CVE-2026-42871

WeGIA is a web manager for charitable institutions. In versions prior to 3.7.0, atendido/familiardocfamiliar.php displays an overly descriptive error message, including database-related details. This verbosity leads to information disclosure, which could assist a potential attacker in mapping the...

EUVD-2026-29186

WeGIA is a web manager for charitable institutions. In versions prior to 3.7.0, atendido/familiardocfamiliar.php displays an overly descriptive error message, including database-related details. This verbosity leads to information disclosure, which could assist a potential attacker in mapping the...

CVE-2026-34045

A flaw was found in Podman Desktop. A remote attacker can exploit an unauthenticated HTTP server, which lacks proper connection limits and timeouts, to trigger denial-of-service DoS conditions. This can lead to application crashes or a complete host freeze. Additionally, verbose error responses...

CVE-2026-34045

Podman Desktop prior to 1.26.2 contains an unauthenticated HTTP server that, due to missing connection limits and timeouts, can be abused over the network to trigger denial-of-service conditions and to extract sensitive information. The vulnerability can exhaust file descriptors and kernel memory...

CVE-2026-2484

IBM InfoSphere Information Server is affected by an information-exposure vulnerability (CVE-2026-2484) caused by overly verbose error messages. Affected versions are InfoSphere Information Server 11.7.0.0 to 11.7.1.6. The issue is CVSS Base 4.3 (Vector: CVSS 3.1: AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A...

EulerOS 2.0 SP12 : golang (EulerOS-SA-2026-1363)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The Reader.ReadResponse function constructs a response string through repeated string concatenation of lines. When the number of lines in a respon...

Information Exposure

Overview ttsfm is a Text-to-Speech API Client with OpenAI compatibility Affected versions of this package are vulnerable to Information Exposure due to verbose and unsanitized error handling in FFmpeg-related operations. An attacker can deliberately trigger FFmpeg errors using malformed audio...

CVE-2025-66260 PostgreSQL SQL Injection (status_sql.php)

PostgreSQL SQL Injection statussql.php in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform SQL injection via sw1 and sw2 parameters in statussql.php. The statussql.php endpoint constructs...

CVE-2025-66260 PostgreSQL SQL Injection (status_sql.php)

PostgreSQL SQL Injection statussql.php in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform SQL injection via sw1 and sw2 parameters in statussql.php. The statussql.php endpoint constructs...

CVE-2025-61959

Prior to September 19, 2025, the Hospital Manager Backend Services returned verbose ASP.NET error pages for invalid WebResource.axd requests, disclosing framework and ASP.NET version information, stack traces, internal paths, and the insecure configuration 'customErrors mode="Off"', which could...

CVE-2025-61959

Prior to September 19, 2025, the Hospital Manager Backend Services returned verbose ASP.NET error pages for invalid WebResource.axd requests, disclosing framework and ASP.NET version information, stack traces, internal paths, and the insecure configuration 'customErrors mode="Off"', which could...

Revive Adserver: Information Disclosure via Verbose Error Messages

Version: ==revive-adserver 6.0.0== Summary: Revive Adserver v6.0.0 exposes sensitive technical details through verbose error messages, revealing the exact MySQL/MariaDB version, SQL queries, and PHP environment details. Attackers can use this information to identify known vulnerabilities or craft...

CVE-2024-5250

In versions of Akana API Platform prior to 2024.1.0 overly verbose errors can be found in SAML integrations...

CVE-2022-31023

Play Framework is a web framework for Java and Scala. Verions prior to 2.8.16 are vulnerable to generation of error messages containing sensitive information. Play Framework, when run in dev mode, shows verbose errors for easy debugging, including an exception stack trace. Play does this by...

CVE-2024-5250

In versions of Akana API Platform prior to 2024.1.0 overly verbose errors can be found in SAML integrations...

CVE-2024-5250 Overly Verbose Errors in SAML Integration

In versions of Akana API Platform prior to 2024.1.0 overly verbose errors can be found in SAML integrations...

CVE-2024-5250

CVE-2024-5250 affects Akana API Platform versions prior to 2024.1.0, where SAML integration error messages are overly verbose. The issue is documented across multiple feeds (NVD/Red Hat/Son to ENISA and PT Security) and centers on verbose SAML error reporting rather than a runtime compromise vect...

PT-2024-35341 · Akana · Akana Api Platform

Name of the Vulnerable Software and Affected Versions: Akana API Platform versions prior to 2024.1.0 Description: The issue concerns overly verbose errors found in SAML integrations. Recommendations: For versions prior to 2024.1.0, update to version 2024.1.0 or later to resolve the issue...

CVE-2022-2508

In affected versions of Octopus Server it is possible to reveal the existence of resources in a space that the user does not have access to due to verbose error messaging...

Dev error stack trace leaking into prod in Play Framework

Impact Play Framework, when run in dev mode, shows verbose errors for easy debugging, including an exception stack trace. Play does this by configuring its DefaultHttpErrorHandler to do so based on the application mode. In its Scala API Play also provides a static object DefaultHttpErrorHandler...