19 matches found
EUVD-2020-8009
Malware in sbrugna...
Nginx 0.7.22 - 1.29.0 Information Disclosure Vulnerability
Nginx is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:nginx:nginx";...
CVE-2025-53498
Insufficient Logging vulnerability in Wikimedia Foundation Mediawiki - AbuseFilter Extension allows Data Leakage Attacks.This issue affects Mediawiki - AbuseFilter Extension: from 1.43.X before 1.43.2...
CVE-2025-53498
CVE-2025-53498 affects Wikimedia Foundation MediaWiki - AbuseFilter Extension. Affected: AbuseFilter extension versions 1.43.X before 1.43.2. Root cause: insufficient logging/audit trails potentially enabling data leakage (data leakage attacks). Impact: confidential data could be exposed due to l...
The vulnerability of the Segnetics SMConfig system configuration tool lies in the lack of protection for transmitted data, which allows attackers to disclose the protected information.
The vulnerability of the Segnetics SMConfig system configuration tool is related to the lack of protection for transmitted data. Exploiting this vulnerability allows a malicious actor to disclose sensitive information by reading the HTTP cookie header...
AlmaLinux 8 : mod_auth_openidc:2.3 (ALSA-2025:3997)
The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2025:3997 advisory. modauthopenidc: modauthopenidc allows OIDCProviderAuthRequestMethod POSTs to leak protected data CVE-2025-31492 Tenable has extracted the preceding description blo...
org.xwiki.platform:xwiki-platform-notifications-ui leaks data of notification filters of users
Impact It's possible to get access to notification filters of any user by using a URL such as xwiki/bin/get/XWiki/Notifications/Code/NotificationFilterPreferenceLivetableResults?outputSyntax=plain&type=custom&user=. This vulnerability impacts all versions of XWiki since 13.2-rc-1. The filters do...
GHSA-QWVP-268G-JJM8 Data Leakage Vulnerability in livewire/livewire
livewire/livewire versions greater than 2.2.4 and less than 2.2.6 are affected by a data leakage vulnerability. The $this-validate method, which is expected to return only the validated dataset, was returning all properties of the Livewire component. This regression introduced a security risk,...
Hathway Router CM5100 Cross-Site Scripting Vulnerability
Hathway Router is a router from Hathway India. The Hathway Router CM5100 suffers from a cross-site scripting vulnerability that stems from multiple vulnerabilities in the router, which could allow a remote attacker to perform a stored cross-site scripting XSS attack, obtain sensitive information,...
CVE-2023-44127
he vulnerability is that the Call management "com.android.server.telecom" app patched by LG launches implicit intents that disclose sensitive data to all third-party apps installed on the same device. Those intents include data such as contact details and phone numbers...
Information Disclosure Vulnerability in Zijin Bridge Monitoring Configuration Software (CNVD-2020-59819)
Zijinqiao monitoring and configuration software is a professional Zijinqiao monitoring and configuration software, which adopts C/S architecture and has database processing technology and graphic system. There is an information leakage vulnerability in Zijinqiao Monitoring and Control Software. A...
GDPR.EU has er… a data leakage issue
GDPR.EU is an advice site ‘operated by Proton Technologies AG, co-funded by … the EU Horizon Framework’. It’s full of useful advice for organisations that need to comply with GDPR. Whilst it isn’t an official EU Commission site, it is partly funded by the EU. You may also be familiar with Proton...
CVE-2020-1861
CloudEngine 12800 with versions of V200R001C00SPC600,V200R001C00SPC700,V200R002C01,V200R002C50SPC800,V200R002C50SPC800PWE,V200R003C00SPC810,V200R003C00SPC810PWE,V200R005C00SPC600,V200R005C00SPC800,V200R005C00SPC800PWE,V200R005C10,V200R005C10SPC300 have an information leakage vulnerability in some...
Google Chrome Cross-Origin Data Leakage Vulnerability
Chrome is a web browsing tool developed by Google. A cross-origin data leakage vulnerability exists in Google Chrome versions prior to 72.0.3626.81. The vulnerability stems from an improper implementation of JavaScript in Chrome. A remote attacker can exploit the vulnerability to leak cross-origi...
CVE-2019-10763
pimcore/pimcore before 6.3.0 is vulnerable to SQL Injection. An attacker with limited privileges classes permission can achieve a SQL injection that can lead in data leakage. The vulnerability can be exploited via 'id', 'storeId', 'pageSize' and 'tables' parameters, using a payload for trigger a...
CVE-2017-15517
AltaVault OST Plug-in versions prior to 1.2.2 may allow attackers to obtain sensitive information via unspecified vectors. All users are urged to move to a fixed version and change passwords used by Veritas NetBackup to access the OST shares on the NetApp AltaVault as a precaution...
Fedora 12 : mediawiki-1.15.3-53.fc12 (2010-6335)
This is a security and bugfix release of MediaWiki 1.15.3. Three security issues are fixed in this update: A CSS validation issue was discovered which allows editors to display external images in wiki pages. A data leakage vulnerability was discovered in thumb.php which affects wikis which restri...
openSUSE Security Update : mediawiki (openSUSE-SU-2010:0154-1)
MediaWiki was prone to a CSS validation flaw and data leakage vulnerability CVE-2010-1189, CVE-2010-1190. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update mediawiki-2356. The text description o...
HP-UX Security patch : PHNE_28535
The remote host is missing HP-UX Security Patch number PHNE28535 . SSRT3451 Potential Security Vulnerability in HP-UX network drivers Data Leakage rev. 01 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. if ! definedfunc"bnrandom" exit0; include'deprecatednasllevel.inc'; include'compat.inc';...