Lucene search
K

1211 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:28 p.m.9 views

CVE-2026-4901

Hydrosystem Control System saves sensitive information into a log file. Critically, user credentials are logged allowing the attacker to obtain further authorized access into the system. Combined with vulnerability CVE-2026-34184, these sensitive information could be accessed by an unauthorized...

6.9CVSS5.5AI score0.00259EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:18 p.m.10 views

CVE-2026-45728

Algernon is a small self-contained pure-Go web server. Prior to 1.17.7, when Algernon is invoked with a single file path instead of a directory, singleFileMode is set to true and debugMode is forcibly enabled. debugMode activates the PrettyError renderer, which on any Lua or template error respon...

7.5CVSS5.5AI score0.00303EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:10 p.m.13 views

CVE-2026-8671

Insertion of sensitive information into log file vulnerability in syslink software AG Avantra on Linux, Windows allows Resource Leak Exposure. This issue affects Avantra: before 25.3.0...

7.5CVSS5.4AI score0.00216EPSS
Exploits0References1
F5 Networks
F5 Networks
added 2026/06/05 6:59 a.m.24 views

K000161596: Multiple Apache Tomcat vulnerabilities

Security Advisory Description CVE-2026-25854 Occasional URL redirection to untrusted Site 'Open Redirect' vulnerability in Apache Tomcat via the LoadBalancerDrainingValve. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.1.0-M1 through 10.1.52, from 9.0.0.M23 through...

9.1CVSS5.8AI score0.03494EPSS
Exploits2
ATTACKERKB
ATTACKERKB
added 2026/06/04 1:26 a.m.8 views

CVE-2026-10737

The SP Project & Document Manager plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the viewfile function in all versions up to, and including, 4.71. This makes it possible for unauthenticated attackers to read file metadata and obtain download links f...

7.5CVSS5.9AI score0.003EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/03 10:16 a.m.13 views

EUVD-2026-34070

It is possible for an unauthenticated adjacent attacker to download log files of the controller, which may disclose some restricted information...

7.5CVSS5.8AI score0.0026EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/01 11:45 a.m.17 views

EUVD-2026-33633

A flaw has been found in SourceCodester Pet Grooming Management Software 1.0. Affected is an unknown function of the file /admin/. This manipulation causes file and directory information exposure. The attack can be initiated remotely. The exploit has been published and may be used...

6.9CVSS5.8AI score0.00329EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/06/01 11:45 a.m.11 views

CVE-2026-10254

A flaw has been found in SourceCodester Pet Grooming Management Software 1.0. Affected is an unknown function of the file /admin/. This manipulation causes file and directory information exposure. The attack can be initiated remotely. The exploit has been published and may be used...

6.9CVSS5.8AI score0.00329EPSS
Exploits0References6Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/01 9:3 a.m.11 views

CVE-2026-40543 Missing Authorization in SOPlanning

SOPlanning does not enforce authorization for backup functionalities. An unauthenticated attacker can directly query backup-related endpoints and retrieve backup archives containing user databases with usernames and password hashes, as well as the config.csv file, which includes additional...

8.8CVSS5.8AI score0.00273EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.17 views

PT-2026-45403

A flaw has been found in SourceCodester Pet Grooming Management Software 1.0. Affected is an unknown function of the file /admin/. This manipulation causes file and directory information exposure. The attack can be initiated remotely. The exploit has been published and may be used...

6.9CVSS5.5AI score0.00329EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.9 views

Apache Airflow 安全漏洞

Apache Airflow is an open-source platform developed by the Apache Foundation in the United States. It allows for the creation, management, and monitoring of workflows. This platform features scalability and dynamic monitoring capabilities. However, Apache Airflow has security vulnerabilities. The...

6.5CVSS5.5AI score0.00665EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/05/28 8:13 p.m.12 views

CVE-2026-9583

A weakness has been identified in SourceCodester CET Automated Grading System with AI Predictive Analytics 1.0. This impacts an unknown function of the file /index.php of the component SQL Handler. Executing a manipulation can lead to information exposure through error message. The attack may be...

5.3CVSS5.5AI score0.00242EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/05/28 12:0 a.m.9 views

IBM DB2 Multiple Vulnerabilities (7273554, 7273555, 7273556, 7273557, 7273558) (Windows)

According to its self-reported version number, IBM Db2 is affected by multiple vulnerabilities: - IBM DB2 for Linux, UNIX and Windows includes DB2 Connect Server stores potentially sensitive information in log files that could be read by a local user. CVE-2025-13755 - IBM Db2 is vulnerable to a...

7.5CVSS5.8AI score0.00362EPSS
Exploits0References10
ATTACKERKB
ATTACKERKB
added 2026/05/27 12:58 p.m.11 views

CVE-2026-5515

IBM App Connect Enterprise 13.0.1.0 through 13.0.7.0 stores potentially sensitive information in log files that could be read by a local user...

5.5CVSS5.8AI score0.001EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.9 views

IBM App Connect Enterprise 安全漏洞

IBM App Connect Enterprise is an operating system developed by IBM Corporation. IBM App Connect Enterprise combines existing, industry-trusted IBM Integration Bus technology with IBM App Connect Professional and new cloud-native technologies, providing a platform that meets the comprehensive...

5.5CVSS5.8AI score0.001EPSS
Exploits0References1
CVE
CVE
added 2026/05/26 3:46 p.m.43 views

CVE-2025-13755

CVE-2025-13755 affects IBM Db2 11.5.0–11.5.9 and 12.1.0–12.1.4 (Linux/UNIX/Windows, including Db2 Connect Server). The root cause is that the system can store potentially sensitive information in log files, which could be read by a local user, constituting a credential exposure (CWE-532). Impact ...

5.5CVSS5.8AI score0.00108EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/26 2:8 p.m.12 views

CVE-2026-41917 OpenKM 6.3.12 Local File Inclusion via Admin Scripting

OpenKM 6.3.12 contains a local file inclusion vulnerability in the administrative scripting interface at /admin/Scripting that allows authenticated administrators to read arbitrary files by supplying an attacker-controlled filesystem path through the fsPath parameter with action=Load. Attackers c...

6.9CVSS5.9AI score0.00387EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/05/26 1:42 a.m.7 views

CVE-2026-4795

A missing authorization vulnerability in Zyxel GS1200-5v3 firmware versions through 1.00ACPS.2C0, GS1200-8v3 firmware versions through 1.00ACPT.2C0, GS1200-5HPv3 firmware versions through 1.00ACPU.2C0, GS1200-8HPv3 firmware versions through 1.00ACPV.2C0, and GS1200-10v3 firmware versions through...

6.5CVSS5.8AI score0.00234EPSS
Exploits0References2Affected Software5
Positive Technologies
Positive Technologies
added 2026/05/26 12:0 a.m.22 views

PT-2026-43277

Name of the Vulnerable Software and Affected Versions IBM Db2 versions 11.5.0 through 11.5.9 IBM Db2 versions 12.1.0 through 12.1.4 Description IBM Db2 for Linux, UNIX, and Windows, including DB2 Connect Server, stores potentially sensitive information in log files. This data could be accessed an...

5.5CVSS5.8AI score0.00108EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/25 5:28 a.m.40 views

CVE-2026-25193

Insertion of Sensitive Information into Log File CWE-532 in some Command Centre Service installers could lead to Service Account credentials exposure. Mitigating Factor: Only sites that install Command Centre Services with a custom Service Account not the default Network Service account are...

8.1CVSS0.00132EPSS
Exploits0References1
Rows per page
Query Builder