Lucene search
+L

62 matches found

Positive Technologies
Positive Technologies
added 2025/06/26 12:0 a.m.9 views

PT-2025-27013 · Unknown · Infinispan Cli

Name of the Vulnerable Software and Affected Versions: Infinispan CLI affected versions not specified Description: A flaw was found in Infinispan CLI where a sensitive password, decoded from a Base64-encoded Kubernetes secret, is processed in plaintext. This password is included in a command stri...

6.2CVSS7AI score0.00141EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2025/05/23 3:37 a.m.10 views

CVE-2023-45137

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. org.xwiki.platform:xwiki-platform-web starting in version 3.1-milestone-2 and prior to version 13.4-rc-1, as well as org.xwiki.platform:xwiki-platform-web-templates prior to versions 14.10.12...

9CVSS6.6AI score0.00623EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:23 a.m.14 views

CVE-2022-4770

Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.0 and 9.3.0.2, including 8.3.x display the full parametrized SQL query in an error message when an invalid character is used within a Pentaho Report .prpt...

4.3CVSS7.4AI score0.00435EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/04/28 8:55 p.m.16 views

CVE-2025-0049 Disclosure of sensitive information in an error message in GoAnywhere prior to version 7.8.0

When a Web User without Create permission on subfolders attempts to upload a file to a non-existent directory, the error message includes the absolute server path which may allow Fuzzing for application mapping. This issue affects GoAnywhere: before 7.8.0...

3.5CVSS4.1AI score0.00213EPSS
Exploits0References1
CVE
CVE
added 2025/04/04 3:59 p.m.70 views

CVE-2025-32238

Technical specifics for CVE-2025-32238 (vcita WordPress plugin) are not provided in the connected documents. Public details about affected versions, impact, vectors, or fixes are not available here; monitor for updates from the vendor/security sources.

4.3CVSS7.2AI score0.00475EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/04/04 3:59 p.m.19 views

CVE-2025-32238 WordPress Online Booking & Scheduling Calendar for WordPress by vcita plugin <= 4.5.5 - Sensitive Data Exposure vulnerability

Generation of Error Message Containing Sensitive Information vulnerability in vcita Online Booking & Scheduling Calendar for WordPress by vcita meeting-scheduler-by-vcita allows Retrieve Embedded Sensitive Data.This issue affects Online Booking & Scheduling Calendar for WordPress by vcita: from n...

4.3CVSS0.00475EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/03/12 9:53 a.m.7 views

CVE-2025-2239 Absolute Path Disclosure Vulnerability in Hillstone Next Generation FireWall

Generation of Error Message Containing Sensitive Information vulnerability in Hillstone Networks Hillstone Next Generation FireWall.This issue affects Hillstone Next Generation FireWall: from 5.5R8P1 before 5.5R8P23...

5.3CVSS5.4AI score0.00338EPSS
Exploits0References1
CVE
CVE
added 2025/03/12 9:53 a.m.54 views

CVE-2025-2239

Summary: CVE-2025-2239 is a vulnerability in Hillstone Networks’ Next Generation Firewall. The issue is described as the “generation of an error message containing sensitive information,” affecting Hillstone Next Generation Firewall versions from 5.5R8P1 up to, but not including, 5.5R8P23. The co...

5.3CVSS5.4AI score0.00338EPSS
Exploits0References1
CVE
CVE
added 2025/02/11 10:27 a.m.73 views

CVE-2025-0513

CVE-2025-0513 affects Octopus Server; root cause is unsafe handling of error page messages. If an attacker can influence any part of an error message, they may embed code, potentially affecting the user viewing the error. Documents provide CVSS v3.1 (Base 5.4, Network, Low privileges, User intera...

5.4CVSS6.8AI score0.00234EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/02/08 4:37 a.m.8 views

CVE-2024-45658

IBM Security Verify Access Appliance and Container 10.0.0 through 10.0.8 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system...

