25 matches found
Malicious code in node-vfs-polyfill (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7fb213e524ed75dcb54961d6d2ee9431ea6a32f4fdcb9d777bc260102920d81b On install, postinstall.js executes automatically and exfiltrates host reconnaissance data to attacker-controlled subdomains on oastify.com Burp...
CVE-2026-4433
An SSH misconfigurations exists in Tenable OT that led to the potential exfiltration of socket, port, and service information via the ostunnel user and GatewayPorts. This could be used to potentially glean information about the underlying system and give an attacker information that could be used...
CVE-2026-30852
Caddy is an extensible server platform that uses TLS by default. From version 2.7.5 to before version 2.11.2, the varsregexp matcher in vars.go:337 double-expands user-controlled input through the Caddy replacer. When varsregexp matches against a placeholder like http.request.header.X-Input, the...
CVE-2025-47319 Exposure of Sensitive System Information to an Unauthorized Control Sphere in HLOS
Information disclosure while exposing internal TA-to-TA communication APIs to HLOS...
CVE-2020-36887
SpinetiX Fusion Digital Signage 3.4.8 contains an unauthenticated information disclosure vulnerability in the database backup directory. Attackers can access the /content/files/backups/ endpoint to download sensitive backup files containing user credentials and system information...
CVE-2025-65878
The warehouse management system version 1.2 contains an arbitrary file read vulnerability. The endpoint /file/showImageByPath does not sanitize user-controlled path parameters. An attacker could exploit directory traversal to read arbitrary files on the server's file system. This could lead to th...
EUVD-2020-6125
Malware in sbrugna...
EUVD-2023-50890
Malicious code in bioql PyPI...
CVE-2022-46025
Totolink N200REV5 V9.3.5u.6255B20211224 is vulnerable to Incorrect Access Control. The device allows remote attackers to obtain Wi-Fi system information, such as Wi-Fi SSID and Wi-Fi password, without logging into the management page...
CVE-2020-13918
Incorrect access control in webs in Ruckus Wireless Unleashed through 200.7.10.102.92 allows a remote attacker to leak system information that can be used for a jailbreak via an unauthenticated crafted HTTP request. This affects C110, E510, H320, H510, M510, R320, R310, R500, R510 R600, R610, R71...
CVE-2023-46705
in OpenHarmony v3.2.2 and prior versions allow a local attacker causes system information leak through type confusion...
Type confusion
in OpenHarmony v3.2.2 and prior versions allow a local attacker causes system information leak through type confusion...
CVE-2023-46705 Arkruntime has a type confusion vulnerability
in OpenHarmony v3.2.2 and prior versions allow a local attacker causes system information leak through type confusion...
CVE-2023-46705 Arkruntime has a type confusion vulnerability
in OpenHarmony v3.2.2 and prior versions allow a local attacker causes system information leak through type confusion...
PT-2023-30167 · Unknown · Openharmony
Name of the Vulnerable Software and Affected Versions: OpenHarmony versions prior to 3.2.2 Description: The issue allows a local attacker to cause a system information leak through type confusion. Recommendations: For OpenHarmony versions prior to 3.2.2, at the moment, there is no information abo...
CVE-2023-44213
Sensitive information disclosure due to excessive collection of system information. The following products are affected: Acronis Cyber Protect Cloud Agent Windows before build 35739, Acronis Cyber Protect 16 Windows before build 37391...
CVE-2022-2552
The Duplicator WordPress plugin before 1.4.7 does not authenticate or authorize visitors before displaying information about the system such as server software, php version and full file system path to the site...
Improper access control
Incorrect access control in webs in Ruckus Wireless Unleashed through 200.7.10.102.92 allows a remote attacker to leak system information that can be used for a jailbreak via an unauthenticated crafted HTTP request. This affects C110, E510, H320, H510, M510, R320, R310, R500, R510 R600, R610, R71...
CVE-2020-13918
Incorrect access control in webs in Ruckus Wireless Unleashed through 200.7.10.102.92 allows a remote attacker to leak system information that can be used for a jailbreak via an unauthenticated crafted HTTP request. This affects C110, E510, H320, H510, M510, R320, R310, R500, R510 R600, R610, R71...
File Read Vulnerability in ZTE Color Ring Business System
ZTE's ringtone system inherits the stable system architecture of the mobile smart network, follows the latest specifications of operators, and provides flexible interfaces and rich new service functions. A file read vulnerability exists in the ZTE Color Ring service system, which can be exploited...