CVE-2026-42459

CVE-2026-42459 documents an improper input validation flaw in free5GC UDM: the SDM (nudm-sdm) service does not validate the SUPI parameter in six GET handlers, allowing an unauthenticated attacker to inject control characters into SUPI. This can cause UDM to forward a malformed URL to UDR and ret...

GHSA-686C-7VGV-V3FX Coder: Unauthenticated SSRF via Azure Instance Identity Endpoint

Summary Unauthenticated semi-blind Server-Side Request Forgery SSRF via the Azure instance identity endpoint POST /api/v2/workspaceagents/azure-instance-identity. An external attacker can force the Coder server to issue HTTP GET requests to arbitrary internal or external hosts by submitting a...

CVE-2026-43266

The CVE-2026-43266 issue affects the Linux kernel’s ARM CPER/APEI handling: a CPER record with an oversized section_length can cause the kernel to read beyond the intended firmware buffer, leading to a large data dump and potential memory access issues. The fix adds a guard so the kernel stops at...

EUVD-2026-19744

OpenViking versions prior to 0.3.3 contain a missing authorization vulnerability in the task polling endpoints that allows unauthorized attackers to enumerate or retrieve background task metadata created by other users. Attackers can access the /api/v1/tasks and /api/v1/tasks/taskid routes withou...

Insertion of Sensitive Information Into Sent Data

Overview openssl-encrypt is an A package for secure file encryption and decryption based on modern ciphers using heavy-compute-load chaining of hashing and KDF to generate strong encryption password based on users provided password to ensure secure encryption of files Affected versions of this...

CVE-2026-27643 free5GC has improper error handling in NEF with information exposure

free5GC UDR is the user data repository UDR for free5GC, an an open-source project for 5th generation 5G mobile core networks. In versions up to and including 1.4.1, the NEF component reliably leaks internal parsing error details e.g., invalid character 'n' after top-level value to remote clients...

CVE-2025-40034 PCI/AER: Avoid NULL pointer dereference in aer_ratelimit()

In the Linux kernel, the following vulnerability has been resolved: PCI/AER: Avoid NULL pointer dereference in aerratelimit When platform firmware supplies error information to the OS, e.g., via the ACPI APEI GHES mechanism, it may identify an error source device that doesn't advertise an AER...

EUVD-2012-6437

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2011-3727

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - DokuWiki 2009-12-25c allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an erro...

CVE-2025-38195

In the Linux kernel, the following vulnerability has been resolved: LoongArch: Fix panic caused by NULL-PMD in hugepteoffset ERROR INFO: CPU 25 Unable to handle kernel paging request at virtual address 0x0 ... Call Trace: hugepteoffset+0x3c/0x58 hugetlbfollowpagemask+0x74/0x438...

CVE-2025-38195

CVE-2025-38195 concerns the Linux kernel LoongArch code, where a NULL-PMD handling path in huge_pte_offset() could trigger a kernel-panic when processing huge pages, as shown by the error trace and mitigation notes. The issue affects the kernel’s page fault / madvise pathways, with a local attack...

CVE-2023-41113

An issue was discovered in EnterpriseDB Postgres Advanced Server EPAS before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It allows an authenticated user to to obtain information about whether certain files exist on disk, what errors if any occ...

CVE-2025-0279

CVE-2025-0279 affects HCL Traveler. Public sources describe a vulnerability where error messages reveal detailed internal information (paths, file names, tokens, credentials, error codes, stack traces), which could aid an attacker in understanding system architecture and planning targeted attacks...

CVE-2024-51560

This vulnerability exists in the Wave 2.0 due to improper exception handling for invalid inputs at certain API endpoint. An authenticated remote attacker could exploit this vulnerability by providing invalid inputs for “userId” parameter in the API request leading to generation of error message...

CVE-2024-31844

An issue was discovered in Italtel Embrace 1.6.4. The server does not properly handle application errors. In some cases, this leads to a disclosure of information about the server. An unauthenticated user is able craft specific requests in order to make the application generate an error. Inside a...

CVE-2023-38898

CVE-2023-38898 involves CPython’s asyncio._swap_current_task in Python 3.7 and could allow an attacker to obtain sensitive information. The vendor disputes that 3.7 (or any release) is affected and notes no common exploit scenarios; multiple OSV entries and vendor advisories corroborate the claim...

CVE-2023-20609

In ccu, there is a possible out of bounds read due to a logic error. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07570864; Issue ID: ALPS07570864...

PT-2022-20901 · Rdiffweb · Rdiffweb

Name of the Vulnerable Software and Affected Versions: rdiffweb versions prior to 2.4.2 Description: The issue concerns a missing custom error page in the GitHub repository ikus060/rdiffweb. This results in the leakage of error information. The problem is resolved in version 2.4.2. Recommendation...

CVE-2021-31674

Cyclos 4 PRO 4.14.7 and before does not validate user input at error inform, which allows remote unauthenticated attacker to execute javascript code via undefine enum constant...

Server side request forgery (ssrf)

Databasir is a team-oriented relational database model document management platform. Databasir 1.01 has Server-Side Request Forgery vulnerability. During the download verification process of a JDBC driver the corresponding JDBC driver download address will be downloaded first, but this address wi...