8416 matches found
SMTP WP Plugin Directory Listing
The WordPress Easy WP SMTP Plugin has its log folder remotely accessible and its content available for access. id: CVE-2020-35234 info: name: SMTP WP Plugin Directory Listing author: PR3R00T severity: high description: The WordPress Easy WP SMTP Plugin has its log folder remotely accessible and i...
ReadToMyShoe - Generation of Error Message Containing Sensitive Information
ReadToMyShoe generates an error message containing sensitive information prior to commit 8533b01. If an error occurs when adding an article, the website shows the user an error message. If the error originates from the Google Cloud TTS request, it will include the full URL of the request, which...
W3 Total Cache < 2.8.2 - Log File Exposure
The plugin is vulnerable to Information Exposure through the publicly exposed debug log file. This makes it possible for unauthenticated attackers to view potentially sensitive information in the exposed log file. For example, the log file may contain nonce values that can be used in further CSRF...
Dgraph <= 25.3.2 - Admin Token Disclosure
Dgraph = 25.3.2 contains an information disclosure caused by unauthenticated access to the /debug/vars endpoint , which publishes the cmdline variable including the --security token= flag, letting unauthenticated remote attackers retrieve the admin token and access admin-only endpoints, exploit...
Debug Endpoint pprof - Exposure Detection
The debugging endpoint /debug/pprof is exposed over the unauthenticated Kubelet healthz port. This debugging endpoint can potentially leak sensitive information such as internal Kubelet memory addresses and configuration, or for limited denial of service. Versions prior to 1.15.0, 1.14.4, 1.13.8,...
CommScope Ruckus IoT Controller - Information Disclosure
CommScope Ruckus IoT Controller is susceptible to information disclosure vulnerabilities because a 'service details' API endpoint discloses system and configuration information to an attacker without requiring authentication. This information includes DNS and NTP servers that the devices use for...
Squid Proxy - HTTP Authentication Credentials Disclosure
Squid versions prior to 7.2 fail to redact HTTP authentication credentials in error page responses. The Authorization header value is embedded in plain text inside the mailto: diagnostic block when Squid generates an error page e.g. ERRDNSFAIL. id: CVE-2025-62168 info: name: Squid Proxy - HTTP...
FTP Fetch, Generic x86 Debug Trap
Fetch and execute an x86 payload from an FTP server. Generate a debug trap in the target process Module Options msf use payload/cmd/windows/ftp/x86/generic/debugtrap msf payloaddebugtrap show actions ...actions... msf payloaddebugtrap set ACTION msf payloaddebugtrap show options ...show and set...
CVE-2026-58378
Allwinner H616 TV Box TV98 has ADB enabled and exposed to the network on production. An attacker could request for ADB authorization and gain root level privileges if the victim allows access...
CVE-2026-58378
CVE-2026-58378 affects the Allwinner H616 TV Box TV98 where ADB is enabled and exposed on production to the network. The vulnerability can allow an attacker to request ADB authorization and obtain root privileges if the user authorizes access. Public metrics show a high severity (CVSS v3.1/4.0 ba...
EUVD-2026-42661
Allwinner H616 TV Box TV98 has ADB enabled and exposed to the network on production. An attacker could request for ADB authorization and gain root level privileges if the victim allows access...
CVE-2026-59947
Composer is a dependency Manager for the PHP language. Prior to 2.2.29 and 2.10.2, when Composer is run with -vvv debug verbosity, it could print a credential embedded in the username slot of a repository or package URL, such as a GitHub Personal Access Token in https://TOKEN@host/, to debug outp...
CVE-2026-59947
Composer is a dependency Manager for the PHP language. Prior to 2.2.29 and 2.10.2, when Composer is run with -vvv debug verbosity, it could print a credential embedded in the username slot of a repository or package URL, such as a GitHub Personal Access Token in https://TOKEN@host/, to debug outp...
CVE-2026-59947
Composer is affected: prior to versions 2.2.29 and 2.10.2, running with -vvv could leak credentials embedded in the username slot of a repository or package URL (e.g., https://TOKEN@host/) to debug logs because AuthHelper, Url::sanitize, and ProcessExecutor did not sanitize username-only URL cred...
CVE-2026-36027
CVE-2026-36027 concerns Code27 Companion Hub SQ3A.220705.003.A1. The issue, described across the provided sources, allows a physically proximate attacker to execute arbitrary code via the USB debugging (ADB) / Android Debug Bridge components. The CVSS metrics indicate a physical attack vector wit...
CVE-2026-36027
An issue in Code27 Companion Hub SQ3A.220705.003.A1 allows a physically proximate attacker to execute arbitrary code via the USB debugging ADB and Android Debug Bridge components...
CVE-2026-44934
A information disclosure when DEBUG loglevel is set in SUSE Rancher AI Agent 1.0 before 1.0.2 could leak API keys or LLM response text with potential sensitive data into logfiles, allowing local attackers to misuse respective gained data or credentials...
CVE-2026-44934 Exposed tokens in SUSE Rancher AI Agent logs
A information disclosure when DEBUG loglevel is set in SUSE Rancher AI Agent 1.0 before 1.0.2 could leak API keys or LLM response text with potential sensitive data into logfiles, allowing local attackers to misuse respective gained data or credentials...
EUVD-2026-41858
A information disclosure when DEBUG loglevel is set in SUSE Rancher AI Agent 1.0 before 1.0.2 could leak API keys or LLM response text with potential sensitive data into logfiles, allowing local attackers to misuse respective gained data or credentials...
CVE-2026-44934
SUSE Rancher AI Agent 1.0 before 1.0.2 contains an information disclosure when DEBUG loglevel is enabled, leaking API keys and LLM response text into logfiles. The issue affects local users with HIGH privileges and local attack vector; confidentiality and subsequent confidentiality are HIGH, whil...