Lucene search
K

173 matches found

Cvelist
Cvelist
added 2025/04/04 3:59 p.m.16 views

CVE-2025-32238 WordPress Online Booking & Scheduling Calendar for WordPress by vcita plugin <= 4.5.5 - Sensitive Data Exposure vulnerability

Generation of Error Message Containing Sensitive Information vulnerability in vcita Online Booking & Scheduling Calendar for WordPress by vcita meeting-scheduler-by-vcita allows Retrieve Embedded Sensitive Data.This issue affects Online Booking & Scheduling Calendar for WordPress by vcita: from n...

4.3CVSS0.00475EPSS
Exploits0References1
CVE
CVE
added 2025/04/04 3:59 p.m.69 views

CVE-2025-32238

Technical specifics for CVE-2025-32238 (vcita WordPress plugin) are not provided in the connected documents. Public details about affected versions, impact, vectors, or fixes are not available here; monitor for updates from the vendor/security sources.

4.3CVSS7.2AI score0.00475EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2025/03/12 9:53 a.m.53 views

CVE-2025-2239

Summary: CVE-2025-2239 is a vulnerability in Hillstone Networks’ Next Generation Firewall. The issue is described as the “generation of an error message containing sensitive information,” affecting Hillstone Next Generation Firewall versions from 5.5R8P1 up to, but not including, 5.5R8P23. The co...

5.3CVSS5.4AI score0.00338EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/03/12 9:53 a.m.7 views

CVE-2025-2239 Absolute Path Disclosure Vulnerability in Hillstone Next Generation FireWall

Generation of Error Message Containing Sensitive Information vulnerability in Hillstone Networks Hillstone Next Generation FireWall.This issue affects Hillstone Next Generation FireWall: from 5.5R8P1 before 5.5R8P23...

5.3CVSS5.4AI score0.00338EPSS
Exploits0References1
OSV
OSV
added 2025/03/11 7:23 p.m.8 views

GHSA-46R4-F8GJ-XG56 The SimpleSAMLphp SAML2 library incorrectly verifies signatures for HTTP-Redirect binding

Summary There's a signature confusion attack in the HTTPRedirect binding. An attacker with any signed SAMLResponse via the HTTP-Redirect binding can cause the application to accept an unsigned message. I believe that it exists for v4 only. I have not yet developed a PoC. V5 is well designed and...

8.6CVSS8.5AI score0.00296EPSS
Exploits0References7
CVE
CVE
added 2025/02/26 12:0 a.m.66 views

CVE-2024-50696

SunGrow WiNet-S firmware upgrade process lacks integrity checking for updates in V200.001.00.P025 and earlier. A crafted MQTT message can trigger installation of a bogus firmware file hosted on an attacker-controlled server, potentially compromising an inverter or WiNet connectivity dongle. Affec...

7.5CVSS6.7AI score0.00208EPSS
Exploits0References1Affected Software1
CNVD
CNVD
added 2025/02/18 12:0 a.m.7 views

Huawei HarmonyOS UI Framework Module Log Message Improper Control Vulnerability

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. An improperly controlled log message vulnerability exists in the Huawei HarmonyOS UI framework module, which can be exploited by an attacker to compromise...

7.5CVSS7AI score0.00313EPSS
Exploits0References1
CVE
CVE
added 2025/02/11 10:27 a.m.69 views

CVE-2025-0513

CVE-2025-0513 affects Octopus Server; root cause is unsafe handling of error page messages. If an attacker can influence any part of an error message, they may embed code, potentially affecting the user viewing the error. Documents provide CVSS v3.1 (Base 5.4, Network, Low privileges, User intera...

5.4CVSS6.8AI score0.00225EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/02/08 4:37 a.m.12 views

CVE-2024-56197

Discourse is an open source platform for community discussion. PM titles and metadata can be read by other users when the "PM tags allowed for groups" option is enabled, the other user is a member of a group added to this option, and the PM has been tagged. This issue has been patched in the late...

