Total
437 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-26333 | 2025-10-24 | N/A | 5.9 MEDIUM | ||
| Dell BSAFE Crypto-J generates an error message that includes sensitive information about its environment and associated data. A remote attacker could potentially exploit this vulnerability, leading to information exposure. | |||||
| CVE-2025-54291 | 1 Canonical | 1 Lxd | 2025-10-24 | N/A | 5.3 MEDIUM |
| Information disclosure in images API in Canonical LXD before 6.5 and 5.21.4 on all platforms allows unauthenticated remote attackers to determine project existence via differing HTTP status code responses. | |||||
| CVE-2024-41983 | 1 Siemens | 1 Opcenter Quality | 2025-10-23 | N/A | 3.5 LOW |
| A vulnerability has been identified in SmartClient modules Opcenter QL Home (SC) (All versions >= V13.2 < V2506), SOA Audit (All versions >= V13.2 < V2506), SOA Cockpit (All versions >= V13.2 < V2506). The affected application displays SQL statement in the error messages encountered during the generation of reports using Cockpit tool. | |||||
| CVE-2024-41984 | 1 Siemens | 1 Opcenter Quality | 2025-10-22 | N/A | 2.6 LOW |
| A vulnerability has been identified in SmartClient modules Opcenter QL Home (SC) (All versions >= V13.2 < V2506), SOA Audit (All versions >= V13.2 < V2506), SOA Cockpit (All versions >= V13.2 < V2506). The affected application improperly handles error while accessing an inaccessible resource leading to exposing the system applications. | |||||
| CVE-2013-7331 | 1 Microsoft | 10 Internet Explorer, Windows 7, Windows 8 and 7 more | 2025-10-22 | 4.3 MEDIUM | 6.5 MEDIUM |
| The Microsoft.XMLDOM ActiveX control in Microsoft Windows 8.1 and earlier allows remote attackers to determine the existence of local pathnames, UNC share pathnames, intranet hostnames, and intranet IP addresses by examining error codes, as demonstrated by a res:// URL, and exploited in the wild in February 2014. | |||||
| CVE-2022-35715 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2025-10-20 | N/A | 7.5 HIGH |
| IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in a stack trace. This information could be used in further attacks against the system. IBM X-Force ID: 231202. | |||||
| CVE-2025-40718 | 1 Quiter | 1 Quiter Gateway | 2025-10-18 | N/A | 7.5 HIGH |
| Improper error handling vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter. This vulnerability allows an attacker to send malformed payloads to generate error messages containing sensitive information. | |||||
| CVE-2024-44762 | 1 Webmin | 1 Usermin | 2025-10-15 | N/A | 5.3 MEDIUM |
| A discrepancy in error messages for invalid login attempts in Webmin Usermin v2.100 allows attackers to enumerate valid user accounts. | |||||
| CVE-2025-0279 | 1 Hcltech | 1 Traveler | 2025-10-10 | N/A | 4.3 MEDIUM |
| HCL Traveler generates some error messages that provide detailed information about errors and failures, such as internal paths, file names, sensitive tokens, credentials, error codes, or stack traces. Attackers could exploit this information to gain insights into the system's architecture and potentially launch targeted attacks. | |||||
| CVE-2024-39458 | 1 Jenkins | 1 Structs | 2025-10-10 | N/A | 3.1 LOW |
| When Jenkins Structs Plugin 337.v1b_04ea_4df7c8 and earlier fails to configure a build step, it logs a warning message containing diagnostic information that may contain secrets passed as step parameters, potentially resulting in accidental exposure of secrets through the default system log. | |||||
| CVE-2025-53803 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-10-02 | N/A | 5.5 MEDIUM |
| Generation of error message containing sensitive information in Windows Kernel allows an authorized attacker to disclose information locally. | |||||
| CVE-2025-46658 | 1 4cstrategies | 1 Exonaut | 2025-10-02 | N/A | 9.8 CRITICAL |
| An issue was discovered in ExonautWeb in 4C Strategies Exonaut 21.6. There are verbose error messages. | |||||
| CVE-2025-48562 | 1 Google | 1 Android | 2025-09-26 | N/A | 5.0 MEDIUM |
| In writeContent of RemotePrintDocument.java, there is a possible information disclosure due to a logic error. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. | |||||
| CVE-2021-47381 | 1 Linux | 1 Linux Kernel | 2025-09-25 | N/A | 5.5 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: Fix DSP oops stack dump output contents Fix @buf arg given to hex_dump_to_buffer() and stack address used in dump error output. | |||||
