14 matches found
Insertion of Sensitive Information Into Sent Data
Overview strawberry-graphql is an A library for creating GraphQL APIs Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data via the graphiql template. An attacker can obtain sensitive HTTP header values by enticing a user to enter confidential...
MBS多款产品 安全漏洞
MBS UBR-01 Mk II, etc., are products of the German MBS company. The MBS UBR-01 Mk II is a remote base station device. The MBS UBR-02 is also a remote base station device. The MBS UBR-LON is a communication interface device for industrial automation systems. Several MBS products have security...
CVE-2026-26196
Gogs is an open source self-hosted Git service. Prior to version 0.14.2, gogs api still accepts tokens in url params like token and accesstoken, which can leak through logs, browser history, and referrers. This issue has been patched in version 0.14.2...
CVE-2025-67857
A flaw was found in moodle. During anonymous assignment submissions, user identifiers were inadvertently exposed in URLs. This data exposure allows unauthorized viewers to see internal user IDs, compromising the intended anonymity and potentially leading to information disclosure...
CVE-2025-27662
Vasion Print formerly PrinterLogic before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Password in URL OVE-20230524-0005...
CVE-2023-23841
SolarWinds Serv-U is submitting an HTTP request when changing or updating the attributes for File Share or File request. Part of the URL of the request discloses sensitive data...
PT-2023-19247 · Solarwinds · Solarwinds Serv-U
Name of the Vulnerable Software and Affected Versions: SolarWinds Serv-U affected versions not specified Description: The issue concerns SolarWinds Serv-U submitting an HTTP request when changing or updating attributes for File Share or File request, where part of the URL of the request discloses...
CVE-2022-36200
In FiberHome VDSL2 Modem HG150-UbV3.0, Credentials of Admin are submitted in URL, which can be logged/sniffed...
Mozilla: URL leakage when navigating while executing asynchronous function
The Mozilla Foundation Security Advisory describes this flaw as: Under certain circumstances, asynchronous functions could have caused a navigation to fail but expose the target URL...
PT-2021-8816 · Mitsubishi · Smartrtu
Name of the Vulnerable Software and Affected Versions: Mitsubishi Electric Europe B.V. SmartRTU devices affected versions not specified Description: The issue allows remote attackers to obtain sensitive information, including directory listings and source code, by making a direct request to the...
CVE-2017-16122
cuciuci is a simple fileserver. cuciuci is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url...
Unspecified Vulnerability in McAfee Network Security Management
McAfee Network Security Management NSM is a suite of network security solutions from McAfee that enables real-time monitoring of deployed McAfee intrusion prevention systems across the network. A security vulnerability exists in the Web interface in McAfee NSM that originates from a program passi...
CVE-2018-7272
The REST APIs in ForgeRock AM before 5.5.0 include SSOToken IDs as part of the URL, which allows attackers to obtain sensitive information by finding an ID value in a log file...
The vulnerability of the Mac OS X operating system, which allows a perpetrator to obtain confidential information
The vulnerability of the iBooks component in the Mac OS X operating system is related to the lack of protection for service data. Exploiting this vulnerability allows a malicious actor to obtain confidential information through a URL in the iBooks file...