62 matches found
PT-2025-27013 · Unknown · Infinispan Cli
Name of the Vulnerable Software and Affected Versions: Infinispan CLI affected versions not specified Description: A flaw was found in Infinispan CLI where a sensitive password, decoded from a Base64-encoded Kubernetes secret, is processed in plaintext. This password is included in a command stri...
CVE-2023-45137
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. org.xwiki.platform:xwiki-platform-web starting in version 3.1-milestone-2 and prior to version 13.4-rc-1, as well as org.xwiki.platform:xwiki-platform-web-templates prior to versions 14.10.12...
CVE-2022-4770
Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.0 and 9.3.0.2, including 8.3.x display the full parametrized SQL query in an error message when an invalid character is used within a Pentaho Report .prpt...
CVE-2025-0049 Disclosure of sensitive information in an error message in GoAnywhere prior to version 7.8.0
When a Web User without Create permission on subfolders attempts to upload a file to a non-existent directory, the error message includes the absolute server path which may allow Fuzzing for application mapping. This issue affects GoAnywhere: before 7.8.0...
CVE-2025-32238
Technical specifics for CVE-2025-32238 (vcita WordPress plugin) are not provided in the connected documents. Public details about affected versions, impact, vectors, or fixes are not available here; monitor for updates from the vendor/security sources.
CVE-2025-32238 WordPress Online Booking & Scheduling Calendar for WordPress by vcita plugin <= 4.5.5 - Sensitive Data Exposure vulnerability
Generation of Error Message Containing Sensitive Information vulnerability in vcita Online Booking & Scheduling Calendar for WordPress by vcita meeting-scheduler-by-vcita allows Retrieve Embedded Sensitive Data.This issue affects Online Booking & Scheduling Calendar for WordPress by vcita: from n...
CVE-2025-2239 Absolute Path Disclosure Vulnerability in Hillstone Next Generation FireWall
Generation of Error Message Containing Sensitive Information vulnerability in Hillstone Networks Hillstone Next Generation FireWall.This issue affects Hillstone Next Generation FireWall: from 5.5R8P1 before 5.5R8P23...
CVE-2025-2239
Summary: CVE-2025-2239 is a vulnerability in Hillstone Networks’ Next Generation Firewall. The issue is described as the “generation of an error message containing sensitive information,” affecting Hillstone Next Generation Firewall versions from 5.5R8P1 up to, but not including, 5.5R8P23. The co...
CVE-2025-0513
CVE-2025-0513 affects Octopus Server; root cause is unsafe handling of error page messages. If an attacker can influence any part of an error message, they may embed code, potentially affecting the user viewing the error. Documents provide CVSS v3.1 (Base 5.4, Network, Low privileges, User intera...
CVE-2024-45658
IBM Security Verify Access Appliance and Container 10.0.0 through 10.0.8 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system...
Security Bulletin: IBM MQ Console is affected by a password disclosure vulnerability (CVE-2024-52896)
Summary IBM MQ has addressed a password disclosure vulnerability in the IBM MQ Console. Vulnerability Details CVEID:CVE-2024-52896 DESCRIPTION: IBM MQ web console could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned. CWE:CWE-209:...
Security Bulletin: IBM MQ Console is affected by a password disclosure vulnerability (CVE-2024-52897)
Summary IBM MQ has addressed a password disclosure vulnerability in the IBM MQ Console. Vulnerability Details CVEID:CVE-2024-52897 DESCRIPTION: IBM MQ web console could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned. CWE:CWE-209:...
CVE-2024-11625
Information Exposure Through an Error Message vulnerability in Progress Software Corporation Sitefinity.This issue affects Sitefinity: from 4.0 through 14.4.8142, from 15.0.8200 through 15.0.8229, from 15.1.8300 through 15.1.8327, from 15.2.8400 through 15.2.8421...
CVE-2024-51460
IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information when a detailed technical error message is returned in a stack trace. This information could be used in further attacks against the system...
Cross-Site Scripting (XSS)
@sveltejs/kit is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper handling of user-controlled input in the error message. Specifically, the placeholders in error.html are replaced with content without escaping, which can allow malicious content to be injected and...
PT-2023-6025 · Jenkins · Jenkins Fortify Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Fortify Plugin versions 22.1.38 and earlier Description: The issue is related to the failure to protect the web page structure, allowing a remote attacker to perform an HTML injection. This occurs because the error message for a form...
IBM Maximo Asset Management Information Disclosure Vulnerability (CNVD-2023-37167)
IBM Maximo Asset Management is a comprehensive asset lifecycle and maintenance management solution from International Business Machines IBM. The solution is capable of managing all types of assets, such as facilities, transportation, etc., on a single platform with a single point of control for...
CVE-2023-25695 Information disclosure in Apache Airflow
Generation of Error Message Containing Sensitive Information vulnerability in Apache Software Foundation Apache Airflow.This issue affects Apache Airflow: before 2.5.2...
SUSE CVE-2010-1104
Cross-site scripting XSS vulnerability in Zope 2.8.x before 2.8.12, 2.9.x before 2.9.12, 2.10.x before 2.10.11, 2.11.x before 2.11.6, and 2.12.x before 2.12.3 allows remote attackers to inject arbitrary web script or HTML via vectors related to error messages...
Arbitrary Code Execution
tt-rss is vulnerable to arbitrary code execution. The vulnerability exists as plugins/afproxyhttp/init.php mishandles the $REQUEST"url" in an error message...