Total
392 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-31141 | 1 Jetbrains | 1 Teamcity | 2025-05-16 | N/A | 2.7 LOW |
| In JetBrains TeamCity before 2025.03 exception could lead to credential leakage on Cloud Profiles page | |||||
| CVE-2025-22218 | 1 Vmware | 2 Aria Operations For Logs, Cloud Foundation | 2025-05-14 | N/A | 8.5 HIGH |
| VMware Aria Operations for Logs contains an information disclosure vulnerability. A malicious actor with View Only Admin permissions may be able to read the credentials of a VMware product integrated with VMware Aria Operations for Logs | |||||
| CVE-2021-29040 | 1 Liferay | 2 Digital Experience Platform, Liferay Portal | 2025-05-13 | 5.0 MEDIUM | 5.3 MEDIUM |
| The JSON web services in Liferay Portal 7.3.4 and earlier, and Liferay DXP 7.0 before fix pack 97, 7.1 before fix pack 20 and 7.2 before fix pack 10 may provide overly verbose error messages, which allows remote attackers to use the contents of error messages to help launch another, more focused attacks via crafted inputs. | |||||
| CVE-2024-39719 | 1 Ollama | 1 Ollama | 2025-05-13 | N/A | 7.5 HIGH |
| An issue was discovered in Ollama through 0.3.14. File existence disclosure can occur via api/create. When calling the CreateModel route with a path parameter that does not exist, it reflects the "File does not exist" error message to the attacker, providing a primitive for file existence on the server. | |||||
| CVE-2025-46575 | 1 Zte | 1 Zxcloud Goldendb | 2025-05-12 | N/A | 4.9 MEDIUM |
| There is an information disclosure vulnerability in the GoldenDB database product. Attackers can exploit error messages to obtain the system's sensitive information. | |||||
| CVE-2025-46746 | 2025-05-12 | N/A | 5.8 MEDIUM | ||
| An administrator could discover another account's credentials. | |||||
| CVE-2024-32046 | 1 Mattermost | 1 Mattermost Server | 2025-05-12 | N/A | 4.3 MEDIUM |
| Mattermost versions 9.6.x <= 9.6.0, 9.5.x <= 9.5.2, 9.4.x <= 9.4.4 and 8.1.x <= 8.1.11 fail to remove detailed error messages in API requests even if the developer mode is off which allows an attacker to get information about the server such as the full path were files are stored | |||||
| CVE-2025-0049 | 1 Fortra | 1 Goanywhere Managed File Transfer | 2025-05-10 | N/A | 3.5 LOW |
| When a Web User without Create permission on subfolders attempts to upload a file to a non-existent directory, the error message includes the absolute server path which may allow Fuzzing for application mapping. This issue affects GoAnywhere: before 7.8.0. | |||||
| CVE-2022-2508 | 1 Octopus | 1 Octopus Server | 2025-05-07 | N/A | 5.3 MEDIUM |
| In affected versions of Octopus Server it is possible to reveal the existence of resources in a space that the user does not have access to due to verbose error messaging. | |||||
| CVE-2021-42777 | 1 Stimulsoft | 1 Reports | 2025-05-07 | N/A | 9.8 CRITICAL |
| Stimulsoft (aka Stimulsoft Reports) 2013.1.1600.0, when Compilation Mode is used, allows an attacker to execute arbitrary C# code on any machine that renders a report, including the application server or a user's local machine, as demonstrated by System.Diagnostics.Process.Start. | |||||
| CVE-2022-40292 | 1 Phppointofsale | 1 Php Point Of Sale | 2025-05-06 | N/A | 5.3 MEDIUM |
| The application allowed for Unauthenticated User Enumeration by interacting with an unsecured endpoint to retrieve information on each account within the system. | |||||
| CVE-2025-4166 | 2025-05-05 | N/A | 4.5 MEDIUM | ||
| Vault Community and Vault Enterprise Key/Value (kv) Version 2 plugin may unintentionally expose sensitive information in server and audit logs when users submit malformed payloads during secret creation or update operations via the Vault REST API. This vulnerability, identified as CVE-2025-4166, is fixed in Vault Community 1.19.3 and Vault Enterprise 1.19.3, 1.18.9, 1.17.16, 1.16.20. | |||||
| CVE-2021-44155 | 1 Reprisesoftware | 1 Reprise License Manager | 2025-04-30 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in /goform/login_process in Reprise RLM 14.2. When an attacker attempts to login, the response if a username is valid includes Login Failed, but does not include this string if the username is invalid. This allows an attacker to enumerate valid users. | |||||
| CVE-2025-25045 | 2025-04-29 | N/A | 4.3 MEDIUM | ||
| IBM InfoSphere Information 11.7 Server authenticated user to obtain sensitive information when a detailed technical error message is returned in a request. This information could be used in further attacks against the system. | |||||
| CVE-2024-45440 | 1 Drupal | 1 Drupal | 2025-04-21 | N/A | 5.3 MEDIUM |
| core/authorize.php in Drupal 11.x-dev allows Full Path Disclosure (even when error logging is None) if the value of hash_salt is file_get_contents of a file that does not exist. | |||||
| CVE-2022-20525 | 1 Google | 1 Android | 2025-04-21 | N/A | 3.3 LOW |
| In enforceVisualVoicemailPackage of PhoneInterfaceManager.java, there is a possible leak of visual voicemail package name due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-229742768 | |||||
| CVE-2017-7945 | 1 Paloaltonetworks | 1 Pan-os | 2025-04-20 | 5.0 MEDIUM | 9.8 CRITICAL |
| The GlobalProtect external interface in Palo Alto Networks PAN-OS before 6.1.17, 7.x before 7.0.15, 7.1.x before 7.1.9, and 8.x before 8.0.2 provides different error messages for failed login attempts depending on whether the username exists, which allows remote attackers to enumerate account names and conduct brute-force attacks via a series of requests, aka PAN-SA-2017-0014 and PAN-72769. | |||||
| CVE-2017-1370 | 1 Ibm | 1 Jazz Reporting Service | 2025-04-20 | 4.0 MEDIUM | 4.9 MEDIUM |
| IBM Jazz Reporting Service (JRS) 5.0 and 6.0 could disclose sensitive information, including user credentials, through an error message from the Report Builder administrator configuration page. IBM X-Force ID: 126863. | |||||
| CVE-2025-20150 | 2025-04-17 | N/A | 5.3 MEDIUM | ||
| A vulnerability in Cisco Nexus Dashboard could allow an unauthenticated, remote attacker to enumerate LDAP user accounts. This vulnerability is due to the improper handling of LDAP authentication requests. An attacker could exploit this vulnerability by sending authentication requests to an affected system. A successful exploit could allow an attacker to determine which usernames are valid LDAP user accounts. | |||||
| CVE-2013-7331 | 1 Microsoft | 10 Internet Explorer, Windows 7, Windows 8 and 7 more | 2025-04-12 | 4.3 MEDIUM | 6.5 MEDIUM |
| The Microsoft.XMLDOM ActiveX control in Microsoft Windows 8.1 and earlier allows remote attackers to determine the existence of local pathnames, UNC share pathnames, intranet hostnames, and intranet IP addresses by examining error codes, as demonstrated by a res:// URL, and exploited in the wild in February 2014. | |||||