Lucene search
K

2719 matches found

Cvelist
Cvelist
added 2026/03/24 7:48 p.m.21 views

CVE-2026-21783 HCL Traveler is affected by sensitive information disclosure

HCL Traveler is affected by sensitive information disclosure. The application generates some error messages that provide detailed information about errors and failures, such as internal paths, file names, sensitive tokens, credentials, error codes, or stack traces. Attackers could exploit this...

4.3CVSS0.00278EPSS
Exploits0References1
CVE
CVE
added 2026/03/24 7:48 p.m.19 views

CVE-2026-21783

CVE-2026-21783 affects HCL Traveler. The issue is sensitive information disclosure via error messages that reveal details such as internal paths, file names, tokens/credentials, error codes, or stack traces. This could give attackers insights into system architecture and potentially enable target...

4.3CVSS5.8AI score0.00278EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/24 12:0 a.m.7 views

PT-2026-27497

HCL Traveler is affected by sensitive information disclosure. The application generates some error messages that provide detailed information about errors and failures, such as internal paths, file names, sensitive tokens, credentials, error codes, or stack traces. Attackers could exploit this...

4.3CVSS5.8AI score0.00278EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/24 12:0 a.m.13 views

HCL Traveler 安全漏洞

HCL Traveler is a software developed by the Indian company HCL. It enables automatic, bidirectional, and wireless synchronization between HCL Domino servers and wireless handheld devices. HCL Traveler has a security vulnerability that stems from the leakage of sensitive information due to incorre...

4.3CVSS5.8AI score0.00278EPSS
Exploits0References1
OSV
OSV
added 2026/03/23 12:30 p.m.14 views

GHSA-RHGQ-F8X5-J2JC Keycloak's identity-first login flow exposes user information

A flaw was found in Keycloak. A remote attacker can exploit differential error messages during the identity-first login flow when Organizations are enabled. This vulnerability allows an attacker to determine the existence of users, leading to information disclosure through user enumeration...

3.7CVSS5.3AI score0.00318EPSS
Exploits1References8
Snyk
Snyk
added 2026/03/23 12:30 p.m.2 views

Information Exposure

Overview org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to Information Exposure in the identity-first login flow when Organizations are enabled. An attacker can obtain...

6.3CVSS5.3AI score0.00318EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/03/23 10:53 a.m.26 views

CVE-2026-4633 Keycloak: keycloak: user enumeration via differential error messages

A flaw was found in Keycloak. A remote attacker can exploit differential error messages during the identity-first login flow when Organizations are enabled. This vulnerability allows an attacker to determine the existence of users, leading to information disclosure through user enumeration...

3.7CVSS0.00318EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/03/23 10:53 a.m.2 views

CVE-2026-4633 Keycloak: keycloak: user enumeration via differential error messages

A flaw was found in Keycloak. A remote attacker can exploit differential error messages during the identity-first login flow when Organizations are enabled. This vulnerability allows an attacker to determine the existence of users, leading to information disclosure through user enumeration...

3.7CVSS5.8AI score0.00318EPSS
Exploits1References2
CVE
CVE
added 2026/03/23 10:53 a.m.23 views

CVE-2026-4633

CVE-2026-4633 affects Keycloak and is triggered in the identity-first login flow when Organizations are enabled. The issue arises from differential error messages that enable an attacker to determine whether a user exists, leading to information disclosure through user enumeration . The documente...

3.7CVSS5.8AI score0.00318EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/23 12:0 a.m.5 views

PT-2026-27107

Name of the Vulnerable Software and Affected Versions Keycloak affected versions not specified Description A flaw exists in Keycloak that allows a remote attacker to determine the existence of users, resulting in information disclosure through user enumeration. This occurs due to differential err...

3.7CVSS5.8AI score0.00318EPSS
Exploits1References13
OSV
OSV
added 2026/03/16 8:40 p.m.2 views

GHSA-XWCJ-HWHF-H378 OpenClaw Telegram media fetch errors exposed bot tokens in logged file URLs

Summary openclaw versions /..., so the resulting error strings could leak bot tokens into logs, console output, or any downstream error surface that rendered the exception text. This issue is in scope under OpenClaw's trust model because the leaked secret is an OpenClaw-operated integration...

6.9CVSS5.9AI score0.00418EPSS
Exploits0References3
OSV
OSV
added 2026/03/16 3:30 p.m.2 views

GHSA-5MR9-CRCG-8WH2 Mattermost fails to use consistent error responses when handling the /mute command

Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 fail to use consistent error responses when handling the /mute command which allows an authenticated team member to enumerate private channels they are not authorized to know about via differing error messages for nonexisten...

4.3CVSS5.8AI score0.00184EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/03/16 2:51 p.m.7 views

CVE-2026-21386 Private channel enumeration via /mute slash command

Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 fail to use consistent error responses when handling the /mute command which allows an authenticated team member to enumerate private channels they are not authorized to know about via differing error messages for nonexisten...

4.3CVSS5.8AI score0.00184EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/16 2:51 p.m.21 views

CVE-2026-21386 Private channel enumeration via /mute slash command

Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 fail to use consistent error responses when handling the /mute command which allows an authenticated team member to enumerate private channels they are not authorized to know about via differing error messages for nonexisten...

4.3CVSS0.00184EPSS
Exploits0References1
CVE
CVE
added 2026/03/16 2:51 p.m.15 views

CVE-2026-21386

CVE-2026-21386 (Mattermost): The Mattermost server variants 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, and 10.11.x

4.3CVSS5.8AI score0.00184EPSS
Exploits0References1Affected Software1
CISA KEV Catalog
CISA KEV Catalog
added 2026/03/16 12:0 a.m.10 views

Wing FTP Server Information Disclosure Vulnerability

Wing FTP Server contains a generation of error message containing sensitive information vulnerability when using a long value in the UID cookie...

4.3CVSS7.3AI score0.56366EPSS
In wildExploits24
EUVD
EUVD
added 2026/03/13 9:31 p.m.3 views

EUVD-2025-208651

IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 could allow a remote attacker to obtain sensitive information when detailed technical error messages are returned. This information could be used in further attacks against the system...

5.3CVSS5.8AI score0.00327EPSS
Exploits0References2
NVD
NVD
added 2026/03/13 7:53 p.m.3 views

CVE-2025-13726

IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 could allow a remote attacker to obtain sensitive information when detailed technical error messages are returned. This information could be used in further attacks against the system...

7.5CVSS0.00327EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/13 6:26 p.m.4 views

CVE-2025-13726 IBM Sterling Partner Engagement Manager Information Disclosure

IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 could allow a remote attacker to obtain sensitive information when detailed technical error messages are returned. This information could be used in further attacks against the system...

5.3CVSS5.8AI score0.00327EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/13 6:26 p.m.3 views

CVE-2025-13726

IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 could allow a remote attacker to obtain sensitive information when detailed technical error messages are returned. This information could be used in further attacks against the system...

5.3CVSS5.8AI score0.00327EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder