120 matches found
CVE-2026-53906
MCO is vulnerable to Path Disclosure and Path Traversal in file handling functionality related to data export and upload. Improper validation of the filename parameter allows writing files to arbitrary locations as well as indirect disclosure of absolute server paths through error messages. Becau...
PT-2026-54832
Name of the Vulnerable Software and Affected Versions MCO version 25.3.3.1 Description The software contains flaws in file handling functionality used for data export and upload. Improper validation of the filename parameter enables path traversal, allowing files to be written to arbitrary...
Astra Linux – Vulnerability in exim4
In Exim before 4.99.2, when utf8 operators are enabled, there is a vulnerability where an out-of-bounds read can occur if large UTF-8 trailing characters are present malformed UTF-8 header data. Information may be disclosed within an error message generated during the processing of an unrelated...
EUVD-2026-38115
Capgo before 12.128.2 contains a server-side request forgery vulnerability in webhook URL validation that allows loopback and internal addresses. Organization admins can configure webhooks pointing to localhost or 127.0.0.1, and when triggered, the backend performs outbound requests to these...
CVE-2026-56227 Capgo - Server-Side Request Forgery via Webhook URL Validation
Capgo before 12.128.2 contains a server-side request forgery vulnerability in webhook URL validation that allows loopback and internal addresses. Organization admins can configure webhooks pointing to localhost or 127.0.0.1, and when triggered, the backend performs outbound requests to these...
CVE-2026-56227
Capgo before 12.128.2 is affected by a server-side request forgery (SSRF) in webhook URL validation. The flaw permits configuring webhooks to loopback or internal addresses (e.g., localhost/127.0.0.1). When triggered, the backend makes outbound requests to those addresses, and error responses are...
PT-2026-51147
Name of the Vulnerable Software and Affected Versions Capgo versions prior to 12.128.2 Description Insufficient webhook URL validation allows for Server-Side Request Forgery SSRF, a flaw where a server is tricked into making requests to an unintended location. Organization admins can configure...
Omni: Operator can traverse image-factory API paths via unsanitized `talos_version` in CreateSchematic
Summary managementServer.CreateSchematic internal/backend/grpc/schematics.go passes the caller-controlled TalosVersion field directly to imageFactoryClient.OverlaysVersions, which embeds it verbatim into a fmt.Sprintf"/version/%s/overlays/official", talosVersion path template. url.URL.JoinPath...
CVE-2026-44651
SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to 1.18.0, when fetchurl throws, the code sends: res.status500.send'Error occurred while trying to proxy to:...
CVE-2026-45728
Algernon is a small self-contained pure-Go web server. Prior to 1.17.7, when Algernon is invoked with a single file path instead of a directory, singleFileMode is set to true and debugMode is forcibly enabled. debugMode activates the PrettyError renderer, which on any Lua or template error respon...
PT-2026-41970
Name of the Vulnerable Software and Affected Versions Algernon versions prior to 1.17.7 Description When Algernon is started with a single file path instead of a directory, the singleFileMode is enabled, which forcibly activates debugMode. This configuration enables the PrettyError renderer, whic...
CVE-2026-42873
WeGIA is a web manager for charitable institutions. In versions prior to 3.6.10, uploading a file with malicious content via funcionarios/docdependente_upload.php returns an overly descriptive error message, causing information disclosure and expanding the attack surface. The vulnerability is fix...
PT-2026-39737
WeGIA is a web manager for charitable institutions. In versions prior to 3.6.10, when attempting to upload a file with malicious content to funcionario/docdependente upload.php, the application responds with an overly descriptive error message. This leads to information disclosure, effectively...
Cisco Identity Services Engine Authentication Bypass Vulnerabilities
Multiple vulnerabilities in Cisco Identity Services Engine ISE could allow a remote attacker to bypass authorization mechanisms or examine error messages to gain access to sensitive information on an affected device. For more information about these vulnerabilities, see the Details "details"...
CVE-2026-2484 IBM InfoSphere Information Server Information Disclosure
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is affected by an information exposure vulnerability caused by overly verbose error messages...
CVE-2025-13726 IBM Sterling Partner Engagement Manager Information Disclosure
IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 could allow a remote attacker to obtain sensitive information when detailed technical error messages are returned. This information could be used in further attacks against the system...
IBM Sterling Partner Engagement Manager 安全漏洞
IBM Sterling Partner Engagement Manager is an automated management tool provided by IBM Corporation. Versions of IBM Sterling Partner Engagement Manager prior to 6.2.3.5 and 6.2.4.2 contain security vulnerabilities. These vulnerabilities stem from the possibility of leaking sensitive information...
CVE-2025-69208
free5GC UDR is the user data repository UDR for free5GC, an an open-source project for 5th generation 5G mobile core networks. Versions prior to 1.4.1 contain an Improper Error Handling vulnerability with Information Exposure. All deployments of free5GC using the NnefPfdManagement service may be...
CVE-2026-27642
free5gc UDM provides Unified Data Management UDM for free5GC, an open-source project for 5th generation 5G mobile core networks. In versions up to and including 1.4.1, remote attackers can inject control characters e.g., %00 into the supi parameter, triggering internal URL parsing errors net/url:...
free5GC 输入验证错误漏洞
free5GC is an open-source project for the 5th generation 5G mobile core network. Versions of free5GC such as 1.4.1 and earlier contained a vulnerability related to input validation errors. This vulnerability stemmed from the ability to inject control characters in the supi parameter, which could...