Lucene search
K

109 matches found

Nuclei
Nuclei
added 18 hours ago235 views

OwnCloud - Phpinfo Configuration

An issue was discovered in ownCloud owncloud/graphapi 0.2.x before 0.2.1 and 0.3.x before 0.3.1. The graphapi app relies on a third-party GetPhpInfo.php library that provides a URL. When this URL is accessed, it reveals the configuration details of the PHP environment phpinfo. This information...

10CVSS7.3AI score0.78428EPSS
Exploits5References6
EUVD
EUVD
added 2026/06/23 12:13 p.m.8 views

EUVD-2026-38438

Capgo before 12.128.2 contains an information disclosure vulnerability in the unauthenticated /updates endpoint that resolves the defaultChannel parameter before enforcing privacy restrictions, allowing attackers to enumerate private channels and leak version/config state. Unauthenticated attacke...

8.7CVSS5.9AI score0.00334EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/23 12:13 p.m.5 views

CVE-2026-56322

Capgo before 12.128.2 contains an information disclosure vulnerability in the unauthenticated /updates endpoint that resolves the defaultChannel parameter before enforcing privacy restrictions, allowing attackers to enumerate private channels and leak version/config state. Unauthenticated attacke...

8.7CVSS5.9AI score0.00334EPSS
Exploits0References3
NVD
NVD
added 2026/05/14 5:16 p.m.14 views

CVE-2025-62308

HCL AION is affected by a vulnerability where sensitive backend infrastructure details may be exposed. Exposure of such information could reveal internal system architecture or configuration details, which may potentially assist in further analysis or targeted actions under certain conditions...

5.1CVSS0.00109EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/14 4:12 p.m.11 views

EUVD-2025-209849

HCL AION is affected by a vulnerability where sensitive backend infrastructure details may be exposed. Exposure of such information could reveal internal system architecture or configuration details, which may potentially assist in further analysis or targeted actions under certain conditions...

5.1CVSS5.8AI score0.00109EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.14 views

PT-2026-40951

HCL AION is affected by a vulnerability where sensitive backend infrastructure details may be exposed. Exposure of such information could reveal internal system architecture or configuration details, which may potentially assist in further analysis or targeted actions under certain conditions...

5.1CVSS5.8AI score0.00109EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/05/04 9:9 a.m.8 views

CVE-2026-42519

A flaw was found in Jenkins Script Security Plugin. An attacker with Overall/Read permission can exploit a missing permission check to enumerate pending and approved Script Security classpaths. This information disclosure vulnerability allows unauthorized access to sensitive configuration details...

6.5CVSS5.6AI score0.00174EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/04/06 7:24 p.m.3 views

CVE-2026-35185

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to 25.0.0, the /server-status endpoint is publicly accessible and exposes sensitive information including authentication tokens usertoken, user activity, client IP addresses, and server configuration details. This allows a...

8.7CVSS5.9AI score0.00355EPSS
Exploits1References2Affected Software1
EUVD
EUVD
added 2026/04/06 7:24 p.m.9 views

EUVD-2026-19469

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to 25.0.0, the /server-status endpoint is publicly accessible and exposes sensitive information including authentication tokens usertoken, user activity, client IP addresses, and server configuration details. This allows a...

8.7CVSS5.9AI score0.00355EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/04/06 12:0 a.m.9 views

PT-2026-30720

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to 25.0.0, the /server-status endpoint is publicly accessible and exposes sensitive information including authentication tokens user token, user activity, client IP addresses, and server configuration details. This allows...

8.7CVSS5.9AI score0.00355EPSS
Exploits1References2
CVE
CVE
added 2026/02/26 7:56 a.m.18 views

CVE-2026-1694

PcVue is affected by CVE-2026-1694 in versions 12.0.0–16.3.3, where the default IIS/ASP.NET configuration adds HTTP headers that are not removed during deployment, potentially exposing server configuration details. The vulnerability is a server-information disclosure due to exposed HTTP headers a...