| CVE-2025-54791 | 1 Openmicroscopy | 1 Omero-web | 2025-09-23 | N/A | 5.3 MEDIUM |
| OMERO.web provides a web based client and plugin infrastructure. Prior to version 5.29.2, if an error occurred when resetting a user's password using the Forgot Password option in OMERO.web, the error message displayed on the Web page can disclose information about the user. This issue has been patched in version 5.29.2. A workaround involves disabling the Forgot password option in OMERO.web using the omero.web.show_forgot_password configuration property. | |||||
| CVE-2025-8852 | 1 5kcrm | 1 Wukongcrm | 2025-09-16 | 4.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability was identified in WuKongOpenSource WukongCRM 11.0. This affects an unknown part of the file /adminFile/upload of the component API Response Handler. The manipulation leads to information exposure through error message. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-36003 | 1 Ibm | 1 Security Verify Governance | 2025-09-16 | N/A | 7.5 HIGH |
| IBM Security Verify Governance Identity Manager 10.0.2 could allow a remote attacker to obtain sensitive information when detailed technical error messages are returned. This information could be used in further attacks against the system. | |||||
| CVE-2024-53253 | 1 Sentry | 1 Sentry | 2025-09-15 | N/A | 5.3 MEDIUM |
| Sentry is an error tracking and performance monitoring platform. Version 24.11.0, and only version 24.11.0, is vulnerable to a scenario where a specific error message generated by the Sentry platform could include a plaintext Client ID and Client Secret for an application integration. The Client ID and Client Secret would not be displayed in the UI, but would be returned in the underlying HTTP response to the end user. This could occur under the following conditions: An app installation made use of a Search UI component with the `async` flag set to true (default: true); auser types types into the Search Component which creates a request to the third-party for search or query results; and that third-party response may then fail validation and Sentry would return the `select-requester.invalid-response` error code along with a serialized version of a Sentry application containing the integration Client Secret. Should this error be found, it's reasonable to assume the potential exposure of an integration Client Secret. However, an ID and Secret pair alone does not provide direct access to any data. For that secret to be abused an attacker would also need to obtain a valid API token for a Sentry application. Sentry SaaS users do not need to take any action. For Sentry SaaS users, only a single application integration was impacted and the owner has rotated their Client Secret. No abuse of the leaked Client Secret has occurred. As of time of publication, a fix is available for users of Sentry self-hosted in pull request 81038. Sentry self-hosted does not ship with any application integrations. This could only impact self-hosted users that maintain their own integrations. In that case, search for a `select-requester.invalid-response` event. Please note that this error was also shared with another event unrelated to this advisory so Sentry self-hosted users will also need to review the parameters logged for each named event. Sentry self-hosted users may review `select_requester.py` for the instances where these errors can be generated. With the security fix this is no longer a shared event type. Sentry self-hosted users may not install version 24.11.0 and instead wait for the next release. Self-hosted instance that are already running the affected version may consider downgrading to to 24.10.0. | |||||
| CVE-2025-59016 | 1 Typo3 | 1 Typo3 | 2025-09-10 | N/A | 4.3 MEDIUM |
| Error messages containing sensitive information in the File Abstraction Layer in TYPO3 CMS versions 9.0.0-9.5.54, 10.0.0-10.4.53, 11.0.0-11.5.47, 12.0.0-12.4.36, and 13.0.0-13.4.17 allow backend users to disclose full file paths via failed low-level file-system operations. | |||||
| CVE-2025-43776 | 2025-09-09 | N/A | N/A | ||
| A Stored cross-site scripting vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.9, 2025.Q1.0 through 2025.Q1.16, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.19 and 7.4 GA through update 92 allows an remote authenticated attacker to inject JavaScript through Custom Object field label. The malicious payload is stored and executed through Process Builder's Configuration tab without proper escaping. | |||||