123845 matches found
CVE-2026-13958
CVE-2026-13958 affects Google Chrome on Windows before version 150.0.7871.47. The issue is an uninitialized use in codecs, allowing a remote attacker to potentially read sensitive information from process memory via a crafted HTML page. The description confirms the vulnerability scope (Windows bu...
CVE-2026-56369
CVE-2026-56369 concerns ImageMagick prior to 7.1.2-22, where an information-disclosure vulnerability arises in the PasskeyEncipherImage method due to AES-CTR nonce reuse. Attackers could potentially recover plaintext from encrypted images because the nonce is reused in the CTR mode. The available...
CVE-2026-56327
Capgo before 12.128.2 contains an information disclosure vulnerability in the public.invite_user_to_org RPC that allows unauthenticated attackers to enumerate organization existence by observing distinct error responses. Attackers can call a SECURITY DEFINER function with a publishable API key to...
CVE-2026-56318
Capgo before 12.128.2 is affected by an information disclosure vulnerability in /private/validate_password_compliance that lets unauthenticated attackers enumerate valid organization UUIDs via differing responses for malformed, non-existent, and existing IDs. Impact is confidentiality exposure; r...
EUVD-2025-210377
IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system...
EUVD-2026-40401
IBM Langflow OSS 1.0.0 through 1.9.6 contains a missing authentication vulnerability in /api/v1/buildpublictmp/ endpoints that allows an unauthenticated attacker to read build event data or cancel jobs using a valid job identifier, resulting in information disclosure and denial of service...
EUVD-2026-40398
IBM WebSphere Application Server 9.0, and 8.5 could allow a remote attacker to obtain sensitive information from the administrative console's integrated help system...
CVE-2026-9836
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is affected by an information disclosure vulnerability...
CVE-2026-9836 IBM DataStage Flow Designer application is affected by an information disclosure vulnerability
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is affected by an information disclosure vulnerability...
EUVD-2026-40378
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is affected by an information disclosure vulnerability...
Important: Red Hat Security Advisory: ruby:3.3 security update
An update for the ruby:3.3 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
net-imap: ruby: Net::IMAP: Information disclosure via man-in-the-middle attack bypassing TLS
A flaw was found in the Ruby net-imap library. When upgrading a cleartext IMAP connection to TLS using the Net::IMAPstarttls method, the library improperly handles certain responses received during STARTTLS negotiation. A man-in-the-middle MITM attacker can inject a predicted tagged OK response...
net-imap: ruby: Net::IMAP: Information disclosure via man-in-the-middle attack bypassing TLS
A flaw was found in the Ruby net-imap library. When upgrading a cleartext IMAP connection to TLS using the Net::IMAPstarttls method, the library improperly handles certain responses received during STARTTLS negotiation. A man-in-the-middle MITM attacker can inject a predicted tagged OK response...
Important: Red Hat Security Advisory: ruby security update
An update for ruby is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...
net-imap: ruby: Net::IMAP: Information disclosure via man-in-the-middle attack bypassing TLS
A flaw was found in the Ruby net-imap library. When upgrading a cleartext IMAP connection to TLS using the Net::IMAPstarttls method, the library improperly handles certain responses received during STARTTLS negotiation. A man-in-the-middle MITM attacker can inject a predicted tagged OK response...
net-imap: ruby: Net::IMAP: Information disclosure via man-in-the-middle attack bypassing TLS
A flaw was found in the Ruby net-imap library. When upgrading a cleartext IMAP connection to TLS using the Net::IMAPstarttls method, the library improperly handles certain responses received during STARTTLS negotiation. A man-in-the-middle MITM attacker can inject a predicted tagged OK response...
Important: Red Hat Security Advisory: ruby:2.5 security update
An update for the ruby:2.5 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
CVE-2026-27883
Coolify vulnerability CVE-2026-27883 is an intra-organization information disclosure (IDOR) affecting deployments details via GET /api/v1/deployments/{uuid}. Before 4.0.0-beta.464, an authenticated user could access deployment data for any team because the token-provided teamId was not used to sc...
CVE-2026-27881
CVE-2026-27881 (Coolify) arises from a missing ownership check in GET /api/v1/deployments/{uuid} within DeployController.php, allowing any authenticated API user to read deployment records from other teams. The issue precedes version 4.0.0-beta.464 and is resolved in 4.0.0-beta.464. Affected comp...
CVE-2026-58013 Glib: buffer over-read in glib/giochannel.c via "g_io_channel_read_line_backend"
A flaw was found in GLib. A buffer over-read can occur in giochannelreadlinebackend in the giochannel.c file when a custom line terminator with a length greater than one is set, causing memcmp to read past the GString buffer. This vulnerability can cause a minor information disclosure of 7 bytes ...