14 matches found
CVE-2026-42459
CVE-2026-42459 documents an improper input validation flaw in free5GC UDM: the SDM (nudm-sdm) service does not validate the SUPI parameter in six GET handlers, allowing an unauthenticated attacker to inject control characters into SUPI. This can cause UDM to forward a malformed URL to UDR and ret...
CVE-2025-62308 HCL AION is affected by a vulnerability where sensitive backend infrastructure details may be exposed
HCL AION is affected by a vulnerability where sensitive backend infrastructure details may be exposed. Exposure of such information could reveal internal system architecture or configuration details, which may potentially assist in further analysis or targeted actions under certain conditions...
PT-2026-40951
HCL AION is affected by a vulnerability where sensitive backend infrastructure details may be exposed. Exposure of such information could reveal internal system architecture or configuration details, which may potentially assist in further analysis or targeted actions under certain conditions...
event-driven-ansible: Event Stream Test Mode Exposes Sensitive Headers in AAP EDA
A flaw was found in the Red Hat Ansible Automation Platform, Event-Driven Ansible EDA Event Stream API. This vulnerability allows exposure of sensitive client credentials and internal infrastructure headers via the testheaders field when an event stream is in test mode. The possible outcome...
CVE-2023-26052
Saleor is a headless, GraphQL commerce platform delivering personalized shopping experiences. Some internal Python exceptions are not handled properly and thus are returned in API as error messages. Some messages might contain sensitive information like infrastructure details in unauthenticated...
Mozilla: Exposing Django Debug Panel and Sensitive Infrastructure Information at https://dev.fxprivaterelay.nonprod.cloudops.mozgcp.net
The Django Debug Panel was exposed in a development environment, allowing sensitive infrastructure information to be accessed. This included details about the locations of databases, user information, and internal IP addresses. The exposure of this information posed significant security risks and...
GHSA-3HVJ-3CG9-V242 Saleor Unauthenticated Information Disclosure Vulnerability via Python Exceptions
Impact Some internal Python exceptions are not handled properly and thus are returned in API as error messages. Some messages might contain sensitive information like infrastructure details in unauthenticated requests. Affected versions: Saleor ≥ 2.0.0 Workarounds None For more information If you...
CVE-2023-26052
Saleor is a headless, GraphQL commerce platform delivering personalized shopping experiences. Some internal Python exceptions are not handled properly and thus are returned in API as error messages. Some messages might contain sensitive information like infrastructure details in unauthenticated...
Information disclosure
Saleor is a headless, GraphQL commerce platform delivering personalized shopping experiences. Some internal Python exceptions are not handled properly and thus are returned in API as error messages. Some messages might contain sensitive information like infrastructure details in unauthenticated...
CVE-2023-26052 Saleor is vulnerable to unauthenticated information disclosure via Python exceptions
Saleor is a headless, GraphQL commerce platform delivering personalized shopping experiences. Some internal Python exceptions are not handled properly and thus are returned in API as error messages. Some messages might contain sensitive information like infrastructure details in unauthenticated...
CVE-2023-26052 Saleor is vulnerable to unauthenticated information disclosure via Python exceptions
Saleor is a headless, GraphQL commerce platform delivering personalized shopping experiences. Some internal Python exceptions are not handled properly and thus are returned in API as error messages. Some messages might contain sensitive information like infrastructure details in unauthenticated...
CVE-2021-42956
Zoho Remote Access Plus Server Windows Desktop Binary fixed in 10.1.2132.6 is affected by a sensitive information disclosure vulnerability. Due to improper privilege management, the process launches as the logged in user, so memory dump can be done by non-admin also. Remotely, an attacker can dum...
CVE-2016-4046
An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev11. The API to configure external mail accounts can be abused to map and access network components within the trust boundary of the operator. Users can inject arbitrary hosts and ports to API calls. Depending on the response typ...
Fortinet FortiWeb Web Application Firewall - Policy Bypass
Fortinet FortiWeb Web Application Firewall - Policy Bypass BINAR10 Report on Fortinet Fortiweb Findings 02/05/2012 - Fortinet FortiWeb Web Application Firewall Policy Bypass - ============================================================ 1 Affected Product Fabricant: Fortinet Product name: FortiWe...