283 matches found
EUVD-2025-25447
Malicious code in bioql PyPI...
EUVD-2025-27951
Malicious code in bioql PyPI...
EUVD-2025-10451
Malicious code in bioql PyPI...
EUVD-2025-31308
Malicious code in bioql PyPI...
EUVD-2025-11309
Malicious code in bioql PyPI...
EUVD-2022-27449
Malicious code in bioql PyPI...
EUVD-2025-9792
Malicious code in bioql PyPI...
EUVD-2022-38096
Malicious code in bioql PyPI...
EUVD-2023-36980
Malicious code in bioql PyPI...
PT-2025-39566
Name of the Vulnerable Software and Affected Versions CoSchedule versions through 3.3.10 Description A flaw exists in CoSchedule that allows retrieval of embedded sensitive data, potentially exposing sensitive system information to an unauthorized control sphere. Recommendations Update CoSchedule...
CVE-2025-57916
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Nurul Amin WP System Information wp-system-info allows Retrieve Embedded Sensitive Data.This issue affects WP System Information: from n/a through = 1.5...
CVE-2025-37131
A vulnerability in EdgeConnect SD-WAN ECOS could allow an authenticated remote threat actor with admin privileges to access sensitive unauthorized system files. Under certain conditions, this could lead to exposure and exfiltration of sensitive information...
PT-2025-36205
Name of the Vulnerable Software and Affected Versions: Rami Yushuvaev Site Info versions n/a through 1.1 Description: A vulnerability exists in Rami Yushuvaev Site Info that allows the retrieval of embedded sensitive data, potentially exposing sensitive system information to an unauthorized contr...
PT-2025-31696 · Linksys · Linksys Routers
Name of the Vulnerable Software and Affected Versions: Linksys router versions 1.0.00, 1.0.04, and 1.0.05 Description: A directory traversal vulnerability exists in the web interface, specifically in the /apply.cgi endpoint. Authenticated attackers can exploit the next page POST parameter to acce...
Exposure of Sensitive System Information to an Unauthorized Control Sphere
Overview org.apache.zeppelin:zeppelin is a web-based notebook that enables interactive data analytics. Affected versions of this package are vulnerable to Exposure of Sensitive System Information to an Unauthorized Control Sphere via the raft server protocol. An attacker can access sensitive serv...
PT-2025-27541 · Hikvision · Hikvision Streaming Media Management Server
Name of the Vulnerable Software and Affected Versions: Hikvision Streaming Media Management Server version 2.3.5 Description: The issue allows remote attackers to authenticate using default credentials and access restricted functionality. After authentication, an attacker can exploit an arbitrary...
CVE-2002-2007
The default installations of Apache Tomcat 3.2.3 and 3.2.4 allows remote attackers to obtain sensitive system information such as directory listings and web root path, via erroneous HTTP requests for Java Server Pages JSP in the 1 test/jsp, 2 samples/jsp and 3 examples/jsp directories, or the 4...
CVE-2025-31062
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in redqteam Wishlist wishlist allows Retrieve Embedded Sensitive Data.This issue affects Wishlist: from n/a through = 2.1.0...
CVE-2025-26730
CVE-2025-26730 affects the WordPress plugin Macro Calculator with Admin Email Optin & Data (versions up to 1.0). Described as an Exposure of Sensitive System Information to an Unauthorized Control Sphere , enabling access to confidential data. Reported base CVSSv3.1 score of 7.5 (HIGH) with netwo...
CVE-2025-31003
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Bogdan Bendziukov Squeeze squeeze allows Retrieve Embedded Sensitive Data.This issue affects Squeeze: from n/a through = 1.6...