CVE-2024-28765

IBM SDI 7.2.0.0 through 7.2.0.14 and IBM Security Directory Integrator 10.0.0.0 through 10.0.0.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system...

EUVD-2024-55599

IBM SDI 7.2.0.0 through 7.2.0.14 and IBM Security Directory Integrator 10.0.0.0 through 10.0.0.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system...

CVE-2024-28765

IBM Security Directory Integrator (SDI) and Security Director/Directory Integrator components are affected: SDI 7.2.0.0–7.2.0.14 and IBM Security Directory Integrator 10.0.0.0–10.0.0.2 could allow a remote attacker to obtain sensitive information via a detailed error message returned in the brows...

CVE-2024-28765 Security vulnerability was found in IBM Security Directory Integrator

IBM SDI 7.2.0.0 through 7.2.0.14 and IBM Security Directory Integrator 10.0.0.0 through 10.0.0.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system...

IBM Security Directory Integrator 安全漏洞

IBM Security Directory Integrator is an integrated development environment and runtime service provided by the American multinational company International Business Machines IBM. Vulnerabilities exist in versions 7.2.0.0.0 to 7.2.0.14.0.0.0, as well as in versions 10.0.0.0.0 to 10.0.0.2.0.0.0, du...

CVE-2026-42873

WeGIA is a web manager for charitable institutions. In versions prior to 3.6.10, when attempting to upload a file with malicious content to funcionario/docdependenteupload.php, the application responds with an overly descriptive error message. This leads to information disclosure, effectively...

CVE-2026-42871

The CVE concerns WeGIA, a web manager for charitable institutions. In versions prior to 3.7.0, the script atendido/familiar_docfamiliar.php reveals an overly descriptive error message that includes database-related details. This information disclosure can help an attacker map the backend infrastr...

WeGIA 信息泄露漏洞

WeGIA is a network manager for welfare institutions developed by Nilson Lazarin as an individual project. Versions of WeGIA prior to 3.6.10 contained a vulnerability related to information leakage. This vulnerability stemmed from the return of overly detailed error messages during file uploads,...

WeGIA 信息泄露漏洞

WeGIA is a network manager for a welfare organization developed by Nilson Lazarin. Versions of WeGIA prior to 3.7.0 contained an information leakage vulnerability. This vulnerability stemmed from the overly detailed error messages displayed by atendido/familiardocfamiliar.php, which could lead to...

Important: Red Hat Security Advisory: A Subscription Management tool for finding and reporting Red Hat product usage

A Subscription Management tool for finding and reporting Red Hat product usage Red Hat Discovery, also known as Discovery, is an inspection and reporting tool that finds, identifies, and reports environment data, or facts, such as the number of physical and virtual systems on a network, their...

Astra Linux - уязвимость в linux-6.1, linux-5.15, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: Wifi: brcm80211: fmac: Added error handling for brcmfusbdlwriteimage. The function brcmfusbdlwriteimage calls the function brcmfusbdlcmd, but does not check its return value. The ‘state.state’ and ‘state.bytes’ are uninitialized ...

Astra Linux - уязвимость в packagekit

PackageKit provided detailed error messages to unprivileged callers who were exposed to information about the presence of files and their mimetypes. This information was difficult for those callers to determine on their own...

EUVD-2026-26070

A vulnerability affecting the detailed versions of Cryptobox allows a legitimate user to prevent another to login by triggering an account lockout via sending a specially crafted request...

[SECURITY] Fedora 44 Update: sudo-1.9.17-8.p2.fc44

Sudo superuser do allows a system administrator to give certain users or groups of users the ability to run some or all commands as root while logging all commands and arguments. Sudo operates on a per-command basis. It is not a replacement for the shell. Features include: the ability to restrict...

Exploit for Command Injection in Paloaltonetworks Pan-Os

CVE-2024-3400 Author: wa6n3r | GitHubhttps://github...

CVE-2026-6492

The CVE-2026-6492 entry concerns arnobt78 Hotel Booking Management System (up to f8922d0e0f6ac1cc761974c7616f44c2bbc04bea). The vulnerable element is an unknown function within the /api/health/detailed Health Check Endpoint. Manipulation of this endpoint leads to information disclosure. Remote ex...

IBM InfoSphere Information Server Information Disclosure Vulnerability (CNVD-2026-16131)

IBM InfoSphere Information Server is IBM's data integration platform for integrating, cleansing, transforming and managing enterprise data. An information disclosure vulnerability exists in IBM InfoSphere Information Server that stems from the system returning overly detailed error messages. An...

SUSE CVE-2026-33167

Action Pack is a Rubygem for building web applications on the Rails framework. In versions on the 8.1 branch prior to 8.1.2.1, the debug exceptions page does not properly escape exception messages. A carefully crafted exception message could inject arbitrary HTML and JavaScript into the page,...

IBM InfoSphere Information Server 安全漏洞

IBM InfoSphere Information Server is IBM's data integration platform for integrating, cleansing, transforming and managing enterprise data. An information disclosure vulnerability exists in IBM InfoSphere Information Server that stems from the system returning overly detailed error messages. An...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in debug exceptions, which use ERB escaping. An attacker can execute JavaScript in the context of the affected application by triggering a malicious exception message that is rendered bypassing the intended...