Total
395 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-20525 | 1 Google | 1 Android | 2025-04-21 | N/A | 3.3 LOW |
| In enforceVisualVoicemailPackage of PhoneInterfaceManager.java, there is a possible leak of visual voicemail package name due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-229742768 | |||||
| CVE-2017-7945 | 1 Paloaltonetworks | 1 Pan-os | 2025-04-20 | 5.0 MEDIUM | 9.8 CRITICAL |
| The GlobalProtect external interface in Palo Alto Networks PAN-OS before 6.1.17, 7.x before 7.0.15, 7.1.x before 7.1.9, and 8.x before 8.0.2 provides different error messages for failed login attempts depending on whether the username exists, which allows remote attackers to enumerate account names and conduct brute-force attacks via a series of requests, aka PAN-SA-2017-0014 and PAN-72769. | |||||
| CVE-2017-1370 | 1 Ibm | 1 Jazz Reporting Service | 2025-04-20 | 4.0 MEDIUM | 4.9 MEDIUM |
| IBM Jazz Reporting Service (JRS) 5.0 and 6.0 could disclose sensitive information, including user credentials, through an error message from the Report Builder administrator configuration page. IBM X-Force ID: 126863. | |||||
| CVE-2025-20150 | 2025-04-17 | N/A | 5.3 MEDIUM | ||
| A vulnerability in Cisco Nexus Dashboard could allow an unauthenticated, remote attacker to enumerate LDAP user accounts. This vulnerability is due to the improper handling of LDAP authentication requests. An attacker could exploit this vulnerability by sending authentication requests to an affected system. A successful exploit could allow an attacker to determine which usernames are valid LDAP user accounts. | |||||
| CVE-2013-7331 | 1 Microsoft | 10 Internet Explorer, Windows 7, Windows 8 and 7 more | 2025-04-12 | 4.3 MEDIUM | 6.5 MEDIUM |
| The Microsoft.XMLDOM ActiveX control in Microsoft Windows 8.1 and earlier allows remote attackers to determine the existence of local pathnames, UNC share pathnames, intranet hostnames, and intranet IP addresses by examining error codes, as demonstrated by a res:// URL, and exploited in the wild in February 2014. | |||||
| CVE-2024-11129 | 2025-04-11 | N/A | 6.3 MEDIUM | ||
| An issue has been discovered in GitLab EE affecting all versions from 17.1 before 17.8.7, 17.9 before 17.9.6, and 17.10 before 17.10.4. This allows attackers to perform targeted searches with sensitive keywords to get the count of issues containing the searched term." | |||||
| CVE-2024-30614 | 1 Ametys | 1 Ametys | 2025-04-11 | N/A | 5.3 MEDIUM |
| An issue in Ametys CMS v4.5.0 and before allows attackers to obtain sensitive information via exposed resources to the error scope. | |||||
| CVE-2010-3332 | 1 Microsoft | 2 .net Framework, Internet Information Services | 2025-04-11 | 6.4 MEDIUM | N/A |
| Microsoft .NET Framework 1.1 SP1, 2.0 SP1 and SP2, 3.5, 3.5 SP1, 3.5.1, and 4.0, as used for ASP.NET in Microsoft Internet Information Services (IIS), provides detailed error codes during decryption attempts, which allows remote attackers to decrypt and modify encrypted View State (aka __VIEWSTATE) form data, and possibly forge cookies or read application files, via a padding oracle attack, aka "ASP.NET Padding Oracle Vulnerability." | |||||
| CVE-2023-22626 | 1 Pghero Project | 1 Pghero | 2025-04-07 | N/A | 7.5 HIGH |
| PgHero before 3.1.0 allows Information Disclosure via EXPLAIN because query results may be present in an error message. (Depending on database user privileges, this may only be information from the database, or may be information from file contents on the database server.) | |||||
| CVE-2023-47639 | 2025-04-07 | N/A | 5.3 MEDIUM | ||
| API Platform Core is a system to create hypermedia-driven REST and GraphQL APIs. From 3.2.0 until 3.2.4, exception messages, that are not HTTP exceptions, are visible in the JSON error response. This vulnerability is fixed in 3.2.5. | |||||
| CVE-2025-0279 | 2025-04-07 | N/A | 4.3 MEDIUM | ||
| HCL Traveler generates some error messages that provide detailed information about errors and failures, such as internal paths, file names, sensitive tokens, credentials, error codes, or stack traces. Attackers could exploit this information to gain insights into the system's architecture and potentially launch targeted attacks. | |||||
| CVE-2025-32238 | 2025-04-07 | N/A | 4.3 MEDIUM | ||
| Generation of Error Message Containing Sensitive Information vulnerability in vcita Online Booking & Scheduling Calendar for WordPress by vcita allows Retrieve Embedded Sensitive Data. This issue affects Online Booking & Scheduling Calendar for WordPress by vcita: from n/a through 4.5.2. | |||||
| CVE-2024-6613 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-04-04 | N/A | 5.5 MEDIUM |
| The frame iterator could get stuck in a loop when encountering certain wasm frames leading to incorrect stack traces. This vulnerability affects Firefox < 128 and Thunderbird < 128. | |||||
| CVE-2000-1191 | 1 Htdig Project | 1 Htdig | 2025-04-03 | 5.0 MEDIUM | N/A |
| htsearch program in htDig 3.2 beta, 3.1.6, 3.1.5, and earlier allows remote attackers to determine the physical path of the server by requesting a non-existent configuration file using the config parameter, which generates an error message that includes the full path. | |||||
| CVE-2024-55895 | 2025-04-01 | N/A | 2.7 LOW | ||
| IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. | |||||
| CVE-2021-39018 | 3 Ibm, Linux, Microsoft | 4 Engineering Lifecycle Optimization - Publishing, Engineering Lifecycle Optimization Publishing, Linux Kernel and 1 more | 2025-03-25 | N/A | 4.3 MEDIUM |
| IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could disclose sensitive information in a SQL error message that could aid in further attacks against the system. IBM X-Force ID: 213726. | |||||
| CVE-2024-5591 | 3 Ibm, Linux, Microsoft | 3 Jazz Foundation, Linux Kernel, Windows | 2025-03-21 | N/A | 4.3 MEDIUM |
| IBM Jazz Foundation 7.0.2, 7.0.3, and 7.1.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. | |||||
| CVE-2023-0655 | 1 Sonicwall | 1 Email Security | 2025-03-20 | N/A | 5.3 MEDIUM |
| SonicWall Email Security contains a vulnerability that could permit a remote unauthenticated attacker access to an error page that includes sensitive information about users email addresses. | |||||
| CVE-2023-3362 | 1 Gitlab | 1 Gitlab | 2025-03-20 | N/A | 5.3 MEDIUM |
| An information disclosure issue in GitLab CE/EE affecting all versions from 16.0 prior to 16.0.6, and version 16.1.0 allows unauthenticated actors to access the import error information if a project was imported from GitHub. | |||||
| CVE-2024-47803 | 1 Jenkins | 1 Jenkins | 2025-03-19 | N/A | 4.3 MEDIUM |
| Jenkins 2.478 and earlier, LTS 2.462.2 and earlier does not redact multi-line secret values in error messages generated for form submissions involving the `secretTextarea` form field. | |||||