CVE-2025-12515

Systemic Internal Server Errors - HTTP 500 ResponseThis issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5...

EUVD-2023-60046

Nagios XI versions prior to 2024R1 contain a missing access control vulnerability via the Web SSH Terminal. A remote, low-privileged attacker could access or interact with the terminal interface without sufficient authorization, potentially allowing unauthorized command execution or disclosure of...

CVE-2025-61959

Prior to September 19, 2025, the Hospital Manager Backend Services returned verbose ASP.NET error pages for invalid WebResource.axd requests, disclosing framework and ASP.NET version information, stack traces, internal paths, and the insecure configuration 'customErrors mode="Off"', which could...

CVE-2025-12516

Lack of Graceful Error Handling - HTTP 5xx ErrorThis issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5...

CVE-2025-12515

Systemic Internal Server Errors - HTTP 500 ResponseThis issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5...

CVE-2025-12516

BLU-IC2 and BLU-IC4 networked controllers (Azure Access Technology) are affected by a lack of graceful error handling, which can cause HTTP 5xx errors. Affected through 1.19.5. CVSS indicates CRITICAL impact on confidentiality, integrity, and availability. Exploitation status is not stated in the...

EUVD-2025-37017

Lack of Graceful Error Handling - HTTP 5xx ErrorThis issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5...

EUVD-2025-37018

Systemic Internal Server Errors - HTTP 500 ResponseThis issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5...

EUVD-2025-36740

Prior to September 19, 2025, the Hospital Manager Backend Services returned verbose ASP.NET error pages for invalid WebResource.axd requests, disclosing framework and ASP.NET version information, stack traces, internal paths, and the insecure configuration 'customErrors mode="Off"', which could...

PT-2025-44416

Name of the Vulnerable Software and Affected Versions BLU-IC2 versions through 1.19.5 BLU-IC4 versions through 1.19.5 Description The software exhibits a lack of graceful error handling, resulting in HTTP 5xx errors. Recommendations For BLU-IC2 versions through 1.19.5, implement robust error...

Malicious Package

Overview flowtype-errors is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

MAL-2025-49006 Malicious code in flowtype-errors (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 07ca4fe58cef63ee7b190dec7cc8a83378ede2699170492a685e3e2c70d137d7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in flowtype-errors (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 07ca4fe58cef63ee7b190dec7cc8a83378ede2699170492a685e3e2c70d137d7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

EUVD-2025-36813

Malicious code in flowtype-errors npm...

CVE-2025-61959

Prior to September 19, 2025, the Hospital Manager Backend Services returned verbose ASP.NET error pages for invalid WebResource.axd requests, disclosing framework and ASP.NET version information, stack traces, internal paths, and the insecure configuration 'customErrors mode="Off"', which could...

CVE-2025-61959

Prior to September 19, 2025, the Hospital Manager Backend Services returned verbose ASP.NET error pages for invalid WebResource.axd requests, disclosing framework and ASP.NET version information, stack traces, internal paths, and the insecure configuration 'customErrors mode="Off"', which could...

CVE-2025-58189

When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information the ALPN protocols sent by the client which is not escaped...

CVE-2025-61959

The CVE-2025-61959 entry concerns Vertikal Systems’ Hospital Manager Backend Services. Connected sources confirm concrete details: prior to 19 Sep 2025, the product exposed a live ASP.NET tracing endpoint (/trace.axd) without authentication, enabling remote attackers to harvest request metadata, ...

Revive Adserver: Information Disclosure via Verbose Error Messages

Version: ==revive-adserver 6.0.0== Summary: Revive Adserver v6.0.0 exposes sensitive technical details through verbose error messages, revealing the exact MySQL/MariaDB version, SQL queries, and PHP environment details. Attackers can use this information to identify known vulnerabilities or craft...

PT-2025-44350

Name of the Vulnerable Software and Affected Versions Hospital Manager Backend Services versions prior to September 19, 2025 Description The Hospital Manager Backend Services returned detailed ASP.NET error pages for invalid requests to the ''WebResource.axd'' endpoint. These error pages revealed...