Flight 安全漏洞

Flight is a PHP microframework developed by Mike Cao. Versions of Flight prior to 3.18.1 contained a security vulnerability. This vulnerability stemmed from the default error handling mechanism Engine::error, which wrote the entire exception message into the HTTP 500 response. Without debugging...

PT-2026-39725

WeGIA is a web manager for charitable institutions. In versions prior to 3.7.0, atendido/familiar docfamiliar.php displays an overly descriptive error message, including database-related details. This verbosity leads to information disclosure, which could assist a potential attacker in mapping th...

Generation of Error Message Containing Sensitive Information

Overview Affected versions of this package are vulnerable to Generation of Error Message Containing Sensitive Information due to the raw message of every server-side AuthenticationException being returned to the unauthenticated remote caller in the gRPC status description. This allows an attacker...

CVE-2025-71282 XenForo Path Disclosure via open_basedir Exceptions

XenForo before 2.3.7 discloses filesystem paths through exception messages triggered by openbasedir restrictions. This allows an attacker to obtain information about the server's directory structure...

AZL-75449 CVE-2025-11065 affecting package kubevirt 1.6.3-3

A flaw was found in github.com/go-viper/mapstructure/v2, in the field processing component using mapstructure.WeakDecode. This vulnerability allows information disclosure through detailed error messages that may leak sensitive input values via malformed user-supplied data processed in...

PT-2026-3934

Neo4j Enterprise edition versions prior to 2025.11.2 and 5.26.17 are vulnerable to a potential information disclosure by an attacker who has some legitimate access to the database. The vulnerability allows attacker without read access to a property to infer information about its value by trying t...

CVE-2005-1650

The web mail service in Woppoware PostMaster 4.2.2 build 3.2.5 generates different error messages depending on whether a user exists or not, which allows remote attackers to determine valid usernames...

EUVD-2021-12272

Malware in sbrugna...

EUVD-2008-7171

Malware in sbrugna...

EUVD-2007-5744

Malware in sbrugna...

EUVD-2006-6982

Malware in sbrugna...

EUVD-2005-2437

Malware in sbrugna...

EUVD-2020-0518

Malware in sbrugna...

EUVD-2022-30638

Malicious code in bioql PyPI...

EUVD-2024-2434

Malicious code in bioql PyPI...

EUVD-2024-36639

Malicious code in bioql PyPI...

Qualcomm Chipsets 安全漏洞

Qualcomm Chipsets are a family of chipsets from Qualcomm Incorporated USA. A security vulnerability exists in Qualcomm Chipsets, which stems from the recording of eSE debug messages when capturing logs could lead to information disclosure...

CVE-2025-6226

Mattermost Server contains an IDOR-like flaw (CVE-2025-6226) where authentication is not verified when retrieving cached posts by PendingPostID. Affected versions include 9.11.x <= 9.11.16, 10.5.x <= 10.5.6, 10.7.x <= 10.7.3, and 10.8.x

The vulnerability of the IBM Guardium Data Protection platform regarding data security, related to the leakage of information in error messages, allows attackers to disclose protected information.

The vulnerability of the IBM Guardium Data Protection platform relates to the leakage of information in error messages. Exploiting this vulnerability could allow a malicious actor, operating remotely, to disclose the protected information...

CVE-2022-0504

Generation of Error Message Containing Sensitive Information in Packagist microweber/microweber prior to 1.2.11...