CVE-2003-1269

AN HTTP 1.41e allows remote attackers to obtain the root web server path via an HTTP request with a long argument to a script, which leaks the path in an error message...

CVE-2006-2463

viewalbum.php in SelectaPix 1.31 and earlier allows remote attackers to obtain the installation path via a certain request, which displays the path in an error message, possibly due to an invalid or missing parameter...

CVE-2002-2410

openwebmail.pl in Open WebMail 1.7 and 1.71 reveals sensitive information in error messages and generates different responses whether a user exists or not, which allows remote attackers to identify valid usernames via brute force attacks and obtain certain configuration and version information...

CVE-2002-2158

zenTrack 2.0.3 and earlier allows remote attackers to obtain the full path to the web root via an invalid ticket ID, which leaks the path in an error message...

CVE-2003-1526

PHP-Nuke 7.0 allows remote attackers to obtain the installation path via certain characters such as 1 ", 2 ', or 3 in the search field, which reveals the path in an error message...

CVE-2025-37990

In the Linux kernel, the following vulnerability has been resolved: wifi: brcm80211: fmac: Add error handling for brcmfusbdlwriteimage The function brcmfusbdlwriteimage calls the function brcmfusbdlcmd but dose not check its return value. The 'state.state' and the 'state.bytes' are uninitialized ...

CVE-2025-37990

CVE-2025-37990 affects the Linux kernel’s wifi/brcm80211 fmac, where brcmf_usb_dl_writeimage() did not validate the return value of brcmf_usb_dl_cmd(), leaving state.state and state.bytes uninitialized if the call failed. The fix adds error handling to jump to the error path when brcmf_usb_dl_cmd...

CLSA-2025-1747431041 Fix CVE(s): CVE-2024-10976, CVE-2024-10977

SECURITY UPDATE: incomplete tracking of row security allows unauthorized access to data - debian/patches/CVE-2024-10976.patch: Ensure cached plans to be correctly marked as dependent on role to fix the issue of neglected marking which could lead to incorrect row visibility. - CVE-2024-10976...

CVE-2025-46746 Error Message Contains Sensitive Information

An administrator could discover another account's credentials...

CVE-2025-46746

CVE-2025-46746 describes an vulnerability where an administrator could discover another account’s credentials. Connected sources tie this to Schweitzer Engineering Laboratories products (e.g., SEL-5033 acSELerator RTAC Software, SEL-5702, SEL-5035; PT-2025-20718 references SEL Blueframe OS; CNNVD...

IBM InfoSphere Information Server Information Disclosure Vulnerability (CNVD-2025-09278)

IBM InfoSphere Information Server is a set of data integration platforms from International Business Machines IBM. The platform can be used to integrate data information obtained from various sources. An information disclosure vulnerability exists in IBM InfoSphere Information Server version 11.7...

GO-2025-3663 Hashicorp Vault Community vulnerable to Generation of Error Message Containing Sensitive Information in github.com/hashicorp/vault

Hashicorp Vault Community vulnerable to Generation of Error Message Containing Sensitive Information in github.com/hashicorp/vault...

GHSA-GCQF-F89C-68HV Hashicorp Vault Community vulnerable to Generation of Error Message Containing Sensitive Information

Vault Community and Vault Enterprise Key/Value kv Version 2 plugin may unintentionally expose sensitive information in server and audit logs when users submit malformed payloads during secret creation or update operations via the Vault REST API. This vulnerability, identified as CVE-2025-4166, is...

ADC-13.1-Error "Custom header name is too long" with rewrite action DELETE_HTTP_HEADER in Netscaler

When you want to delete HTTP header "X-Permitted-Cross-Domain-Policies" with rewrite action DELETEHTTPHEADER, Netscaler prompts this error "Custom header name is too long"...

CVE-2025-0049 Disclosure of sensitive information in an error message in GoAnywhere prior to version 7.8.0

When a Web User without Create permission on subfolders attempts to upload a file to a non-existent directory, the error message includes the absolute server path which may allow Fuzzing for application mapping. This issue affects GoAnywhere: before 7.8.0...

CVE-2025-0049 Disclosure of sensitive information in an error message in GoAnywhere prior to version 7.8.0

When a Web User without Create permission on subfolders attempts to upload a file to a non-existent directory, the error message includes the absolute server path which may allow Fuzzing for application mapping. This issue affects GoAnywhere: before 7.8.0...

CVE-2025-46575

There is an information disclosure vulnerability in the GoldenDB database product. Attackers can exploit error messages to obtain the system's sensitive information...

CVE-2025-46574

There is an information disclosure vulnerability in the GoldenDB database product. Attackers can exploit error messages to obtain the system's sensitive information...

CVE-2025-25045

IBM InfoSphere Information 11.7 Server authenticated user to obtain sensitive information when a detailed technical error message is returned in a request. This information could be used in further attacks against the system...

CVE-2025-25045

IBM InfoSphere Information 11.7 Server authenticated user to obtain sensitive information when a detailed technical error message is returned in a request. This information could be used in further attacks against the system...