CVE-2026-8993 Improper URL Handler Processing in D.Launcher 2 enables NTLM Credential Disclosure and SSRF attacks

D.Launcher 2 component of Slovak eID client ecosystem contains Improper URL Handler Processing vulnerability. Application registers multiple custom URL handlers that could be exploited to initiate full NTLM autentication or SMB connection to attacker infrastructure and to conduct SSRF Server Side...

GHSA-CP79-9MWR-WR49 Ech0: Missing authorization on dashboard log endpoints allows low-privilege users to access sensitive system logs

Summary Ech0 allows any authenticated user to read historical system logs and subscribe to live log streams because the dashboard log endpoints validate only that a JWT is present and valid, but do not require an administrator role or privileged scope. Impact Any valid user session can access GET...

CVE-2022-38652

A remote insecure deserialization vulnerability exixsts in VMWare Hyperic Agent 5.8.6. Exploitation of this vulnerability enables a malicious authenticated user to run arbitrary code or malware within a Hyperic Agent instance and its host operating system with the privileges of the Hyperic Agent...

CVE-2024-58320

Summary: CVE-2024-58320 concerns an information disclosure in Kentico Xperience that lets public users access sensitive administration interface hostname details during authentication via a publicly accessible endpoint. Affected products/area: Kentico Xperience components exposing the authenticat...

CVE-2024-58320 Kentico Xperience <= 13.0.159 Authentication Information Disclosure

An information disclosure vulnerability in Kentico Xperience allows public users to access sensitive administration interface hostname details during authentication. Attackers can retrieve confidential hostname configuration information through a public endpoint, potentially exposing internal...

CVE-2024-58320 Kentico Xperience <= 13.0.159 Authentication Information Disclosure

An information disclosure vulnerability in Kentico Xperience allows public users to access sensitive administration interface hostname details during authentication. Attackers can retrieve confidential hostname configuration information through a public endpoint, potentially exposing internal...

CVE-2025-62168 Squid vulnerable to information disclosure via authentication credential leakage in error handling

Squid is a caching proxy for the Web. In Squid versions prior to 7.2, a failure to redact HTTP authentication credentials in error handling allows information disclosure. The vulnerability allows a script to bypass browser security protections and learn the credentials a trusted client uses to...

CVE-2023-27357

NETGEAR RAX30 GetInfo Missing Authentication Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of NETGEAR RAX30 routers. Authentication is not required to exploit this vulnerability. The specific...

CVE-2023-39466 Triangle MicroWorks SCADA Data Gateway get_config Missing Authentication Information Disclosure Vulnerability

Triangle MicroWorks SCADA Data Gateway getconfig Missing Authentication Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Triangle MicroWorks SCADA Data Gateway. Authentication is not required to exploit...

D-Link DAP-1325 安全漏洞

The D-Link DAP-1325 is a wireless access point/bridge from China's AUO D-Link that is primarily used to provide wireless network coverage and has a bridging function that can convert a wired network to a wireless network or connect two wireless networks together. A security vulnerability exists i...

Username Enumeration

IceWhaleTech/CasaOS-UserService is vulnerable to username enumeration. The vulnerability is due to improper error handling on the login page, which discloses whether a username exists based on the application's response to authentication attempts...

Microsoft PowerShell Information Disclosure Vulnerability (Dec 2023) - Linux

This host is missing an important security update for PowerShell Core according to Microsoft security advisory CVE-2023-36013. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

Microsoft PowerShell Information Disclosure Vulnerability (Dec 2023) - Linux

This host is missing an important security update for PowerShell Core according to Microsoft security advisory CVE-2023-36013. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

PT-2023-5269 · Php +10 · Php +10

Name of the Vulnerable Software and Affected Versions: PHP versions 8.0. through 8.0.28 PHP versions 8.1. through 8.1.19 PHP versions 8.2. through 8.2.6 Description: The issue is related to the use of a random value generator with a narrower range of values than it should have when using SOAP HTT...

CVE-2022-38652

A remote insecure deserialization vulnerability exixsts in VMWare Hyperic Agent 5.8.6. Exploitation of this vulnerability enables a malicious authenticated user to run arbitrary code or malware within a Hyperic Agent instance and its host operating system with the privileges of the Hyperic Agent...

Deserialization of untrusted data

UNSUPPORTED WHEN ASSIGNED A remote insecure deserialization vulnerability exixsts in VMWare Hyperic Agent 5.8.6. Exploitation of this vulnerability enables a malicious authenticated user to run arbitrary code or malware within a Hyperic Agent instance and its host operating system with the...

CVE-2022-38652

A remote insecure deserialization vulnerability exixsts in VMWare Hyperic Agent 5.8.6. Exploitation of this vulnerability enables a malicious authenticated user to run arbitrary code or malware within a Hyperic Agent instance and its host operating system with the privileges of the Hyperic Agent...

CVE-2022-26913 Windows Authentication Information Disclosure Vulnerability

...

Thirdparty site authorization header leak

Description mechanize library is used to manipulate the URL of web pages and crawl the contents of web pages. mechanize does not filter the request header after redirecting. It will also transfer the authentication and cookie request header of the first request to the service after redirecting,...

Mageia: Security Advisory (MGASA-2015-0282)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...