4.9CVSS6.5AI score0.00343EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/08 4:37 a.m.7 views

CVE-2024-45658

IBM Security Verify Access Appliance and Container 10.0.0 through 10.0.8 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system...

2.7CVSS3.2AI score0.00415EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/02/06 12:0 a.m.5 views

Huawei HarmonyOS 安全漏洞

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. An improperly controlled log message vulnerability exists in the Huawei HarmonyOS UI framework module, which can be exploited by an attacker to compromise...

7.5CVSS6.7AI score0.00313EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/28 10:8 p.m.19 views

Security Bulletin: IBM MQ Console is affected by a password disclosure vulnerability (CVE-2024-52896)

Summary IBM MQ has addressed a password disclosure vulnerability in the IBM MQ Console. Vulnerability Details CVEID:CVE-2024-52896 DESCRIPTION: IBM MQ web console could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned. CWE:CWE-209:...

6.2CVSS6.3AI score0.0027EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/28 10:8 p.m.18 views

Security Bulletin: IBM MQ Console is affected by a password disclosure vulnerability (CVE-2024-52897)

Summary IBM MQ has addressed a password disclosure vulnerability in the IBM MQ Console. Vulnerability Details CVEID:CVE-2024-52897 DESCRIPTION: IBM MQ web console could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned. CWE:CWE-209:...

6.2CVSS6.3AI score0.00205EPSS
Exploits0Affected Software1
Cvelist
Cvelist
added 2025/01/24 12:0 a.m.30 views

CVE-2024-50698

SunGrow WiNet-SV200.001.00.P027 and earlier versions is vulnerable to heap-based buffer overflow due to bounds checks of the MQTT message content...

0.00552EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2025/01/20 12:0 a.m.7 views

The vulnerability of the Login Message function in the microprogrammed industrial Ethernet switches Moxa MGate allows a attacker to perform XSS attacks.

The vulnerability of the Login Message function in the microprogrammed industrial Ethernet switches Moxa MGate relates to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks remotely...

5.1CVSS5.4AI score0.00287EPSS
Exploits0References2Affected Software3
Cvelist
Cvelist
added 2025/01/07 7:48 a.m.18 views

CVE-2024-11625

Information Exposure Through an Error Message vulnerability in Progress Software Corporation Sitefinity.This issue affects Sitefinity: from 4.0 through 14.4.8142, from 15.0.8200 through 15.0.8229, from 15.1.8300 through 15.1.8327, from 15.2.8400 through 15.2.8421...

7.7CVSS0.00285EPSS
Exploits0References2
NVD
NVD
added 2024/12/11 1:15 p.m.22 views

CVE-2024-51460

IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information when a detailed technical error message is returned in a stack trace. This information could be used in further attacks against the system...

4.3CVSS0.00293EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/12/06 6:25 p.m.17 views

CVE-2024-52324 Ruijie Reyee OS Use of Inherently Dangerous Function

Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x uses an inherently dangerous function which could allow an attacker to send a malicious MQTT message resulting in devices executing arbitrary OS commands...

9.8CVSS7AI score0.00691EPSS
Exploits0References1
Veracode
Veracode
added 2024/12/02 10:36 a.m.15 views

Cross-Site Scripting (XSS)

@sveltejs/kit is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper handling of user-controlled input in the error message. Specifically, the placeholders in error.html are replaced with content without escaping, which can allow malicious content to be injected and...

5.4CVSS6.2AI score0.0047EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2024/10/29 1:15 p.m.4 views

DEBIAN-CVE-2024-10466

By sending a specially crafted push message, a remote server could have hung the parent process, causing the browser to become unresponsive. This vulnerability affects Firefox 132, Firefox ESR 128.4, Thunderbird 128.4, and Thunderbird 132...

7.5CVSS6.6AI score0.00809EPSS
Exploits0References1
Rows per page
Query Builder