Lucene search
K

21 matches found

Cvelist
Cvelist
added 2026/05/13 5:29 p.m.59 views

CVE-2026-44002 vm2: Host File Path Disclosure via Stack Trace Information Leak

vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, vm2's CallSite wrapper class intended as a safe wrapper for V8's native CallSite blocks getThis and getFunction to prevent host object leakage, but allows getFileName to return unsanitized host absolute paths. Any sandboxed code can...

5.8CVSS0.00241EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-57720

Malicious code in bioql PyPI...

5.9CVSS5.9AI score0.00404EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-29836

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.00476EPSS
Exploits0References1
NVD
NVD
added 2025/09/25 7:15 p.m.13 views

CVE-2025-29157

An issue in petstore v.1.0.7 allows a remote attacker to execute arbitrary code via accessing a non-existent endpoint/cart, the server returns a 404-error page exposing sensitive information including the Servlet name default and server version...

6.5CVSS0.00495EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/05/23 2:15 a.m.10 views

CVE-2023-5405

Server information leak for the CDA Server process memory can occur when an error is generated in response to a specially crafted message. See Honeywell Security Notification for recommendations on upgrading and versioning...

5.9CVSS6.5AI score0.00404EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:23 a.m.9 views

CVE-2022-46825

In JetBrains IntelliJ IDEA before 2022.3 the built-in web server leaked information about open projects...

4CVSS6.7AI score0.00126EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2024/12/12 7:22 p.m.18 views

http4k has a potential XXE (XML External Entity Injection) vulnerability

Summary Short summary of the problem. Make the impact and severity as clear as possible. For example: An unsafe deserialization vulnerability allows any unauthenticated user to execute arbitrary code on the server. There is a potential XXEXML External Entity Injection vulnerability when http4k...

9.8CVSS8.1AI score0.01902EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2024/08/27 12:0 a.m.5 views

PT-2024-10883 · Netiq · Netiq Advance Authentication

Name of the Vulnerable Software and Affected Versions: NetIQ Advance Authentication versions prior to 6.3.5.1 NetIQ Advance Authentication versions up to 6.3 SP5 Patch 1 Description: A vulnerability identified in NetIQ Advance Authentication leaks sensitive server information. Recommendations: Fo...

6.3CVSS7.1AI score0.00158EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2024/05/02 12:0 a.m.27 views

Honeywell Experion PKS, Experion LX, PlantCruise by Experion, Safety Manager, Safety Manager SC Out-of-bounds Write (CVE-2023-5405)

Server information leak for the CDA Server process memory can occur when an error is generated in response to a specially crafted message. See Honeywell Security Notification for recommendations on upgrading and versioning. This plugin only works with Tenable.ot. Please visit...

6.8AI score0.00404EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/04/17 4:46 p.m.15 views

CVE-2023-5405

Server information leak for the CDA Server process memory can occur when an error is generated in response to a specially crafted message. See Honeywell Security Notification for recommendations on upgrading and versioning...

5.9CVSS5.6AI score0.00404EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/04/17 12:0 a.m.7 views

PT-2024-14803 · Unknown · Cda Server

Name of the Vulnerable Software and Affected Versions: CDA Server affected versions not specified Description: A server information leak can occur in the CDA Server process memory when an error is generated in response to a specially crafted message. Recommendations: At the moment, there is no...

5.9CVSS6.8AI score0.00404EPSS
Exploits0References7
NVD
NVD
added 2023/07/13 12:15 p.m.21 views

CVE-2023-25948

Server information leak of configuration data when an error is generated in response to a specially crafted message. See Honeywell Security Notification for recommendations on upgrading and versioning...

7.5CVSS0.00476EPSS
Exploits0References1
OSV
OSV
added 2023/07/13 12:15 p.m.5 views

CVE-2023-25948

Server information leak of configuration data when an error is generated in response to a specially crafted message. See Honeywell Security Notification for recommendations on upgrading and versioning...

7.5CVSS5.8AI score0.00476EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/07/13 11:9 a.m.10 views

CVE-2023-25948 Server Data type confusion - info leak

Server information leak of configuration data when an error is generated in response to a specially crafted message. See Honeywell Security Notification for recommendations on upgrading and versioning...

7.5CVSS6.8AI score0.00476EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/06/05 12:0 a.m.9 views

CVE-2023-33518

emoncms v11 and later was discovered to contain an information disclosure vulnerability which allows attackers to obtain the web directory path and other information leaked by the server via a crafted web request...

5.1AI score0.00456EPSS
Exploits1References1
Prion
Prion
added 2020/04/06 10:15 p.m.14 views

Directory traversal

A Directory Traversal issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make HTTP GET requests to a certain URL and obtain information about what files and directories reside on the server...

5CVSS7.4AI score0.01768EPSS
Exploits1References1Affected Software1
CNVD
CNVD
added 2020/03/04 12:0 a.m.1 views

File Containment Vulnerability in the Backend of the Most Earth Group Buying System

The most earth group-buying system is the most professional and powerful GroupOn mode of free open source group-buying system platform. The most earth group purchase system backend file contains a vulnerability that can be exploited by attackers to obtain server information...

6.9AI score
Exploits0
Hacker One
Hacker One
added 2020/02/21 4:48 a.m.184 views

Alibaba BBP: SSRF / Arbitrary File Read on Alibaba Cloud Academy

Summary: Alibaba Cloud Academy certificate download function is vulnerable with SSRF bug. It can also read arbitrary file on the server. Steps To Reproduce: - Login to your https://edu.alibabacloud.com/ account - Click the url to Ping external...

0.5AI score
Exploits0
OSV
OSV
added 2018/03/30 4:29 p.m.2 views

CVE-2017-1765

IBM Business Process Manager 8.6 could allow an authenticated user with special privileges to reveal sensitive information about the application server. IBM X-Force ID: 136150...

4.3CVSS5.8AI score
Exploits0References4
RedHat Linux
RedHat Linux
added 2017/12/13 5:48 p.m.5 views

EAP7: Internal IP address disclosed on redirect when request header Host field is not set

It was found that when issuing a GET request which results in a 302 redirect, and when the request header 'Host' field was not set, the response header field 'Location' contains the internal IP address of the server. An attacker could use this disclose information which they are not authorized to...

5.3CVSS7.3AI score0.02264EPSS
Exploits0References4
Rows per page
Query Builder