CVE-2026-44226

CVE-2026-44226 discloses internal stack traces from pyLoad’s unauthenticated WebUI. The issue occurs because the route "/web/path:filename " is publicly accessible and renders attacker-controlled template names, allowing an unauthenticated user to trigger server exceptions and receive full Python...

PyLoad vulnerable to unauthenticated traceback disclosure via global exception handler in WebUI

Summary pyload-ng WebUI returns full Python traceback details to clients on unhandled exceptions. Because /web/ is reachable without authentication and renders attacker-controlled template names, an unauthenticated user can reliably trigger a server exception for example by requesting a...

GHSA-C3GC-9PF2-84GG PyLoad vulnerable to unauthenticated traceback disclosure via global exception handler in WebUI

Summary pyload-ng WebUI returns full Python traceback details to clients on unhandled exceptions. Because /web/ is reachable without authentication and renders attacker-controlled template names, an unauthenticated user can reliably trigger a server exception for example by requesting a...

GHSA-JQFC-9Q34-PRHG trytond allows remote attackers to obtain sensitive trace-back (server setup) information

Tryton trytond before 7.6.11 allows remote attackers to obtain sensitive trace-back server setup information. This is fixed in 7.6.11, 7.4.21, 7.0.40, and 6.0.70...

PT-2025-48379

Tryton trytond before 7.6.11 allows remote attackers to obtain sensitive trace-back server setup information. This is fixed in 7.6.11, 7.4.21, 7.0.40, and 6.0.70...

Ansible: ansible-connection module discloses sensitive info in traceback error message

A flaw was found in Ansible Engine's ansible-connection module, where sensitive information such as the Ansible user credentials is disclosed by default in the traceback error message. The highest threat from this vulnerability is to confidentiality...