Total
485 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-46575 | 1 Zte | 1 Zxcloud Goldendb | 2025-05-12 | N/A | 4.9 MEDIUM |
| There is an information disclosure vulnerability in the GoldenDB database product. Attackers can exploit error messages to obtain the system's sensitive information. | |||||
| CVE-2025-46746 | 2025-05-12 | N/A | 5.8 MEDIUM | ||
| An administrator could discover another account's credentials. | |||||
| CVE-2024-32046 | 1 Mattermost | 1 Mattermost Server | 2025-05-12 | N/A | 4.3 MEDIUM |
| Mattermost versions 9.6.x <= 9.6.0, 9.5.x <= 9.5.2, 9.4.x <= 9.4.4 and 8.1.x <= 8.1.11 fail to remove detailed error messages in API requests even if the developer mode is off which allows an attacker to get information about the server such as the full path were files are stored | |||||
| CVE-2025-0049 | 1 Fortra | 1 Goanywhere Managed File Transfer | 2025-05-10 | N/A | 3.5 LOW |
| When a Web User without Create permission on subfolders attempts to upload a file to a non-existent directory, the error message includes the absolute server path which may allow Fuzzing for application mapping. This issue affects GoAnywhere: before 7.8.0. | |||||
| CVE-2022-2508 | 1 Octopus | 1 Octopus Server | 2025-05-07 | N/A | 5.3 MEDIUM |
| In affected versions of Octopus Server it is possible to reveal the existence of resources in a space that the user does not have access to due to verbose error messaging. | |||||
| CVE-2021-42777 | 1 Stimulsoft | 1 Reports | 2025-05-07 | N/A | 9.8 CRITICAL |
| Stimulsoft (aka Stimulsoft Reports) 2013.1.1600.0, when Compilation Mode is used, allows an attacker to execute arbitrary C# code on any machine that renders a report, including the application server or a user's local machine, as demonstrated by System.Diagnostics.Process.Start. | |||||
| CVE-2022-40292 | 1 Phppointofsale | 1 Php Point Of Sale | 2025-05-06 | N/A | 5.3 MEDIUM |
| The application allowed for Unauthenticated User Enumeration by interacting with an unsecured endpoint to retrieve information on each account within the system. | |||||
| CVE-2021-44155 | 1 Reprisesoftware | 1 Reprise License Manager | 2025-04-30 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in /goform/login_process in Reprise RLM 14.2. When an attacker attempts to login, the response if a username is valid includes Login Failed, but does not include this string if the username is invalid. This allows an attacker to enumerate valid users. | |||||
| CVE-2024-45440 | 1 Drupal | 1 Drupal | 2025-04-21 | N/A | 5.3 MEDIUM |
| core/authorize.php in Drupal 11.x-dev allows Full Path Disclosure (even when error logging is None) if the value of hash_salt is file_get_contents of a file that does not exist. | |||||
| CVE-2022-20525 | 1 Google | 1 Android | 2025-04-21 | N/A | 3.3 LOW |
| In enforceVisualVoicemailPackage of PhoneInterfaceManager.java, there is a possible leak of visual voicemail package name due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-229742768 | |||||
| CVE-2017-1370 | 1 Ibm | 1 Jazz Reporting Service | 2025-04-20 | 4.0 MEDIUM | 4.9 MEDIUM |
| IBM Jazz Reporting Service (JRS) 5.0 and 6.0 could disclose sensitive information, including user credentials, through an error message from the Report Builder administrator configuration page. IBM X-Force ID: 126863. | |||||
| CVE-2017-7945 | 1 Paloaltonetworks | 1 Pan-os | 2025-04-20 | 5.0 MEDIUM | 9.8 CRITICAL |
| The GlobalProtect external interface in Palo Alto Networks PAN-OS before 6.1.17, 7.x before 7.0.15, 7.1.x before 7.1.9, and 8.x before 8.0.2 provides different error messages for failed login attempts depending on whether the username exists, which allows remote attackers to enumerate account names and conduct brute-force attacks via a series of requests, aka PAN-SA-2017-0014 and PAN-72769. | |||||
| CVE-2016-9459 | 2 Nextcloud, Owncloud | 2 Nextcloud Server, Owncloud | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are vulnerable to a log pollution vulnerability potentially leading to a local XSS. The download log functionality in the admin screen is delivering the log in JSON format to the end-user. The file was delivered with an attachment disposition forcing the browser to download the document. However, Firefox running on Microsoft Windows would offer the user to open the data in the browser as an HTML document. Thus any injected data in the log would be executed. | |||||
| CVE-2017-7551 | 1 Fedoraproject | 1 389 Directory Server | 2025-04-20 | 5.0 MEDIUM | 9.8 CRITICAL |
| 389-ds-base version before 1.3.5.19 and 1.3.6.7 are vulnerable to password brute-force attacks during account lockout due to different return codes returned on password attempts. | |||||
| CVE-2017-0885 | 1 Nextcloud | 1 Nextcloud Server | 2025-04-20 | 4.0 MEDIUM | 4.3 MEDIUM |
| Nextcloud Server before 9.0.55 and 10.0.2 suffers from a error message disclosing existence of file in write-only share. Due to an error in the application logic an adversary with access to a write-only share may enumerate the names of existing files and subfolders by comparing the exception messages. | |||||
| CVE-2022-22760 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2025-04-16 | N/A | 6.5 MEDIUM |
| When importing resources using Web Workers, error messages would distinguish the difference between <code>application/javascript</code> responses and non-script responses. This could have been abused to learn information cross-origin. This vulnerability affects Firefox < 97, Thunderbird < 91.6, and Firefox ESR < 91.6. | |||||
| CVE-2024-30614 | 1 Ametys | 1 Ametys | 2025-04-11 | N/A | 5.3 MEDIUM |
| An issue in Ametys CMS v4.5.0 and before allows attackers to obtain sensitive information via exposed resources to the error scope. | |||||
| CVE-2010-3332 | 1 Microsoft | 2 .net Framework, Internet Information Services | 2025-04-11 | 6.4 MEDIUM | N/A |
| Microsoft .NET Framework 1.1 SP1, 2.0 SP1 and SP2, 3.5, 3.5 SP1, 3.5.1, and 4.0, as used for ASP.NET in Microsoft Internet Information Services (IIS), provides detailed error codes during decryption attempts, which allows remote attackers to decrypt and modify encrypted View State (aka __VIEWSTATE) form data, and possibly forge cookies or read application files, via a padding oracle attack, aka "ASP.NET Padding Oracle Vulnerability." | |||||
| CVE-2023-22626 | 1 Pghero Project | 1 Pghero | 2025-04-07 | N/A | 7.5 HIGH |
| PgHero before 3.1.0 allows Information Disclosure via EXPLAIN because query results may be present in an error message. (Depending on database user privileges, this may only be information from the database, or may be information from file contents on the database server.) | |||||
| CVE-2023-47639 | 2025-04-07 | N/A | 5.3 MEDIUM | ||
| API Platform Core is a system to create hypermedia-driven REST and GraphQL APIs. From 3.2.0 until 3.2.4, exception messages, that are not HTTP exceptions, are visible in the JSON error response. This vulnerability is fixed in 3.2.5. | |||||