72 matches found
EUVD-2026-41087
Incorrect Authorization CWE-863 in Elastic Defend can lead to unauthorized information disclosure via Accessing Functionality Not Properly Constrained by ACLs CAPEC-1. Under certain conditions, a low-privileged authenticated user can access response action data that they are not authorized to vie...
Linux Distros Unpatched Vulnerability : CVE-2026-58033
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files...
CVE-2026-35543
A flaw was found in Roundcube Webmail. A remote attacker could bypass the remote image blocking feature by sending a specially crafted email that includes Scalable Vector Graphics SVG content with animation attributes. This vulnerability may lead to unauthorized information disclosure or an...
CVE-2026-26133
AI command injection in M365 Copilot allows an unauthorized attacker to disclose information over a network...
WordPress rtMedia for WordPress, BuddyPress and bbPress plugin 4.7.0-4.7.3 - Missing Authorization to Unauthenticated Information Disclosure
Missing Authorization to Unauthenticated Information Disclosure vulnerability discovered by kr0d in WordPress Plugin rtMedia for WordPress, BuddyPress and bbPress versions 4.7.0-4.7.3...
EUVD-2024-53585
Malicious code in bioql PyPI...
EUVD-2024-43155
Malicious code in bioql PyPI...
CVE-2025-53793
CVE-2025-53793 – Azure Stack Hub Information Disclosure : An improper authentication flaw in Azure Stack Hub allows an unauthenticated attacker to disclose information over the network. According to the CVE entry, the issue has a CVSS v3.1 base score of 7.5 (High) with Network attack vector and n...
ROS-20250616-26
A vulnerability in the Zabbix Universal Monitoring System server is related to excessive data output by an by the application. Exploitation of the vulnerability could allow a remote attacker to gain access to potentially sensitive information. to potentially sensitive information. A vulnerability...
Unauthorized Information Disclosure
github.com/mattermost/mattermost-server is vulnerable to Unauthorized Information Disclosure. The vulnerability is due to insufficient restriction of API access, allowing guest users to view information about public teams they are not members of via direct API calls...
Unauthorized Information Disclosure
@haxtheweb/open-apis is vulnerable to unauthenticated information disclosure. The vulnerability is due to improper access control on the haxPsuUsage API endpoint, allowing remote unauthenticated users to retrieve a list of PSU websites hosted on HAX CMS...
CVE-2025-26672
CVE-2025-26672 is described as a buffer over-read in Windows Routing and Remote Access Service (RRAS) that allows an unauthenticated attacker to disclose information over the network. Connected sources corroborate that RRAS is the affected component and frame the impact as an information disclosu...
Linux Distros Unpatched Vulnerability : CVE-2022-24302
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Paramiko before 2.10.1, a race condition between creation and chmod in the writeprivatekeyfile function could allow unauthorized information disclosure...
CVE-2024-57430
An SQL injection vulnerability in the pjActionGetUser function of PHPJabbers Cinema Booking System v2.0 allows attackers to manipulate database queries via the column parameter. Exploiting this flaw can lead to unauthorized information disclosure, privilege escalation, or database manipulation...
CVE-2024-57430
CVE-2024-57430 affects PHPJabbers Cinema Booking System v2.0. The vulnerability is an SQL injection in the pjActionGetUser function, exploitable via the column parameter, enabling manipulation of database queries and potentially leading to unauthorized data disclosure, privilege escalation, or da...
PHPJabbers Cinema Booking System 2.0 SQL Injection Vulnerability
CVE-2024-57430 An SQL injection vulnerability in the pjActionGetUser function of PHPJabbers Cinema Booking System v2.0 allows attackers to manipulate database queries via the column parameter. Exploiting this flaw can lead to unauthorized information disclosure, privilege escalation, or database...
CVE-2024-25157
An authentication bypass vulnerability in GoAnywhere MFT prior to 7.6.0 allows Admin Users with access to the Agent Console to circumvent some permission checks when attempting to visit other pages. This could lead to unauthorized information disclosure or modification...
The vulnerability of SIMATIC PCS, SIMATIC WinCC Runtime Professional, and SIMATIC WinCC control systems lies in the unauthorized provision of information to unauthorized individuals, allowing intruders to gain unauthorized access to protected information.
The vulnerability of SIMATIC PCS, SIMATIC WinCC Runtime Professional, and SIMATIC WinCC control systems lies in the unauthorized provision of information to unauthorized individuals due to improperly processed requests. Exploiting this vulnerability can allow an intruder to gain unauthorized acce...
Out-of-bounds Read
FreeRDP is vulnerable to Out-of-bounds Read. The vulnerability is caused due to inadequate bounds checking when reading data from a buffer.This allows an attacker to access or manipulate data outside its intended range, potentially leading to unauthorized information disclosure...
CVE-2024-31816
In TOTOLINK EX200 V4.0.3c.7646B20201211, an attacker can obtain sensitive information without authorization through the function getEasyWizardCfg...