4.3CVSS5.3AI score0.00168EPSS
Exploits0References1Affected Software1
CNVD
CNVD
added 2025/12/03 12:0 a.m.6 views

Grav server-side template injection vulnerability (CNVD-2025-30342)

Grav is an extensible CMS Content Management System for personal blogs, small content publishing platforms and one-page product presentations. Grav suffers from a server-side template injection vulnerability that can be exploited by an attacker to cause disclosure of the entire Grav configuration...

8.7CVSS7.2AI score0.00331EPSS
Exploits1References1
OSV
OSV
added 2025/12/02 1:25 a.m.4 views

GHSA-8535-HVM8-2HMV Grav is vulnerable to Server-Side Template Injection (SSTI) via Forms

Summary Having a simple form on site can reveal the whole Grav configuration details including plugin configuration details by using the correct POST payload. Sensitive information may be contained in the configuration details. PoC Create a simple form with two fields, 'registration-number' and...

8.7CVSS6.5AI score0.00331EPSS
Exploits1References4
Cvelist
Cvelist
added 2025/12/01 9:10 p.m.4 views

CVE-2025-66298 Grav is vulnerable to Server-Side Template Injection (SSTI) via Forms

Grav is a file-based Web platform. Prior to 1.8.0-beta.27, having a simple form on site can reveal the whole Grav configuration details including plugin configuration details by using the correct POST payload to exploit a Server-Side Template SST vulnerability. Sensitive information may be...

8.7CVSS0.00331EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/12/01 9:10 p.m.2 views

CVE-2025-66298 Grav is vulnerable to Server-Side Template Injection (SSTI) via Forms

Grav is a file-based Web platform. Prior to 1.8.0-beta.27, having a simple form on site can reveal the whole Grav configuration details including plugin configuration details by using the correct POST payload to exploit a Server-Side Template SST vulnerability. Sensitive information may be...

8.7CVSS6AI score0.00331EPSS
Exploits1References2
CVE
CVE
added 2025/12/01 9:10 p.m.13 views

CVE-2025-66298

Grav is a file-based CMS affected by a server‑side template injection (SSTI) via forms. A crafted POST can disclose the entire Grav configuration, including plugin settings, exposing sensitive information. This vulnerability exists in Grav prior to 1.8.0-beta.27 and is fixed in 1.8.0-beta.27. Rem...

8.7CVSS6.1AI score0.00331EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2025/12/01 12:0 a.m.5 views

PT-2025-48557

Name of the Vulnerable Software and Affected Versions Grav versions prior to 1.8.0-beta.27 Description Grav is a file-based Web platform susceptible to a Server-Side Template SST issue. A simple form on a site can expose the entire Grav configuration, including plugin configurations, through a...

8.7CVSS6.2AI score0.00331EPSS
Exploits1References9
EUVD
EUVD
added 2025/11/24 9:31 p.m.6 views

EUVD-2025-199001

Shenzhen TVT Digital Technology Co., Ltd. NVMS-9000 firmware used by many white-labeled DVR/NVR/IPC products versions prior to 1.3.4 contain an authentication bypass in the NVMS-9000 control protocol. By sending a single crafted TCP payload to an exposed NVMS-9000 control port, an unauthenticated...

8.7CVSS6.7AI score0.00769EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2025/10/30 11:9 a.m.4 views

CVE-2025-12461

This vulnerability allows an attacker to access parts of the application that are not protected by any type of access control. The attacker could access this path ‘…/epsilonnet/License/About.aspx’ and obtain information on both the licence and the configuration of the product by knowing which...

6.9CVSS6.6AI score0.00278EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/29 10:51 a.m.4 views

EUVD-2025-36637

This vulnerability allows an attacker to access parts of the application that are not protected by any type of access control. The attacker could access this path ‘…/epsilonnet/License/About.aspx’ and obtain information on both the licence and the configuration of the product by knowing which...

6.9CVSS6.1AI score0.00278EPSS
Exploits0References2
Rows per page
Query Builder