL query. An attacker could intentionally trigger an SQL error by methods such as placing a high load on the database. This could allow an...

CVE-2025-57813

traQ is a messenger application built for Digital Creators Club traP. Prior to version 3.25.0, a vulnerability exists where sensitive information, such as OAuth tokens, are recorded in log files when an error occurs during the execution of an SQL query. An attacker could intentionally trigger an...

CVE-2025-57813 Insertion of Sensitive Information into Log File in github.com/traPtitech/traQ

traQ is a messenger application built for Digital Creators Club traP. Prior to version 3.25.0, a vulnerability exists where sensitive information, such as OAuth tokens, are recorded in log files when an error occurs during the execution of an SQL query. An attacker could intentionally trigger an...

Hoteldruid 安全漏洞

Hoteldruid is a free and open source hotel management program from Hoteldruid, Inc. A security vulnerability exists in Hoteldruid version 3.0.7, which stems from the creadb.php endpoint displaying a detailed SQL error message, which could lead to an information disclosure or denial of service...

CVE-2023-22470

Nextcloud Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. A database error can be generated potentially causing a DoS when performed multiple times. There are currently no known workarounds. It is recommended that t...

CVE-2021-35492

Wowza Streaming Engine through 4.8.11+5 could allow an authenticated, remote attacker to exhaust filesystem resources via the /enginemanager/server/vhost/historical.jsdata vhost parameter. This is due to the insufficient management of available filesystem resources. An attacker could exploit this...

U.S. Dept Of Defense: Error-based blind SQL injection

An error-based blind SQL injection vulnerability was discovered at a certain location. The vulnerability was present in the sites, rods, and ous parameters. By exploiting these parameters, sensitive information could have been extracted by triggering errors returned by the database. Certain...

GHSA-M2HH-2M46-X6J5 silverstripe/framework may disclose database credentials during connection failure

When running SilverStripe 3.7 or 4.x in dev mode with the mysqli database driver, there is a potential to disclose the connection details. We have blacklisted the sensitive parts of the connection information from being included in dev mode stack traces when database errors occur...

silverstripe/framework may disclose database credentials during connection failure

When running SilverStripe 3.7 or 4.x in dev mode with the mysqli database driver, there is a potential to disclose the connection details. We have blacklisted the sensitive parts of the connection information from being included in dev mode stack traces when database errors occur...

Unspecified Vulnerability in Apache Superset (CNVD-2024-26186)

Apache Superset is a data visualization and data exploration platform from the Apache USA Foundation. Apache Superset suffers from a security vulnerability that originates from the ability of an authenticated user to generate specially crafted SQL statements to trigger database errors and expose...

Apache Superset 信息泄露漏洞

Apache Superset is a data visualization and data exploration platform from the Apache USA Foundation. Apache Superset suffers from a security vulnerability that originates from the ability of an authenticated user to generate specially crafted SQL statements to trigger database errors and expose...

ocpp-jaxb security vulnerability

ocpp-jaxb is the Java mapping for OCPP. A security vulnerability exists in SteVe Community ocpp-jaxb versions prior to 0.0.8 that stems from an invalid timestamp being generated under certain circumstances, leading to SQL exceptions in the application and potentially compromising the integrity of...