21 matches found
CVE-2026-44002 vm2: Host File Path Disclosure via Stack Trace Information Leak
vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, vm2's CallSite wrapper class intended as a safe wrapper for V8's native CallSite blocks getThis and getFunction to prevent host object leakage, but allows getFileName to return unsanitized host absolute paths. Any sandboxed code can...
EUVD-2023-57720
Malicious code in bioql PyPI...
EUVD-2023-29836
Malicious code in bioql PyPI...
CVE-2025-29157
An issue in petstore v.1.0.7 allows a remote attacker to execute arbitrary code via accessing a non-existent endpoint/cart, the server returns a 404-error page exposing sensitive information including the Servlet name default and server version...
CVE-2023-5405
Server information leak for the CDA Server process memory can occur when an error is generated in response to a specially crafted message. See Honeywell Security Notification for recommendations on upgrading and versioning...
CVE-2022-46825
In JetBrains IntelliJ IDEA before 2022.3 the built-in web server leaked information about open projects...
http4k has a potential XXE (XML External Entity Injection) vulnerability
Summary Short summary of the problem. Make the impact and severity as clear as possible. For example: An unsafe deserialization vulnerability allows any unauthenticated user to execute arbitrary code on the server. There is a potential XXEXML External Entity Injection vulnerability when http4k...
PT-2024-10883 · Netiq · Netiq Advance Authentication
Name of the Vulnerable Software and Affected Versions: NetIQ Advance Authentication versions prior to 6.3.5.1 NetIQ Advance Authentication versions up to 6.3 SP5 Patch 1 Description: A vulnerability identified in NetIQ Advance Authentication leaks sensitive server information. Recommendations: Fo...
Honeywell Experion PKS, Experion LX, PlantCruise by Experion, Safety Manager, Safety Manager SC Out-of-bounds Write (CVE-2023-5405)
Server information leak for the CDA Server process memory can occur when an error is generated in response to a specially crafted message. See Honeywell Security Notification for recommendations on upgrading and versioning. This plugin only works with Tenable.ot. Please visit...
CVE-2023-5405
Server information leak for the CDA Server process memory can occur when an error is generated in response to a specially crafted message. See Honeywell Security Notification for recommendations on upgrading and versioning...
PT-2024-14803 · Unknown · Cda Server
Name of the Vulnerable Software and Affected Versions: CDA Server affected versions not specified Description: A server information leak can occur in the CDA Server process memory when an error is generated in response to a specially crafted message. Recommendations: At the moment, there is no...
CVE-2023-25948
Server information leak of configuration data when an error is generated in response to a specially crafted message. See Honeywell Security Notification for recommendations on upgrading and versioning...
CVE-2023-25948
Server information leak of configuration data when an error is generated in response to a specially crafted message. See Honeywell Security Notification for recommendations on upgrading and versioning...
CVE-2023-25948 Server Data type confusion - info leak
Server information leak of configuration data when an error is generated in response to a specially crafted message. See Honeywell Security Notification for recommendations on upgrading and versioning...
CVE-2023-33518
emoncms v11 and later was discovered to contain an information disclosure vulnerability which allows attackers to obtain the web directory path and other information leaked by the server via a crafted web request...
Directory traversal
A Directory Traversal issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make HTTP GET requests to a certain URL and obtain information about what files and directories reside on the server...
File Containment Vulnerability in the Backend of the Most Earth Group Buying System
The most earth group-buying system is the most professional and powerful GroupOn mode of free open source group-buying system platform. The most earth group purchase system backend file contains a vulnerability that can be exploited by attackers to obtain server information...
Alibaba BBP: SSRF / Arbitrary File Read on Alibaba Cloud Academy
Summary: Alibaba Cloud Academy certificate download function is vulnerable with SSRF bug. It can also read arbitrary file on the server. Steps To Reproduce: - Login to your https://edu.alibabacloud.com/ account - Click the url to Ping external...
CVE-2017-1765
IBM Business Process Manager 8.6 could allow an authenticated user with special privileges to reveal sensitive information about the application server. IBM X-Force ID: 136150...
EAP7: Internal IP address disclosed on redirect when request header Host field is not set
It was found that when issuing a GET request which results in a 302 redirect, and when the request header 'Host' field was not set, the response header field 'Location' contains the internal IP address of the server. An attacker could use this disclose information which they are not authorized to...