62 matches found
EUVD-2026-10448
SAP Solution Tools Plug-In ST-PI contains a function module that does not perform the necessary authorization checks for authenticated users, allowing system information to be disclosed. This vulnerability has a low impact on confidentiality and does not affect integrity or availability...
EUVD-2026-10449
SAP Solution Tools Plug-In ST-PI contains a function module that does not perform the necessary authorization checks for authenticated users, allowing system information to be disclosed. This vulnerability has a low impact on confidentiality and does not affect integrity or availability...
CVE-2026-24313
SAP Solution Tools Plug-In ST-PI contains a function module that does not perform the necessary authorization checks for authenticated users, allowing system information to be disclosed. This vulnerability has a low impact on confidentiality and does not affect integrity or availability...
CVE-2026-24313 Missing Authorization check in SAP Solution Tools Plug-In (ST-PI)
SAP Solution Tools Plug-In ST-PI contains a function module that does not perform the necessary authorization checks for authenticated users, allowing system information to be disclosed. This vulnerability has a low impact on confidentiality and does not affect integrity or availability...
CVE-2026-24313 Missing Authorization check in SAP Solution Tools Plug-In (ST-PI)
SAP Solution Tools Plug-In ST-PI contains a function module that does not perform the necessary authorization checks for authenticated users, allowing system information to be disclosed. This vulnerability has a low impact on confidentiality and does not affect integrity or availability...
CVE-2026-29787
Summary of CVE-2026-29787 (mcp-memory-service) : The /api/health/detailed endpoint exposes detailed reconnaissance data (OS version, Python version, CPU, memory, disk usage, and the full database path). This occurs when anonymous access is enabled (MCP_ALLOW_ANONYMOUS_ACCESS=true) and the service...
CVE-2026-23681
Due to missing authorization check in a function module in SAP Support Tools Plug-In, an authenticated attacker could invoke specific function modules to retrieve information about the system and its configuration. This disclosure of the system information could assist the attacker to plan...
CVE-2026-0486 Missing Authorization Check in ABAP based SAP systems
In ABAP based SAP systems a remote enabled function module does not perform necessary authorization checks for an authenticated user resulting in disclosure of system information.This has low impact on confidentiality. Integrity and availability are not impacted...
CVE-2026-0486
In ABAP-based SAP systems, a remote-enabled function module lacks necessary authorization checks for an authenticated user, leading to disclosure of system information. Root cause: missing authorization validation in the module. Impact: confidentiality low; integrity and availability not affected...
CVE-2025-12192 The Events Calendar <= 6.15.9 - Sysinfo Key Incorrect Comparison to Unauthenticated Sensitive Information Exposure
The Events Calendar plugin for WordPress is vulnerable to information disclosure in versions up to, and including, 6.15.9. The sysinfo REST endpoint compares the provided key to the stored opt-in key using a loose comparison, allowing unauthenticated attackers to send a boolean value and obtain t...
EUVD-2001-1214
Malware in sbrugna...
EUVD-2020-5062
Malware in sbrugna...
Marvell QConvergeConsole 路径遍历漏洞
Marvell QConvergeConsole is a unified adapter management software across data centers from Marvell USA. A path traversal vulnerability exists in Marvell QConvergeConsole due to an error in the compressDriverFiles method. An attacker could exploit the vulnerability to disclose information in the...
CVE-2024-0472
A vulnerability was found in code-projects Dormitory Management System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file modifyuser.php. The manipulation of the argument mname leads to information disclosure. The exploit has been disclosed to the public...
ABB Cylon FLXeon 9.3.5 (variant.js) Unauthenticated System Information Disclosure
Summary BACnet® Smart Building Controllers. ABB's BACnet portfolio features a series of BACnet® IP and BACnet MS/TP field controllers for ASPECT® and INTEGRA™ building management solutions. ABB BACnet controllers are designed for intelligent control of HVAC equipment such as central plant, boiler...
CVE-2025-42604
CVE-2025-42604 affects Meon KYC solutions. The root cause is that debug mode is enabled in certain API endpoints, which an attacker could access to receive unauthorized API responses that disclose detailed system information. The available documents describe the vulnerability as an information di...
Meon KYC 安全漏洞
Meon KYC is a solution from Meon India. A security vulnerability exists in Meon KYC that stems from debug mode being enabled on certain API endpoints, which could lead to the disclosure of system related information...
CVE-2025-27738
Improper access control in Windows Resilient File System ReFS allows an authorized attacker to disclose information over a network...
CVE-2025-27738 Windows Resilient File System (ReFS) Information Disclosure Vulnerability
...
CVE-2023-38714
IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, and 2.3.3.7 iFix1 could disclose sensitive information about the system that could aid in further attacks against the system...