CVE-2025-62311 HCL AION is affected by a vulnerability where backend service details may be transmitted over insecure HTTP channels.

HCL AION is affected by a vulnerability where backend service details may be transmitted over insecure HTTP channels. This may expose sensitive information to potential interception or unauthorized access during transmission under certain conditions...

CVE-2026-27796 Homarr: Unauthenticated Information Disclosure (Integration Metadata Leak)

Homarr is an open-source dashboard. Prior to version 1.54.0, the integration.all tRPC endpoint in Homarr is exposed as a publicProcedure, allowing unauthenticated users to retrieve a complete list of configured integrations. This metadata includes sensitive information such as internal service...

Missing Authentication

Overview Affected versions of this package are vulnerable to Missing Authentication in the xDS interface. An attacker can access sensitive configuration data, including certificate information, backend service details, routing rules, and cluster metadata, by connecting to the exposed port without...

EUVD-2021-1841

Malware in sbrugna...

CVE-2024-9802 Conformance validation endpoint discloses detail about service to unauthenticated users

The conformance validation endpoint is public so everybody can verify the conformance of onboarded services. The response could contain specific information about the service, including available endpoints, and swagger. It could advise about the running version of a service to an attacker. The...

CVE-2024-9802 Conformance validation endpoint discloses detail about service to unauthenticated users

The conformance validation endpoint is public so everybody can verify the conformance of onboarded services. The response could contain specific information about the service, including available endpoints, and swagger. It could advise about the running version of a service to an attacker. The...

Nokia Airscale ASIKA Single RAN 安全漏洞

Nokia Airscale ASIKA Single RAN is an application for end-to-end use by Nokia of Finland. A security vulnerability exists in Nokia Airscale ASIKA Single RAN, which originates from a mobile network operator's personnel connected to the BTS Web Element Manager, regardless of their access rights, ma...

Incorrect Access Control in Nacos

Nacos 1.1.4 is affected by: Incorrect Access Control. An environment can be set up locally to get the service details interface. Then other Nacos service names can be accessed through the service list interface. Service details can then be accessed when not logged in...

Nacos Information Disclosure Vulnerability

nacos is a dynamic service discovery, configuration and service management platform for Alibaba in China. The software supports both DNS-based and RPC-based service discovery, and provides features such as providing real-time health checks and blocking services from sending requests to unhealthy...

CVE-2020-19676

Nacos 1.1.4 is affected by: Incorrect Access Control. An environment can be set up locally to get the service details interface. Then other Nacos service names can be accessed through the service list interface. Service details can then be accessed when not logged in...

Information disclosure

Nacos 1.1.4 is affected by: Incorrect Access Control. An environment can be set up locally to get the service details interface. Then other Nacos service names can be accessed through the service list interface. Service details can then be accessed when not logged in...

Apache NiFi Information Disclosure Vulnerability

Apache NiFi is a data processing and distribution system of the American Apache Apache Software Foundation. The system is primarily used for data routing, transformation and system intermediary logic. An information disclosure vulnerability exists in Apache NiFi versions 1.3.0 through 1.9.2, whic...

CVE-2016-0708

Applications deployed to Cloud Foundry, versions v166 through v227, may be vulnerable to a remote disclosure of information, including, but not limited to environment variables and bound service details. For applications to be vulnerable, they must have been staged using automatic buildpack...