30 matches found
CVE-2025-15567
Insufficient protection mechanisms in the Health Module may lead to partial information disclosure...
CVE-2025-15567
Insufficient protection mechanisms in the Health Module may lead to partial information disclosure...
CVE-2025-15567
Insufficient protection mechanisms in the Health Module may lead to partial information disclosure...
PT-2026-22309
Insufficient protection mechanisms in the Health Module may lead to partial information disclosure...
CVE-2022-31699
VMware ESXi contains a heap-overflow vulnerability. A malicious local actor with restricted privileges within a sandbox process may exploit this issue to achieve a partial information disclosure...
CVE-2025-5605
An authentication bypass vulnerability exists in the Management Console of multiple WSO2 products. A malicious actor with access to the console can manipulate the request URI to bypass authentication and access certain restricted resources, resulting in partial information disclosure. The known...
CVE-2025-5605
CVE-2025-5605 describes an authentication bypass in the Management Console of multiple WSO2 products. A malicious actor who has console access can manipulate the request URI to bypass authentication and access restricted resources, resulting in partial information disclosure. The known exposure i...
EUVD-2022-53119
Malicious code in bioql PyPI...
Fragments to Facts: Partial-Information Fragment Inference from LLMs
Large language models LLMs can leak sensitive training data through memorization and membership inference attacks. Prior work has primarily focused on strong adversarial assumptions, including attacker access to entire samples or long, ordered prefixes, leaving open the question of how vulnerable...
Vivo Health 访问控制错误漏洞
Vivo Health is an exercise instruction and health management software from the Chinese company Vivo. A security vulnerability exists in Vivo Health versions prior to 4.1.6.33, which stems from an insufficient restriction on loading URLs and could lead to partial information disclosure...
ROS-20241209-02
A vulnerability in some IntelR TDX modules is related to improper input validation. Exploitation of the vulnerability could allow a privileged attacker to potentially escalate privileges through local access. Vulnerability related to processor instruction sequencing causes unexpected behavior on...
CVE-2024-11980 Billion Electric router - Missing Authentication
Certain modes of routers from Billion Electric have a Missing Authentication vulnerability, allowing unauthenticated remote attackers to directly access the specific functionality to obtain partial device information, modify the WiFi SSID, and restart the device...
intel-microcode: Race conditions in some Intel(R) Processors
A flaw was found in intel-microcode. The hardware logic contains race conditions in some IntelR processors that may allow an authenticated user to enable partial information disclosure via local access...
intel-microcode: Race conditions in some Intel(R) Processors
A flaw was found in intel-microcode. The hardware logic contains race conditions in some IntelR processors that may allow an authenticated user to enable partial information disclosure via local access...
PT-2024-2188 · Vmware · Vmware Cloud Director
Name of the Vulnerable Software and Affected Versions: VMware Cloud Director affected versions not specified Description: The issue is related to a partial information disclosure, where a malicious actor can potentially gather information about organization names based on the behavior of the...
PT-2024-15184 · Avaya · Avaya Aura Experience Portal Manager
Name of the Vulnerable Software and Affected Versions: Avaya Aura Experience Portal Manager versions 8.0.x through 8.1.x prior to 8.1.2 patch 0402 Avaya Aura Experience Portal Manager versions prior to 8.0 Description: Insecure Direct Object Reference vulnerabilities were discovered in the Avaya...
CVE-2023-48374
SmartStar Software CWS is a web-base integration platform, it has a vulnerability of using a hard-coded for a specific account with low privilege. An unauthenticated remote attacker can exploit this vulnerability to run partial processes and obtain partial information, but can't disrupt service o...
CVE-2023-48374
SmartStar Software CWS is a web-base integration platform, it has a vulnerability of using a hard-coded for a specific account with low privilege. An unauthenticated remote attacker can exploit this vulnerability to run partial processes and obtain partial information, but can't disrupt service o...
Information disclosure
SmartStar Software CWS is a web-base integration platform, it has a vulnerability of using a hard-coded for a specific account with low privilege. An unauthenticated remote attacker can exploit this vulnerability to run partial processes and obtain partial information, but can't disrupt service o...
CVE-2023-48374
The CVE-2023-48374 entry pertains to SmartStar Software CWS, a web-based integration platform. The vulnerability is described as using a hard-coded credential for a specific low-privilege account, enabling an unauthenticated remote attacker to run partial processes and view partial information. T...