Squid Proxy - HTTP Authentication Credentials Disclosure

Squid versions prior to 7.2 fail to redact HTTP authentication credentials in error page responses. The Authorization header value is embedded in plain text inside the mailto: diagnostic block when Squid generates an error page e.g. ERRDNSFAIL. id: CVE-2025-62168 info: name: Squid Proxy - HTTP...

Cross-Site Scripting (XSS)

Drupal Ignition Error Pages is vulnerable to Cross-Site Scripting XSS.The vulnerability is due to improper neutralization of user-controlled input during web page generation, which allows an attacker to inject and execute malicious scripts in a user's browser through crafted input...

CVE-2026-41181

Traefik is an HTTP reverse proxy and load balancer. Prior to 2.11.44, 3.6.15, and 3.7.0-rc.3, there is an information disclosure vulnerability in Traefik's errors custom error pages middleware. When the backend returns a response matching the configured status range, the middleware forwards the...

CVE-2026-49191

The production build of the M3WebServer hard-codes its backend API keys, which can be easily intercepted through verbose error handling pages...

CVE-2026-49191

The production build of the M3WebServer hard-codes its backend API keys, which can be easily intercepted through verbose error handling pages...

CVE-2026-49191

The CVE-2026-49191 entry concerns the production build of the M3WebServer where backend API keys are hard-coded and can be intercepted via verbose error handling pages. According to the provided data, this results in a high-impact exposure affecting confidentiality, integrity, and availability (C...

CVE-2026-49191 Exposed Hard-coded M3WebServer Backend API Key

The production build of the M3WebServer hard-codes its backend API keys, which can be easily intercepted through verbose error handling pages...

CVE-2026-49191 Exposed Hard-coded M3WebServer Backend API Key

The production build of the M3WebServer hard-codes its backend API keys, which can be easily intercepted through verbose error handling pages...

EUVD-2026-34210

The production build of the M3WebServer hard-codes its backend API keys, which can be easily intercepted through verbose error handling pages...

CVE-2026-49191

The production build of the M3WebServer hard-codes its backend API keys, which can be easily intercepted through verbose error handling pages...

Acer M6E 安全漏洞

The Acer M6E is a portable 5G mobile hotspot device from Acer, a company based in Taiwan, China. The Acer M6E has a security vulnerability. This vulnerability stems from the hardcoded backend API keys generated by the M3WebServer, which can be easily intercepted through detailed error handling...

PT-2026-46149

The production build of the M3WebServer hard-codes its backend API keys, which can be easily intercepted through verbose error handling pages...

CVE-2026-3495

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13 fail to escape some variables that could contain malicious content during error page composition which allows an attacker with access to edit some site configuration to execute some malicious code via injecting some JS as part of those...

CVE-2026-3495

CVE-2026-3495 affects Mattermost versions 11.5.x up to 11.5.1 and 10.11.x up to 10.11.13. The root cause is failure to escape certain variables during error page composition, enabling an attacker with access to edit site configuration to inject JavaScript and execute malicious code. The connected...

EUVD-2026-30742

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13 fail to escape some variables that could contain malicious content during error page composition which allows an attacker with access to edit some site configuration to execute some malicious code via injecting some JS as part of those...

CVE-2026-3495 Unescaped variables during error page composition

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13 fail to escape some variables that could contain malicious content during error page composition which allows an attacker with access to edit some site configuration to execute some malicious code via injecting some JS as part of those...

Mattermost 跨站脚本漏洞

Mattermost is an open-source collaboration platform developed by the American company Mattermost. Versions of Mattermost such as 11.5.1 and earlier 11.5.x series as well as 10.11.13 and earlier 10.11.x series have a cross-site scripting vulnerability. This vulnerability arises from variables that...

SUSE CVE-2026-41181

Traefik is an HTTP reverse proxy and load balancer. Prior to 2.11.44, 3.6.15, and 3.7.0-rc.3, there is an information disclosure vulnerability in Traefik's errors custom error pages middleware. When the backend returns a response matching the configured status range, the middleware forwards the...

EUVD-2026-30557

Traefik is an HTTP reverse proxy and load balancer. Prior to 2.11.44, 3.6.15, and 3.7.0-rc.3, there is an information disclosure vulnerability in Traefik's errors custom error pages middleware. When the backend returns a response matching the configured status range, the middleware forwards the...

Astra Linux – Vulnerability in Firefox and Thunderbird

If a PAC URL was set, and the server hosting the PAC was unreachable, OCSP requests would be blocked, resulting in incorrect error pages being displayed. This vulnerability affects Firefox 102, Firefox ESR 91.11, Thunderbird 102, and Thunderbird 91.11...