173 matches found
CVE-2025-32238 WordPress Online Booking & Scheduling Calendar for WordPress by vcita plugin <= 4.5.5 - Sensitive Data Exposure vulnerability
Generation of Error Message Containing Sensitive Information vulnerability in vcita Online Booking & Scheduling Calendar for WordPress by vcita meeting-scheduler-by-vcita allows Retrieve Embedded Sensitive Data.This issue affects Online Booking & Scheduling Calendar for WordPress by vcita: from n...
CVE-2025-32238
Technical specifics for CVE-2025-32238 (vcita WordPress plugin) are not provided in the connected documents. Public details about affected versions, impact, vectors, or fixes are not available here; monitor for updates from the vendor/security sources.
CVE-2025-2239
Summary: CVE-2025-2239 is a vulnerability in Hillstone Networks’ Next Generation Firewall. The issue is described as the “generation of an error message containing sensitive information,” affecting Hillstone Next Generation Firewall versions from 5.5R8P1 up to, but not including, 5.5R8P23. The co...
CVE-2025-2239 Absolute Path Disclosure Vulnerability in Hillstone Next Generation FireWall
Generation of Error Message Containing Sensitive Information vulnerability in Hillstone Networks Hillstone Next Generation FireWall.This issue affects Hillstone Next Generation FireWall: from 5.5R8P1 before 5.5R8P23...
GHSA-46R4-F8GJ-XG56 The SimpleSAMLphp SAML2 library incorrectly verifies signatures for HTTP-Redirect binding
Summary There's a signature confusion attack in the HTTPRedirect binding. An attacker with any signed SAMLResponse via the HTTP-Redirect binding can cause the application to accept an unsigned message. I believe that it exists for v4 only. I have not yet developed a PoC. V5 is well designed and...
CVE-2024-50696
SunGrow WiNet-S firmware upgrade process lacks integrity checking for updates in V200.001.00.P025 and earlier. A crafted MQTT message can trigger installation of a bogus firmware file hosted on an attacker-controlled server, potentially compromising an inverter or WiNet connectivity dongle. Affec...
Huawei HarmonyOS UI Framework Module Log Message Improper Control Vulnerability
Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. An improperly controlled log message vulnerability exists in the Huawei HarmonyOS UI framework module, which can be exploited by an attacker to compromise...
CVE-2025-0513
CVE-2025-0513 affects Octopus Server; root cause is unsafe handling of error page messages. If an attacker can influence any part of an error message, they may embed code, potentially affecting the user viewing the error. Documents provide CVSS v3.1 (Base 5.4, Network, Low privileges, User intera...
CVE-2024-56197
Discourse is an open source platform for community discussion. PM titles and metadata can be read by other users when the "PM tags allowed for groups" option is enabled, the other user is a member of a group added to this option, and the PM has been tagged. This issue has been patched in the late...
CVE-2024-45658
IBM Security Verify Access Appliance and Container 10.0.0 through 10.0.8 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system...
Huawei HarmonyOS 安全漏洞
Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. An improperly controlled log message vulnerability exists in the Huawei HarmonyOS UI framework module, which can be exploited by an attacker to compromise...
Security Bulletin: IBM MQ Console is affected by a password disclosure vulnerability (CVE-2024-52896)
Summary IBM MQ has addressed a password disclosure vulnerability in the IBM MQ Console. Vulnerability Details CVEID:CVE-2024-52896 DESCRIPTION: IBM MQ web console could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned. CWE:CWE-209:...
Security Bulletin: IBM MQ Console is affected by a password disclosure vulnerability (CVE-2024-52897)
Summary IBM MQ has addressed a password disclosure vulnerability in the IBM MQ Console. Vulnerability Details CVEID:CVE-2024-52897 DESCRIPTION: IBM MQ web console could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned. CWE:CWE-209:...
CVE-2024-50698
SunGrow WiNet-SV200.001.00.P027 and earlier versions is vulnerable to heap-based buffer overflow due to bounds checks of the MQTT message content...
The vulnerability of the Login Message function in the microprogrammed industrial Ethernet switches Moxa MGate allows a attacker to perform XSS attacks.
The vulnerability of the Login Message function in the microprogrammed industrial Ethernet switches Moxa MGate relates to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks remotely...
CVE-2024-11625
Information Exposure Through an Error Message vulnerability in Progress Software Corporation Sitefinity.This issue affects Sitefinity: from 4.0 through 14.4.8142, from 15.0.8200 through 15.0.8229, from 15.1.8300 through 15.1.8327, from 15.2.8400 through 15.2.8421...
CVE-2024-51460
IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information when a detailed technical error message is returned in a stack trace. This information could be used in further attacks against the system...
CVE-2024-52324 Ruijie Reyee OS Use of Inherently Dangerous Function
Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x uses an inherently dangerous function which could allow an attacker to send a malicious MQTT message resulting in devices executing arbitrary OS commands...
Cross-Site Scripting (XSS)
@sveltejs/kit is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper handling of user-controlled input in the error message. Specifically, the placeholders in error.html are replaced with content without escaping, which can allow malicious content to be injected and...
DEBIAN-CVE-2024-10466
By sending a specially crafted push message, a remote server could have hung the parent process, causing the browser to become unresponsive. This vulnerability affects Firefox 132, Firefox ESR 128.4, Thunderbird 128.4, and Thunderbird 132...