PT-2026-45212

Name of the Vulnerable Software and Affected Versions Sereal::Decoder versions prior to 5.005 Description An issue exists where crafted input can lead to a heap out-of-bounds read. In the file Perl/Decoder/srl decoder.c, the functions srl read object and srl read hash process a COPY tag, which is...

CVE-2026-34216

CtrlPanel is open-source billing software for hosting providers. In versions 1.1.1 and prior, the admin settings update endpoint accepted a fully qualified class name directly from user-supplied request input and used it for dynamic static method calls and object instantiation without any allowli...

CVE-2026-2752

Navtor NavBox allows information disclosure via the /api/ais-data endpoint. A remote, unauthenticated attacker can send crafted requests to trigger an unhandled exception, causing the server to return verbose .NET stack traces. These error messages expose internal class names, method calls, and...

CVE-2026-2752

Navtor NavBox allows information disclosure via the /api/ais-data endpoint. A remote, unauthenticated attacker can send crafted requests to trigger an unhandled exception, causing the server to return verbose .NET stack traces. These error messages expose internal class names, method calls, and...

CVE-2026-2752

Navtor NavBox allows information disclosure via the /api/ais-data endpoint. A remote, unauthenticated attacker can send crafted requests to trigger an unhandled exception, causing the server to return verbose .NET stack traces. These error messages expose internal class names, method calls, and...

CVE-2025-58581

When an error occurs in the application a full stacktrace is provided to the user. The stacktrace lists class and method names as well as other internal information. An attacker can thus obtain information about the technology used and the structure of the application...

CVE-2025-58589

When an error occurs in the application a full stacktrace is provided to the user. The stacktrace lists class and method names as well as other internal information. An attacker thus receives information about the technology used and the structure of the application...

CVE-2025-58589 Information Disclosure Through Stacktrace

When an error occurs in the application a full stacktrace is provided to the user. The stacktrace lists class and method names as well as other internal information. An attacker thus receives information about the technology used and the structure of the application...

CVE-2025-58589 Information Disclosure Through Stacktrace

When an error occurs in the application a full stacktrace is provided to the user. The stacktrace lists class and method names as well as other internal information. An attacker thus receives information about the technology used and the structure of the application...

EUVD-2025-32506

When an error occurs in the application a full stacktrace is provided to the user. The stacktrace lists class and method names as well as other internal information. An attacker thus receives information about the technology used and the structure of the application...

CVE-2025-58581

Summary: CVE-2025-58581 describes an information disclosure in SICK Enterprise Analytics (and SICK Logistic Analytics) where, on application errors, a full stack trace is exposed to users, revealing internal class/method names and application structure. This directly informs attackers about the t...

EUVD-2025-32498

When an error occurs in the application a full stacktrace is provided to the user. The stacktrace lists class and method names as well as other internal information. An attacker can thus obtain information about the technology used and the structure of the application...

PT-2025-40868

Name of the Vulnerable Software and Affected Versions Application affected versions not specified Description The application reveals full stacktraces to users when errors occur. These stacktraces contain internal details like class and method names, potentially exposing technology and applicatio...

PT-2025-40861

Name of the Vulnerable Software and Affected Versions The product name cannot be determined. affected versions not specified Description The application reveals full stacktraces when errors occur. These stacktraces contain internal details like class and method names, potentially exposing...

EUVD-2023-0762

Malicious code in bioql PyPI...

Jenkins JUnit Plugin 1166.va_436e268e972 and earlier does not escape test case class names in JavaScript expressions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control test case class names in the JUnit resources processed by the plugin.

...

Mojolicious 安全漏洞

Mojolicious is Mojolicious open source Perl-based real-time web framework. A security vulnerability exists in Mojolicious 9.39 and earlier versions, which stems from the use of hard-coded strings or application class names as HMAC session keys, which could lead to session forgery...

CVE-2025-27826

An XSS issue was discovered in the Bootstrap Lite theme before 1.x-1.4.5 for Backdrop CMS. It doesn't sufficiently sanitize certain class names...

CVE-2025-27826

An XSS issue was discovered in the Bootstrap Lite theme before 1.x-1.4.5 for Backdrop CMS. It doesn't sufficiently sanitize certain class names...

CVE-2025-27826

CVE-2025-27826 affects Backdrop CMS via the Bootstrap Lite theme (before 1.x-1.4.5). The underlying issue is insufficient sanitization of certain class names, enabling cross-site scripting (XSS). The citation shows a CVSS v3.1 base score of 6.4 (Medium) with network attack vector and low privileg...