Lucene search
K

28073 matches found

RedhatCVE
RedhatCVE
added 2026/01/20 9:7 a.m.14 views

CVE-2025-59355

A vulnerability. When org.apache.linkis.metadata.util.HiveUtils.decode fails to perform Base64 decoding, it records the complete input parameter string in the log via logger.errorstr + "decode failed", e. If the input parameter contains sensitive information such as Hive Metastore keys, plaintext...

6.5CVSS5.5AI score0.00403EPSS
Exploits0References1
ICS
ICS
added 2026/01/20 7:0 a.m.5 views

Rockwell Automation Verve Asset Manager

RISK EVALUATION Successful exploitation of these vulnerabilities may allow an attacker to access sensitive information stored in variables within the ADI server. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities,...

5.7AI score
Exploits0References13
OSV
OSV
added 2026/01/20 5:16 a.m.2 views

CVE-2026-0905

Insufficient policy enforcement in Network in Google Chrome prior to 144.0.7559.59 allowed an attack who obtained a network log file to potentially obtain potentially sensitive information via a network log file. Chromium security severity: Medium...

9.8CVSS5.8AI score
Exploits0References2
NVD
NVD
added 2026/01/20 4:15 a.m.3 views

CVE-2025-14798

The LearnPress – WordPress LMS Plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 4.3.2.4 via the getitempermissionscheck function. This makes it possible for unauthenticated attackers to extract sensitive data including user first names and las...

5.3CVSS0.00246EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/01/20 4:14 a.m.5 views

CVE-2026-0905

Insufficient policy enforcement in Network in Google Chrome prior to 144.0.7559.59 allowed an attack who obtained a network log file to potentially obtain potentially sensitive information via a network log file. Chromium security severity: Medium...

5.3AI score0.00221EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2026/01/20 4:14 a.m.6 views

CVE-2026-0905

Insufficient policy enforcement in Network in Google Chrome prior to 144.0.7559.59 allowed an attack who obtained a network log file to potentially obtain potentially sensitive information via a network log file. Chromium security severity: Medium...

9.8CVSS5.4AI score0.00221EPSS
Exploits0
Snyk
Snyk
added 2026/01/20 12:30 a.m.2 views

Files or Directories Accessible to External Parties

Overview mineadmin/mineadmin is a Quickly build a background management system for web applications Affected versions of this package are vulnerable to Files or Directories Accessible to External Parties via the Swagger component. An attacker can access sensitive information by sending crafted...

7.5CVSS5.6AI score0.00685EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/01/20 12:30 a.m.9 views

MineAdmin May Expose Sensitive Information to an Unauthorized Actor

A security flaw has been discovered in MineAdmin 1.x/2.x. This affects an unknown function of the component Swagger. The manipulation results in information disclosure. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks. The vendor was...

7.5CVSS5AI score0.00685EPSS
Exploits1References6Affected Software1
CNNVD
CNNVD
added 2026/01/20 12:0 a.m.5 views

IBM Aspera Console 日志信息泄露漏洞

IBM Aspera Console is a Web-based application from International Business Machines IBM. Allows users to centrally manage, monitor and control Aspera servers nodes and transports. IBM Aspera Console suffers from a log information disclosure vulnerability that originates from the storage of...

4.9CVSS5.8AI score0.00287EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/01/20 12:0 a.m.4 views

CVE-2025-66902

An input validation issue in in Pithikos websocket-server v.0.6.4 allows a remote attacker to obtain sensitive information or cause unexpected server behavior via the websocketserver/websocketserver.py, WebSocketServer.messagereceived components...

7.5CVSS5.5AI score0.00363EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/01/20 12:0 a.m.8 views

PT-2026-3534

The LearnPress – WordPress LMS Plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 4.3.2.4 via the get item permissions check function. This makes it possible for unauthenticated attackers to extract sensitive data including user first names and...

5.3CVSS5.5AI score0.00246EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/01/20 12:0 a.m.10 views

PT-2026-3583

IBM Concert 1.0.0 through 2.1.0 could allow a remote attacker to obtain sensitive information from allocated memory due to improper clearing of heap memory...

5.9CVSS5.8AI score0.00334EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.7 views

MiracleLinux 9 : linux-firmware-20230310-134.el9.ML.1 (AXSA:2023-6270:05)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-6270:05 advisory. This package includes firmware files required for some devices to operate. CVE-2023-20593 An issue in Zen 2 CPUs, under specific microarchitectural...

5.5CVSS6.8AI score0.05794EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/01/20 12:0 a.m.5 views

IBM Concert 安全漏洞

IBM Concert is a new tool from International Business Machines IBM Inc. that uses generative AI to help manage complex cloud-native applications. IBM Concert suffers from an information disclosure vulnerability that can be exploited by attackers to obtain sensitive information...

7.5CVSS5.8AI score0.00334EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/20 12:0 a.m.3 views

CVE-2025-66902

An input validation issue in in Pithikos websocket-server v.0.6.4 allows a remote attacker to obtain sensitive information or cause unexpected server behavior via the websocketserver/websocketserver.py, WebSocketServer.messagereceived components...

5.5AI score0.00363EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/01/20 12:0 a.m.4 views

IBM Concert 安全漏洞

IBM Concert is a new tool from International Business Machines IBM Inc. that uses generative AI to help manage complex cloud-native applications. IBM Concert suffers from an information disclosure vulnerability that can be exploited by attackers to obtain sensitive information...

7.5CVSS5.8AI score0.00334EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/01/20 12:0 a.m.15 views

PT-2026-3580

Name of the Vulnerable Software and Affected Versions IBM Aspera Console version 3.4.7 Description The software stores potentially sensitive information in log files. A local privileged user could read this information. Recommendations Ensure appropriate access controls are in place for log files...

4.9CVSS5.9AI score0.00287EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.4 views

Cisco IP Phones Exposure of Sensitive Information to an Unauthorized Actor (CVE-2025-20336)

A vulnerability in the directory permissions of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 could allow an unauthenticated, remote attacker to access sensitive information on an affected device. This vulnerability exists because the product expose...

7.5CVSS5.5AI score0.00349EPSS
Exploits0References2
Redos
Redos
added 2026/01/20 12:0 a.m.6 views

ROS-20260120-7358

A vulnerability in the Linux operating system kernel is related to the use of memory after it has been freed. Exploitation of the vulnerability could allow an attacker to gain access to sensitive data, compromise its integrity, and cause a denial of service...

7.8CVSS6.9AI score0.00174EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.2 views

MiracleLinux 8 : cloud-init-23.1.1-10.el8.ML.1 (AXSA:2023-7278:09)

The remote MiracleLinux 8 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2023-7278:09 advisory. cloud-init: sensitive data could be exposed in logs CVE-2023-1786 Tenable has extracted the preceding description block directly from the MiracleLinux securi...

5.5CVSS5.6AI score0.00263EPSS
Exploits0References2
Rows per page
Query Builder