107 matches found
OwnCloud - Phpinfo Configuration
An issue was discovered in ownCloud owncloud/graphapi 0.2.x before 0.2.1 and 0.3.x before 0.3.1. The graphapi app relies on a third-party GetPhpInfo.php library that provides a URL. When this URL is accessed, it reveals the configuration details of the PHP environment phpinfo. This information...
CVE-2025-62308
HCL AION is affected by a vulnerability where sensitive backend infrastructure details may be exposed. Exposure of such information could reveal internal system architecture or configuration details, which may potentially assist in further analysis or targeted actions under certain conditions...
EUVD-2025-209849
HCL AION is affected by a vulnerability where sensitive backend infrastructure details may be exposed. Exposure of such information could reveal internal system architecture or configuration details, which may potentially assist in further analysis or targeted actions under certain conditions...
PT-2026-40951
HCL AION is affected by a vulnerability where sensitive backend infrastructure details may be exposed. Exposure of such information could reveal internal system architecture or configuration details, which may potentially assist in further analysis or targeted actions under certain conditions...
CVE-2026-42519
A flaw was found in Jenkins Script Security Plugin. An attacker with Overall/Read permission can exploit a missing permission check to enumerate pending and approved Script Security classpaths. This information disclosure vulnerability allows unauthorized access to sensitive configuration details...
CVE-2026-35185
HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to 25.0.0, the /server-status endpoint is publicly accessible and exposes sensitive information including authentication tokens usertoken, user activity, client IP addresses, and server configuration details. This allows a...
EUVD-2026-19469
HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to 25.0.0, the /server-status endpoint is publicly accessible and exposes sensitive information including authentication tokens usertoken, user activity, client IP addresses, and server configuration details. This allows a...
PT-2026-30720
HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to 25.0.0, the /server-status endpoint is publicly accessible and exposes sensitive information including authentication tokens user token, user activity, client IP addresses, and server configuration details. This allows...
CVE-2026-1694
PcVue v12.0.0–v16.3.3 web services (WebVue, WebScheduler, TouchVue, SnapVue) are affected by default HTTP header configuration that reveals server details. The root cause is that IIS/ASP.NET adds headers which are not removed during deployment. This exposes sensitive server configuration informat...
Grav server-side template injection vulnerability (CNVD-2025-30342)
Grav is an extensible CMS Content Management System for personal blogs, small content publishing platforms and one-page product presentations. Grav suffers from a server-side template injection vulnerability that can be exploited by an attacker to cause disclosure of the entire Grav configuration...
GHSA-8535-HVM8-2HMV Grav is vulnerable to Server-Side Template Injection (SSTI) via Forms
Summary Having a simple form on site can reveal the whole Grav configuration details including plugin configuration details by using the correct POST payload. Sensitive information may be contained in the configuration details. PoC Create a simple form with two fields, 'registration-number' and...
CVE-2025-66298 Grav is vulnerable to Server-Side Template Injection (SSTI) via Forms
Grav is a file-based Web platform. Prior to 1.8.0-beta.27, having a simple form on site can reveal the whole Grav configuration details including plugin configuration details by using the correct POST payload to exploit a Server-Side Template SST vulnerability. Sensitive information may be...
CVE-2025-66298 Grav is vulnerable to Server-Side Template Injection (SSTI) via Forms
Grav is a file-based Web platform. Prior to 1.8.0-beta.27, having a simple form on site can reveal the whole Grav configuration details including plugin configuration details by using the correct POST payload to exploit a Server-Side Template SST vulnerability. Sensitive information may be...
CVE-2025-66298
Grav is a file-based CMS affected by a server‑side template injection (SSTI) via forms. A crafted POST can disclose the entire Grav configuration, including plugin settings, exposing sensitive information. This vulnerability exists in Grav prior to 1.8.0-beta.27 and is fixed in 1.8.0-beta.27. Rem...
PT-2025-48557
Name of the Vulnerable Software and Affected Versions Grav versions prior to 1.8.0-beta.27 Description Grav is a file-based Web platform susceptible to a Server-Side Template SST issue. A simple form on a site can expose the entire Grav configuration, including plugin configurations, through a...
EUVD-2025-199001
Shenzhen TVT Digital Technology Co., Ltd. NVMS-9000 firmware used by many white-labeled DVR/NVR/IPC products versions prior to 1.3.4 contain an authentication bypass in the NVMS-9000 control protocol. By sending a single crafted TCP payload to an exposed NVMS-9000 control port, an unauthenticated...
CVE-2025-12461
This vulnerability allows an attacker to access parts of the application that are not protected by any type of access control. The attacker could access this path ‘…/epsilonnet/License/About.aspx’ and obtain information on both the licence and the configuration of the product by knowing which...
CVE-2025-12461
CVE-2025-12461 affects Grupo Castilla Epsilon RH. The issue allows an attacker to access the unprotected path …/epsilonnet/License/About.aspx and disclose license details and product configuration, including installed modules. The root cause is lack of access control on that path. Impact is infor...
EUVD-2025-36637
This vulnerability allows an attacker to access parts of the application that are not protected by any type of access control. The attacker could access this path ‘…/epsilonnet/License/About.aspx’ and obtain information on both the licence and the configuration of the product by knowing which...
XML Injection
io.minio:minio is vulnerable to XML Injection. The vulnerability is due to automatic substitution of XML tag values containing system property or environment variable references during processing, which allows an attacker to craft malicious XML input that exposes sensitive information such as...