Information Exposure

Overview github.com/canonical/lxd is an a modern, secure and powerful system container and virtual machine manager. Affected versions of this package are vulnerable to Information Exposure via differing HTTP status code responses in the images endpoint's AllowUntrusted API. An attacker can...

CVE-2025-54291

Information disclosure in images API in Canonical LXD before 6.5 and 5.21.4 on all platforms allows unauthenticated remote attackers to determine project existence via differing HTTP status code responses...

CVE-2025-54291

Information disclosure in images API in Canonical LXD before 6.5 and 5.21.4 on all platforms allows unauthenticated remote attackers to determine project existence via differing HTTP status code responses...

CVE-2025-54291

The CVE affects Canonical LXD, specifically the images API (LXD 1.0/images) where unauthenticated requests can reveal project existence by returning 404 for existing projects and 403 for non-existent ones. Root cause: error handling in the imagesGet path exposes project existence via HTTP status ...

CVE-2024-55017

Account Takeover in Corezoid 6.6.0 in the OAuth2 implementation via an open redirect in the redirecturi parameter allows attackers to intercept authorization codes and gain unauthorized access to victim accounts...

CVE-2024-55017

Account Takeover in Corezoid 6.6.0 in the OAuth2 implementation via an open redirect in the redirecturi parameter allows attackers to intercept authorization codes and gain unauthorized access to victim accounts...

Details of a Scam

Longtime Crypto-Gram readers know that I collect personal experiences of people being scammed. Here's an almost: Then he added, "Here at Chase, we'll never ask for your personal information or passwords." On the contrary, he gave me more information--two "cancellation codes" and a long case numbe...

CVE-2024-55017

Account Takeover in Corezoid 6.6.0 in the OAuth2 implementation via an open redirect in the redirecturi parameter allows attackers to intercept authorization codes and gain unauthorized access to victim accounts...

CVE-2024-55017

CVE-2024-55017 concerns Corezoid 6.6.0. The vulnerability arises in the OAuth2 flow via an open redirect in the redirect_uri parameter, enabling an attacker to intercept authorization codes and gain unauthorized access to victim accounts. Documents consistently describe an account takeover risk d...

CVE-2024-55017

Account Takeover in Corezoid 6.6.0 in the OAuth2 implementation via an open redirect in the redirecturi parameter allows attackers to intercept authorization codes and gain unauthorized access to victim accounts...

PT-2025-40019

Name of the Vulnerable Software and Affected Versions Corezoid version 6.6.0 Description An issue exists in the OAuth2 implementation of Corezoid that allows for account takeover. The vulnerability is due to an open redirect within the redirect uri parameter. This allows attackers to intercept...

CVE-2025-58385

In DOXENSE WATCHDOC before 6.1.0.5094, private user puk codes can be disclosed for Active Directory registered users there is hard-coded and predictable data...

CVE-2025-58385

In DOXENSE WATCHDOC before 6.1.0.5094, private user puk codes can be disclosed for Active Directory registered users there is hard-coded and predictable data...

CVE-2025-58385

In DOXENSE WATCHDOC before 6.1.0.5094, private user puk codes can be disclosed for Active Directory registered users there is hard-coded and predictable data...

PT-2025-39651

Name of the Vulnerable Software and Affected Versions DOXENSE WATCHDOC versions prior to 6.1.0.5094 Description The software contains a flaw where private user PUK codes can be disclosed for Active Directory registered users due to hard-coded and predictable data. Recommendations Update to versio...

CVE-2025-58385

CVE-2025-58385 affects DOXENSE WATCHDOC versions before 6.1.0.5094. The flaw enables disclosure of private user PUK codes for Active Directory–registered users due to hard-coded and predictable data. Impact is a high-severity leakage of sensitive credentials (data disclosure; local impact per CVS...

CVE-2025-58385

In DOXENSE WATCHDOC before 6.1.0.5094, private user puk codes can be disclosed for Active Directory registered users there is hard-coded and predictable data...

CVE-2025-58385

In DOXENSE WATCHDOC before 6.1.0.5094, private user puk codes can be disclosed for Active Directory registered users there is hard-coded and predictable data...

DRUPAL-CONTRIB-2025-108

This module enables users to sign in with an access code instead of entering user names and passwords. When users are allowed to pick their own access codes, they can guess other users' access codes based on the fact that access codes need to be unique and the system warns if the code of their...

Access code - Moderately critical - Access bypass - SA-CONTRIB-2025-108

This module enables users to sign in with an access code instead of entering user names and passwords. When users are allowed to pick their own access codes, they can guess other users' access codes based on the fact that access codes need to be unique and the system warns if the code of their...