52 matches found
EUVD-2023-0851
Malicious code in bioql PyPI...
EUVD-2024-1313
Malicious code in bioql PyPI...
EUVD-2025-24963
Malicious code in bioql PyPI...
CVE-2025-8342
CVE-2025-8342 concerns the WooCommerce OTP Login With Phone Number, OTP Verification plugin for WordPress. Affected versions up to 1.8.47 allow unauthenticated attackers to bypass OTP verification via faulty empty-value checks in lwp_ajax_register and exploit Firebase API error handling when the ...
Malicious code in web-api-error (npm)
The package web-api-error was found to contain malicious code...
MAL-2025-38964 Malicious code in web-api-error (npm)
The package web-api-error was found to contain malicious code...
CVE-2021-32561
OctoPrint before 1.6.0 allows XSS because API error messages include the values of input parameters...
CVE-2018-12297
Cross-site scripting in API error pages in Seagate NAS OS version 4.3.15.1 allows attackers to execute JavaScript via URL path names...
CVE-2025-46737 Origin Validation Error
SEL-5037 Grid Configurator contains an overly permissive Cross Origin Resource Sharing CORS configuration for a data gateway service in the application. This gateway service includes an API which is not properly configured to reject requests from unexpected sources...
Exploit for Generation of Error Message Containing Sensitive Information in Ollama
Ollama File Existence Disclosure Vulnerability CVE-2024-39719...
Fedora 40 : php (2024-2b429e720e)
The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-2b429e720e advisory. PHP version 8.3.12 26 Sep 2024 CGI: Fixed bug GHSA-p99j-rfp4-xqvq Bypass of CVE-2024-4577, Parameter Injection Vulnerability. CVE-2024-8926 nielsdos...
Red Discord Bot Security Vulnerability
Red Discord Bot is a modular bot written in Python by an individual developer. The bot software can be configured to perform different functions based on different modules. A security vulnerability exists in Red Discord Bot versions prior to 3.5.10, which stems from an error in the core API that...
PT-2024-5352 · Argo Cd · Argo Cd
Name of the Vulnerable Software and Affected Versions: Argo CD versions prior to 2.11.3 Argo CD versions prior to 2.10.12 Argo CD versions prior to 2.9.17 Description: Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. It’s possible for authenticated users to enumerate...
CVE-2024-32046
Mattermost versions 9.6.x = 9.6.0, 9.5.x = 9.5.2, 9.4.x = 9.4.4 and 8.1.x = 8.1.11 fail to remove detailed error messages in API requests even if the developer mode is off which allows an attacker to get information about the server such as the full path were files are stored...
Malicious code in wm-lib-api-error-handler (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 9c48e2ab0480956dd0db4c0bc2e946be8a52112fb31f959900edb9a914f02367 The OpenSSF Package Analysis project identified 'wm-lib-api-error-handler' @ 1.0.2 npm as malicious. It is considered malicious because: - The...
Information Disclosure
github.com/argoproj/argo-cd is vulnerable to Information Disclosure. The vulnerability is due to a bug that allows unauthorized users to enumerate application names by inspecting API error messages, which can then be used as a starting point for another attack...
CVE-2022-41354
An information disclosure flaw was found in Argo CD. This issue may allow unauthorized users to enumerate application names by inspecting API error messages and could use the discovered application names as the starting point of another attack. For example, the attacker might use their knowledge ...
CVE-2022-23730
The public API error causes for the attacker to be able to bypass API access control...
CVE-2022-23730
The public API error causes for the attacker to be able to bypass API access control...
OctoPrint Cross-Site Request Vulnerability
OctoPrint is an application. Provides a fast web interface for controlling consumer 3D printers. A cross-site request vulnerability existed prior to OctoPrint version 1.6.0. The vulnerability originated in the program because an API error message included the value of an input parameter. No...