Total
384 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-54366 | 2024-12-16 | N/A | N/A | ||
| Generation of Error Message Containing Sensitive Information vulnerability in Dave Kiss Vimeography allows Retrieve Embedded Sensitive Data.This issue affects Vimeography: from n/a through 2.4.4. | |||||
| CVE-2024-48896 | 1 Moodle | 1 Moodle | 2024-11-20 | N/A | 4.3 MEDIUM |
| A vulnerability was found in Moodle. It is possible for users with the "send message" capability to view other users' names that they may not otherwise have access to via an error message in Messaging. Note: The name returned follows the full name format configured on the site. | |||||
| CVE-2021-3986 | 1 Janeczku | 1 Calibre-web | 2024-11-19 | N/A | 4.3 MEDIUM |
| A vulnerability in janeczku/calibre-web allows unauthorized users to view the names of private shelves belonging to other users. This issue occurs in the file shelf.py at line 221, where the name of the shelf is exposed in an error message when a user attempts to remove a book from a shelf they do not own. This vulnerability discloses private information and affects all versions prior to the fix. | |||||
| CVE-2024-52043 | 1 Humhub | 1 Humhub | 2024-11-08 | N/A | 5.3 MEDIUM |
| Generation of Error Message Containing Sensitive Information in HumHub GmbH & Co. KG - HumHub on Linux allows: Excavation (user enumeration).This issue affects all released HumHub versions: through 1.16.2. | |||||
| CVE-2024-51560 | 1 63moons | 2 Aero, Wave 2.0 | 2024-11-08 | N/A | 4.3 MEDIUM |
| This vulnerability exists in the Wave 2.0 due to improper exception handling for invalid inputs at certain API endpoint. An authenticated remote attacker could exploit this vulnerability by providing invalid inputs for “userId” parameter in the API request leading to generation of error message containing sensitive information on the targeted system. | |||||
| CVE-2024-7038 | 1 Openwebui | 1 Open Webui | 2024-11-03 | N/A | 2.7 LOW |
| An information disclosure vulnerability exists in open-webui version 0.3.8. The vulnerability is related to the embedding model update feature under admin settings. When a user updates the model path, the system checks if the file exists and provides different error messages based on the existence and configuration of the file. This behavior allows an attacker to enumerate file names and traverse directories by observing the error messages, leading to potential exposure of sensitive information. | |||||
| CVE-2024-50512 | 2024-11-01 | N/A | N/A | ||
| Generation of Error Message Containing Sensitive Information vulnerability in Posti Posti Shipping allows Retrieve Embedded Sensitive Data.This issue affects Posti Shipping: from n/a through 3.10.2. | |||||
| CVE-2024-37162 | 1 Idopesok | 1 Zsa | 2024-10-31 | N/A | 5.3 MEDIUM |
| zsa is a library for building typesafe server actions in Next.js. All users are impacted. The zsa application transfers the parse error stack from the server to the client in production build mode. This can potentially reveal sensitive information about the server environment, such as the machine username and directory paths. An attacker could exploit this vulnerability to gain unauthorized access to sensitive server information. This information could be used to plan further attacks or gain a deeper understanding of the server infrastructure. This has been patched on `0.3.3`. | |||||
| CVE-2023-50355 | 1 Hcltech | 1 Sametime | 2024-10-31 | N/A | 5.3 MEDIUM |
| HCL Sametime is impacted by the error messages containing sensitive information. An attacker can use this information to launch another, more focused attack. | |||||
| CVE-2023-25956 | 1 Apache | 1 Apache-airflow-providers-amazon | 2024-10-23 | N/A | 7.5 HIGH |
| Generation of Error Message Containing Sensitive Information vulnerability in the Apache Airflow AWS Provider. This issue affects Apache Airflow AWS Provider versions before 7.2.1. | |||||
| CVE-2022-35640 | 1 Ibm | 1 Sterling Partner Engagement Manager | 2024-10-19 | N/A | 5.5 MEDIUM |
| IBM Sterling Partner Engagement Manager 6.2.2 could allow a local attacker to obtain sensitive information when a detailed technical error message is returned. IBM X-Force ID: 230933. | |||||
| CVE-2023-31048 | 1 Opcfoundation | 1 Ua-.netstandard | 2024-10-09 | N/A | 5.3 MEDIUM |
| The OPC UA .NET Standard Reference Server before 1.4.371.86. places sensitive information into an error message that may be seen remotely. | |||||
| CVE-2024-6551 | 1 Givewp | 1 Givewp | 2024-10-04 | N/A | 5.3 MEDIUM |
| The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.15.1. This is due to the plugin utilizing Symfony and leaving display_errors on within test files. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website. | |||||
| CVE-2024-5250 | 1 Perforce | 1 Akana Api | 2024-10-01 | N/A | 5.3 MEDIUM |
| In versions of Akana API Platform prior to 2024.1.0 overly verbose errors can be found in SAML integrations | |||||
| CVE-2024-6544 | 1 Coffee2code | 1 Custom Post Limits | 2024-09-30 | N/A | 5.3 MEDIUM |
| The Custom Post Limits plugin for WordPress is vulnerable to full path disclosure in all versions up to, and including, 4.4.1. This is due to the plugin utilizing bootstrap and leaving test files with display_errors on. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website. | |||||
| CVE-2024-7415 | 1 Coffee2code | 1 Remember Me Controls | 2024-09-30 | N/A | 5.3 MEDIUM |
| The Remember Me Controls plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.0.1. This is due to the plugin allowing direct access to the bootstrap.php file which has display_errors on. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website. | |||||
| CVE-2024-7426 | 1 Peepso | 1 Peepso | 2024-09-30 | N/A | 5.3 MEDIUM |
| The Community by PeepSo – Social Network, Membership, Registration, User Profiles plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 6.4.6.0. This is due to the plugin displaying errors and allowing direct access to the sse.php file. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website. | |||||
| CVE-2023-42475 | 1 Sap | 1 S\/4hana | 2024-09-28 | N/A | 4.3 MEDIUM |
| The Statutory Reporting application has a vulnerable file storage location, potentially enabling low privileged attacker to read server files with minimal impact on confidentiality. | |||||
| CVE-2023-47152 | 3 Ibm, Linux, Microsoft | 5 Aix, Db2, Linux On Ibm Z and 2 more | 2024-09-27 | N/A | 7.5 HIGH |
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to an insecure cryptographic algorithm and to information disclosure in stack trace under exceptional conditions. | |||||
| CVE-2023-47728 | 1 Ibm | 2 Cloud Pak For Security, Qradar Suite | 2024-09-21 | N/A | 6.5 MEDIUM |
| IBM QRadar Suite Software 1.10.12.0 through 1.10.22.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the request. This information could be used in further attacks against the system. IBM X-Force ID: 272201. | |||||