Lucene search
K

73 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 11:5 p.m.9 views

CVE-2022-34535

Digital Watchdog DW MEGApix IP cameras A7.2.220211029 allows unauthenticated attackers to view internal paths and scripts via web files...

7.5CVSS7AI score0.00658EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2025/05/07 3:22 p.m.94 views

Exploit for Cross-site Scripting in Phplist

CVE-2025-28074 Suggested description phpList prior to 3.6.3...

6.1CVSS6.5AI score0.00537EPSS
Exploits1
OSV
OSV
added 2025/04/03 10:15 p.m.3 views

CVE-2025-0279

HCL Traveler generates some error messages that provide detailed information about errors and failures, such as internal paths, file names, sensitive tokens, credentials, error codes, or stack traces. Attackers could exploit this information to gain insights into the system's architecture and...

4.3CVSS5.8AI score0.00275EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/04/03 12:0 a.m.6 views

PT-2025-14808 · Hcl · Hcl Traveler

Name of the Vulnerable Software and Affected Versions: HCL Traveler affected versions not specified Description: The issue concerns error messages generated by HCL Traveler that may contain sensitive information, including internal paths, file names, tokens, credentials, error codes, or stack...

4.3CVSS6.3AI score0.00275EPSS
Exploits0References7
Hacker One
Hacker One
added 2025/03/14 1:26 a.m.7 views

TikTok: Stored XSS on TikTok's backend leads to the leakage of highly sensitive administrator data (Cookies, API Keys, Internal Paths, Emails, phone numbers).

A stored cross-site scripting vulnerability was discovered in TikTok's contact form backend. Malicious code submitted through the form executed when administrators viewed the submission, exposing sensitive internal data such as cookies, API keys, internal paths, emails, and phone numbers...

6.3AI score
Exploits0
OSV
OSV
added 2024/11/07 10:15 a.m.7 views

AZL-53694 CVE-2024-50163 affecting package kernel for versions less than 5.15.173.1-1

In the Linux kernel, the following vulnerability has been resolved: bpf: Make sure internal and UAPI bpfredirect flags don't overlap The bpfredirectinfo is shared between the SKB and XDP redirect paths, and the two paths use the same numeric flag values in the ri-flags field specifically,...

5.5CVSS6.8AI score0.00216EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2024/02/21 12:0 a.m.22 views

Apache OFBiz createRegister Error Message Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apache OFBiz. Authentication is not required to exploit this vulnerability. The specific flaw exists within the createRegister method. The issue results from outputting an error message that...

5.3CVSS6.4AI score0.03146EPSS
Exploits0References1
Prion
Prion
added 2023/12/22 12:15 a.m.20 views

Code injection

Nextcloud/Cloud is a calendar app for Nextcloud. An attacker can gain access to stacktrace and internal paths of the server when generating an exception while editing a calendar appointment. It is recommended that the Nextcloud Calendar app is upgraded to 4.5.3...

4CVSS7.2AI score0.00547EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2023/12/21 11:12 p.m.61 views

CVE-2023-48308

CVE-2023-48308 affects the Nextcloud Calendar app. The authenticated user can trigger an error while editing a calendar appointment that exposes the server’s stacktrace and internal paths. Affected software: Nextcloud Calendar prior to version 4.5.3. Root cause: error handling leaks internal debu...

6.5CVSS5.1AI score0.00547EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2023/12/21 11:12 p.m.18 views

CVE-2023-48308 Calendar app returns full stacktrace when an error happens while editing appointment

Nextcloud/Cloud is a calendar app for Nextcloud. An attacker can gain access to stacktrace and internal paths of the server when generating an exception while editing a calendar appointment. It is recommended that the Nextcloud Calendar app is upgraded to 4.5.3...

3.5CVSS6.4AI score0.00547EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/12/21 12:0 a.m.8 views

Nextcloud Security Breach

Nextcloud is an open source suite of self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in versions of Nextcloud Calendar prior to 4.5.3, which stems from an attacker being able to access the stack trace and...

6.5CVSS6.8AI score0.00547EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2023/12/21 12:0 a.m.5 views

PT-2023-30770 · Nextcloud · Nextcloud Calendar

Name of the Vulnerable Software and Affected Versions: Nextcloud Calendar app versions prior to 4.5.3 Description: An issue exists where an attacker can gain access to the stacktrace and internal paths of the server when generating an exception while editing a calendar appointment. Recommendation...

6.5CVSS6.4AI score0.00547EPSS
Exploits0References6
Nextcloud
Nextcloud
added 2023/12/18 8:24 a.m.35 views

Calendar app returns full stacktrace when an error happens while editing appointment

None...

6.5CVSS6.4AI score0.00547EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/11/01 2:49 a.m.11 views

CVE-2023-5515

The responses for web queries with certain parameters disclose internal path of resources. This information can be used to learn internal structure of the application and to further plot attacks against web servers and deployed web applications...

5.3CVSS5.2AI score0.00377EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/11/01 12:0 a.m.5 views

Hitachi eSOMS Information Disclosure Vulnerability

Hitachi eSOMS is an application software from Hitachi, Ltd. a shift operations management system for the power generation industry. A security vulnerability exists in Hitachi eSOMS, which stems from the presence of an information disclosure vulnerability. An attacker could exploit the vulnerabili...

5.3CVSS6.2AI score0.00377EPSS
Exploits0References3
Prion
Prion
added 2023/05/30 6:16 a.m.20 views

Code injection

Calendar app for Nextcloud easily sync events from various devices with your Nextcloud. Some internal paths of the website are disclosed when the SMTP server is unavailable. It is recommended that the Calendar app is updated to 3.5.5 or 4.2.3...

4CVSS4.7AI score0.00438EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2023/05/30 12:0 a.m.8 views

Nextcloud Calendar 安全漏洞

Nextcloud is an open source suite of self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in Nextcloud Calendar v4.2.2 and earlier, v3.5.4 and earlier, which stems from the disclosure of certain internal paths to ...

4.3CVSS5AI score0.00438EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/02/01 12:0 a.m.6 views

PT-2023-24200 · Nextcloud +1 · Nextcloud Calendar +1

Name of the Vulnerable Software and Affected Versions: Nextcloud Calendar app versions prior to 3.5.5 Nextcloud Calendar app versions prior to 4.2.3 Description: The issue concerns the disclosure of internal website paths when the SMTP server is unavailable. This affects the functionality of the...

4.3CVSS7.1AI score0.00438EPSS
Exploits0References10
Hacker One
Hacker One
added 2022/08/08 8:11 a.m.427 views

U.S. Dept Of Defense: springboot actuator is leaking internals at ██████████

Proof of Concept If you go to https://█████████/actuator you'll get a complete overview of all the endpoints that are accessable Suggestion: Use a Firefox Browser if possible, its json representation is well formed and the links are clickable ██████████ Impact Information Disclosure...

7.1AI score
Exploits0
OSV
OSV
added 2022/07/19 8:15 p.m.5 views

CVE-2022-34535

Digital Watchdog DW MEGApix IP cameras A7.2.220211029 allows unauthenticated attackers to view internal paths and scripts via web files...

7.5CVSS7.1AI score0.00658EPSS
Exploits0References1
Rows per page
Query Builder