7 matches found
CVE-2026-49397
CVE-2026-49397 affects Nezha Monitoring (2.x). Private services (EnableShowInService: false) are leaked via per-server endpoints and service history endpoints due to inconsistent filtering: CopyStats() hides private services in the public listing, but Get/GetSortedList() and endpoints like GET /a...
ASB-A-392614656
In setHideSensitive of ExpandableNotificationRow.java, there is a possible contact name leak due due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2023-53514 gpu: host1x: Fix memory leak of device names
In the Linux kernel, the following vulnerability has been resolved: gpu: host1x: Fix memory leak of device names The device names allocated by devsetname need be freed before module unloading, but they can not be freed because the kobject's refcount which was set in deviceinitialize has not be...
CVE-2023-2117
The Image Optimizer by 10web WordPress plugin before 1.0.27 does not sanitize the dir parameter when handling the getsubdirs ajax action, allowing a high privileged users such as admins to inspect names of files and directories outside of the sites root...
CVE-2022-2270
An issue has been discovered in GitLab affecting all versions starting from 12.4 before 14.10.5, all versions starting from 15.0 before 15.0.4, all versions starting from 15.1 before 15.1.1. GitLab was leaking Conan packages names due to incorrect permissions verification...
Unspecified Vulnerability in JetBrains YouTrack
JetBrains YouTrack is a browser-based bug tracking and project management software from the Czech company JetBrains. The software features bug tracking, creating workflows and monitoring project progress. An unspecified vulnerability exists in JetBrains YouTrack. An attacker could exploit this...
CVE-2018-9998
Open-Xchange OX App Suite before 7.6.3-rev37, 7.8.x before 7.8.2-rev40, 7.8.3 before 7.8.3-rev48, and 7.8.4 before 7.8.4-rev28 include folder names in API error responses, which allows remote attackers to obtain sensitive information via the folder parameter in an "all" action to api/tasks...