Total
384 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-31141 | 1 Jetbrains | 1 Teamcity | 2025-05-16 | N/A | 7.5 HIGH |
| In JetBrains TeamCity before 2025.03 exception could lead to credential leakage on Cloud Profiles page | |||||
| CVE-2021-29040 | 1 Liferay | 2 Digital Experience Platform, Liferay Portal | 2025-05-13 | 5.0 MEDIUM | 5.3 MEDIUM |
| The JSON web services in Liferay Portal 7.3.4 and earlier, and Liferay DXP 7.0 before fix pack 97, 7.1 before fix pack 20 and 7.2 before fix pack 10 may provide overly verbose error messages, which allows remote attackers to use the contents of error messages to help launch another, more focused attacks via crafted inputs. | |||||
| CVE-2025-46575 | 1 Zte | 1 Zxcloud Goldendb | 2025-05-12 | N/A | 7.5 HIGH |
| There is an information disclosure vulnerability in the GoldenDB database product. Attackers can exploit error messages to obtain the system's sensitive information. | |||||
| CVE-2024-32046 | 1 Mattermost | 1 Mattermost Server | 2025-05-12 | N/A | 4.3 MEDIUM |
| Mattermost versions 9.6.x <= 9.6.0, 9.5.x <= 9.5.2, 9.4.x <= 9.4.4 and 8.1.x <= 8.1.11 fail to remove detailed error messages in API requests even if the developer mode is off which allows an attacker to get information about the server such as the full path were files are stored | |||||
| CVE-2025-0049 | 1 Fortra | 1 Goanywhere Managed File Transfer | 2025-05-10 | N/A | 4.3 MEDIUM |
| When a Web User without Create permission on subfolders attempts to upload a file to a non-existent directory, the error message includes the absolute server path which may allow Fuzzing for application mapping. This issue affects GoAnywhere: before 7.8.0. | |||||
| CVE-2021-42777 | 1 Stimulsoft | 1 Reports | 2025-05-07 | N/A | 9.8 CRITICAL |
| Stimulsoft (aka Stimulsoft Reports) 2013.1.1600.0, when Compilation Mode is used, allows an attacker to execute arbitrary C# code on any machine that renders a report, including the application server or a user's local machine, as demonstrated by System.Diagnostics.Process.Start. | |||||
| CVE-2022-2508 | 1 Octopus | 1 Octopus Server | 2025-05-07 | N/A | 5.3 MEDIUM |
| In affected versions of Octopus Server it is possible to reveal the existence of resources in a space that the user does not have access to due to verbose error messaging. | |||||
| CVE-2022-40292 | 1 Phppointofsale | 1 Php Point Of Sale | 2025-05-06 | N/A | 5.3 MEDIUM |
| The application allowed for Unauthenticated User Enumeration by interacting with an unsecured endpoint to retrieve information on each account within the system. | |||||
| CVE-2021-44155 | 1 Reprisesoftware | 1 Reprise License Manager | 2025-04-30 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in /goform/login_process in Reprise RLM 14.2. When an attacker attempts to login, the response if a username is valid includes Login Failed, but does not include this string if the username is invalid. This allows an attacker to enumerate valid users. | |||||
| CVE-2024-45440 | 1 Drupal | 1 Drupal | 2025-04-21 | N/A | 5.3 MEDIUM |
| core/authorize.php in Drupal 11.x-dev allows Full Path Disclosure (even when error logging is None) if the value of hash_salt is file_get_contents of a file that does not exist. | |||||
| CVE-2022-20525 | 1 Google | 1 Android | 2025-04-21 | N/A | 3.3 LOW |
| In enforceVisualVoicemailPackage of PhoneInterfaceManager.java, there is a possible leak of visual voicemail package name due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-229742768 | |||||
| CVE-2022-22760 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2025-04-16 | N/A | 6.5 MEDIUM |
| When importing resources using Web Workers, error messages would distinguish the difference between <code>application/javascript</code> responses and non-script responses. This could have been abused to learn information cross-origin. This vulnerability affects Firefox < 97, Thunderbird < 91.6, and Firefox ESR < 91.6. | |||||
| CVE-2023-22626 | 1 Pghero Project | 1 Pghero | 2025-04-07 | N/A | 7.5 HIGH |
| PgHero before 3.1.0 allows Information Disclosure via EXPLAIN because query results may be present in an error message. (Depending on database user privileges, this may only be information from the database, or may be information from file contents on the database server.) | |||||
| CVE-2023-47639 | 2025-04-03 | N/A | N/A | ||
| API Platform Core is a system to create hypermedia-driven REST and GraphQL APIs. From 3.2.0 until 3.2.4, exception messages, that are not HTTP exceptions, are visible in the JSON error response. This vulnerability is fixed in 3.2.5. | |||||
| CVE-2021-39018 | 3 Ibm, Linux, Microsoft | 4 Engineering Lifecycle Optimization - Publishing, Engineering Lifecycle Optimization Publishing, Linux Kernel and 1 more | 2025-03-25 | N/A | 4.3 MEDIUM |
| IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could disclose sensitive information in a SQL error message that could aid in further attacks against the system. IBM X-Force ID: 213726. | |||||
| CVE-2024-5591 | 3 Ibm, Linux, Microsoft | 3 Jazz Foundation, Linux Kernel, Windows | 2025-03-21 | N/A | 4.3 MEDIUM |
| IBM Jazz Foundation 7.0.2, 7.0.3, and 7.1.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. | |||||
| CVE-2023-0655 | 1 Sonicwall | 1 Email Security | 2025-03-20 | N/A | 5.3 MEDIUM |
| SonicWall Email Security contains a vulnerability that could permit a remote unauthenticated attacker access to an error page that includes sensitive information about users email addresses. | |||||
| CVE-2023-3362 | 1 Gitlab | 1 Gitlab | 2025-03-20 | N/A | 5.3 MEDIUM |
| An information disclosure issue in GitLab CE/EE affecting all versions from 16.0 prior to 16.0.6, and version 16.1.0 allows unauthenticated actors to access the import error information if a project was imported from GitHub. | |||||
| CVE-2024-47803 | 1 Jenkins | 1 Jenkins | 2025-03-19 | N/A | 4.3 MEDIUM |
| Jenkins 2.478 and earlier, LTS 2.462.2 and earlier does not redact multi-line secret values in error messages generated for form submissions involving the `secretTextarea` form field. | |||||
| CVE-2024-31844 | 1 Italtel | 1 Embrace | 2025-03-13 | N/A | 5.3 MEDIUM |
| An issue was discovered in Italtel Embrace 1.6.4. The server does not properly handle application errors. In some cases, this leads to a disclosure of information about the server. An unauthenticated user is able craft specific requests in order to make the application generate an error. Inside an error message, some information about the server is revealed, such as the absolute path of the source code of the application. This kind of information can help an attacker to perform other attacks against the system. This can be exploited without authentication. | |||||