2.7CVSS3.2AI score0.00415EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/28 10:8 p.m.21 views

Security Bulletin: IBM MQ Console is affected by a password disclosure vulnerability (CVE-2024-52896)

Summary IBM MQ has addressed a password disclosure vulnerability in the IBM MQ Console. Vulnerability Details CVEID:CVE-2024-52896 DESCRIPTION: IBM MQ web console could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned. CWE:CWE-209:...

6.2CVSS6.3AI score0.00275EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/28 10:8 p.m.20 views

Security Bulletin: IBM MQ Console is affected by a password disclosure vulnerability (CVE-2024-52897)

Summary IBM MQ has addressed a password disclosure vulnerability in the IBM MQ Console. Vulnerability Details CVEID:CVE-2024-52897 DESCRIPTION: IBM MQ web console could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned. CWE:CWE-209:...

6.2CVSS6.3AI score0.00209EPSS
Exploits0Affected Software1
Cvelist
Cvelist
added 2025/01/07 7:48 a.m.19 views

CVE-2024-11625

Information Exposure Through an Error Message vulnerability in Progress Software Corporation Sitefinity.This issue affects Sitefinity: from 4.0 through 14.4.8142, from 15.0.8200 through 15.0.8229, from 15.1.8300 through 15.1.8327, from 15.2.8400 through 15.2.8421...

7.7CVSS0.0029EPSS
Exploits0References2
NVD
NVD
added 2024/12/11 1:15 p.m.23 views

CVE-2024-51460

IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information when a detailed technical error message is returned in a stack trace. This information could be used in further attacks against the system...

4.3CVSS0.00293EPSS
Exploits0References1
Veracode
Veracode
added 2024/12/02 10:36 a.m.15 views

Cross-Site Scripting (XSS)

@sveltejs/kit is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper handling of user-controlled input in the error message. Specifically, the placeholders in error.html are replaced with content without escaping, which can allow malicious content to be injected and...

5.4CVSS6.2AI score0.0047EPSS
Exploits1References5Affected Software1
Positive Technologies
Positive Technologies
added 2023/08/21 12:0 a.m.4 views

PT-2023-6025 · Jenkins · Jenkins Fortify Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Fortify Plugin versions 22.1.38 and earlier Description: The issue is related to the failure to protect the web page structure, allowing a remote attacker to perform an HTML injection. This occurs because the error message for a form...

6.4CVSS6.5AI score0.00411EPSS
Exploits0References9
CNVD
CNVD
added 2023/05/05 12:0 a.m.6 views

IBM Maximo Asset Management Information Disclosure Vulnerability (CNVD-2023-37167)

IBM Maximo Asset Management is a comprehensive asset lifecycle and maintenance management solution from International Business Machines IBM. The solution is capable of managing all types of assets, such as facilities, transportation, etc., on a single platform with a single point of control for...

5.3CVSS5.9AI score0.00527EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/03/15 9:37 a.m.6 views

CVE-2023-25695 Information disclosure in Apache Airflow

Generation of Error Message Containing Sensitive Information vulnerability in Apache Software Foundation Apache Airflow.This issue affects Apache Airflow: before 2.5.2...

6.8AI score0.01382EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2023/02/15 6:0 a.m.3 views

SUSE CVE-2010-1104

Cross-site scripting XSS vulnerability in Zope 2.8.x before 2.8.12, 2.9.x before 2.9.12, 2.10.x before 2.10.11, 2.11.x before 2.11.6, and 2.12.x before 2.12.3 allows remote attackers to inject arbitrary web script or HTML via vectors related to error messages...

4.3CVSS5.9AI score0.0195EPSS
Exploits0References4
Veracode
Veracode
added 2021/02/10 9:19 a.m.17 views

Arbitrary Code Execution

tt-rss is vulnerable to arbitrary code execution. The vulnerability exists as plugins/afproxyhttp/init.php mishandles the $REQUEST"url" in an error message...

8.1CVSS3.7AI score0.01193EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder