Total
456 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-54291 | 2025-10-02 | N/A | N/A | ||
| Information disclosure in images API in Canonical LXD before 6.5 and 5.21.4 on all platforms allows unauthenticated remote attackers to determine project existence via differing HTTP status code responses. | |||||
| CVE-2025-53803 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-10-02 | N/A | 5.5 MEDIUM |
| Generation of error message containing sensitive information in Windows Kernel allows an authorized attacker to disclose information locally. | |||||
| CVE-2025-46658 | 1 4cstrategies | 1 Exonaut | 2025-10-02 | N/A | 9.8 CRITICAL |
| An issue was discovered in ExonautWeb in 4C Strategies Exonaut 21.6. There are verbose error messages. | |||||
| CVE-2025-26333 | 2025-09-26 | N/A | 5.9 MEDIUM | ||
| Dell Crypto-J generates an error message that includes sensitive information about its environment and associated data. A remote attacker could potentially exploit this vulnerability, leading to information exposure. | |||||
| CVE-2025-48562 | 1 Google | 1 Android | 2025-09-26 | N/A | 5.0 MEDIUM |
| In writeContent of RemotePrintDocument.java, there is a possible information disclosure due to a logic error. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. | |||||
| CVE-2021-47381 | 1 Linux | 1 Linux Kernel | 2025-09-25 | N/A | 5.5 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: Fix DSP oops stack dump output contents Fix @buf arg given to hex_dump_to_buffer() and stack address used in dump error output. | |||||
| CVE-2025-54791 | 1 Openmicroscopy | 1 Omero-web | 2025-09-23 | N/A | 5.3 MEDIUM |
| OMERO.web provides a web based client and plugin infrastructure. Prior to version 5.29.2, if an error occurred when resetting a user's password using the Forgot Password option in OMERO.web, the error message displayed on the Web page can disclose information about the user. This issue has been patched in version 5.29.2. A workaround involves disabling the Forgot password option in OMERO.web using the omero.web.show_forgot_password configuration property. | |||||
| CVE-2025-8852 | 1 5kcrm | 1 Wukongcrm | 2025-09-16 | 4.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability was identified in WuKongOpenSource WukongCRM 11.0. This affects an unknown part of the file /adminFile/upload of the component API Response Handler. The manipulation leads to information exposure through error message. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-36003 | 1 Ibm | 1 Security Verify Governance | 2025-09-16 | N/A | 7.5 HIGH |
| IBM Security Verify Governance Identity Manager 10.0.2 could allow a remote attacker to obtain sensitive information when detailed technical error messages are returned. This information could be used in further attacks against the system. | |||||
| CVE-2024-53253 | 1 Sentry | 1 Sentry | 2025-09-15 | N/A | 5.3 MEDIUM |
| Sentry is an error tracking and performance monitoring platform. Version 24.11.0, and only version 24.11.0, is vulnerable to a scenario where a specific error message generated by the Sentry platform could include a plaintext Client ID and Client Secret for an application integration. The Client ID and Client Secret would not be displayed in the UI, but would be returned in the underlying HTTP response to the end user. This could occur under the following conditions: An app installation made use of a Search UI component with the `async` flag set to true (default: true); auser types types into the Search Component which creates a request to the third-party for search or query results; and that third-party response may then fail validation and Sentry would return the `select-requester.invalid-response` error code along with a serialized version of a Sentry application containing the integration Client Secret. Should this error be found, it's reasonable to assume the potential exposure of an integration Client Secret. However, an ID and Secret pair alone does not provide direct access to any data. For that secret to be abused an attacker would also need to obtain a valid API token for a Sentry application. Sentry SaaS users do not need to take any action. For Sentry SaaS users, only a single application integration was impacted and the owner has rotated their Client Secret. No abuse of the leaked Client Secret has occurred. As of time of publication, a fix is available for users of Sentry self-hosted in pull request 81038. Sentry self-hosted does not ship with any application integrations. This could only impact self-hosted users that maintain their own integrations. In that case, search for a `select-requester.invalid-response` event. Please note that this error was also shared with another event unrelated to this advisory so Sentry self-hosted users will also need to review the parameters logged for each named event. Sentry self-hosted users may review `select_requester.py` for the instances where these errors can be generated. With the security fix this is no longer a shared event type. Sentry self-hosted users may not install version 24.11.0 and instead wait for the next release. Self-hosted instance that are already running the affected version may consider downgrading to to 24.10.0. | |||||
| CVE-2025-59016 | 1 Typo3 | 1 Typo3 | 2025-09-10 | N/A | 4.3 MEDIUM |
| Error messages containing sensitive information in the File Abstraction Layer in TYPO3 CMS versions 9.0.0-9.5.54, 10.0.0-10.4.53, 11.0.0-11.5.47, 12.0.0-12.4.36, and 13.0.0-13.4.17 allow backend users to disclose full file paths via failed low-level file-system operations. | |||||
| CVE-2025-43777 | 2025-09-09 | N/A | N/A | ||
| Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.9, 2025.Q1.0 through 2025.Q1.16, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13 and 2024.Q1.1 through 2024.Q1.19 exposes "Internal Server Error" in the response body when a login attempt is made with a deleted Client Secret. | |||||
| CVE-2025-43776 | 2025-09-09 | N/A | N/A | ||
| A Stored cross-site scripting vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.9, 2025.Q1.0 through 2025.Q1.16, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.19 and 7.4 GA through update 92 allows an remote authenticated attacker to inject JavaScript through Custom Object field label. The malicious payload is stored and executed through Process Builder's Configuration tab without proper escaping. | |||||
| CVE-2023-6944 | 2 Linuxfoundation, Redhat | 2 Backstage, Red Hat Developer Hub | 2025-09-05 | N/A | 5.7 MEDIUM |
| A flaw was found in the Red Hat Developer Hub (RHDH). The catalog-import function leaks GitLab access tokens on the frontend when the base64 encoded GitLab token includes a newline at the end of the string. The sanitized error can display on the frontend, including the raw access token. Upon gaining access to this token and depending on permissions, an attacker could push malicious code to repositories, delete resources in Git, revoke or generate new keys, and sign code illegitimately. | |||||
| CVE-2025-22421 | 1 Google | 1 Android | 2025-09-04 | N/A | 5.5 MEDIUM |
| In contentDescForNotification of NotificationContentDescription.kt, there is a possible notification content leak through the lockscreen due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-8548 | 1 Pybbs Project | 1 Pybbs | 2025-09-03 | 2.6 LOW | 3.7 LOW |
| A vulnerability was found in atjiu pybbs up to 6.0.0 and classified as problematic. This issue affects the function sendEmailCode of the file src/main/java/co/yiiu/pybbs/controller/api/SettingsApiController.java of the component Registered Email Handler. The manipulation of the argument email leads to information exposure through error message. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The identifier of the patch is 234197c4f8fc7ce24bdcff5430cd42492f28936a. It is recommended to apply a patch to fix this issue. | |||||
| CVE-2025-5731 | 2 Infinispan, Redhat | 4 Infinispan, Data Grid, Jboss Enterprise Application Platform and 1 more | 2025-09-02 | N/A | 6.2 MEDIUM |
| A flaw was found in Infinispan CLI. A sensitive password, decoded from a Base64-encoded Kubernetes secret, is processed in plaintext and included in a command string that may expose the data in an error message when a command is not found. | |||||
| CVE-2025-9005 | 1 Mtons | 1 Mblog | 2025-08-27 | 2.6 LOW | 3.7 LOW |
| A vulnerability was determined in mtons mblog up to 3.5.0. Affected is an unknown function of the file /register. The manipulation leads to information exposure through error message. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2022-2062 | 1 Nocodb | 1 Nocodb | 2025-08-26 | 5.0 MEDIUM | 7.5 HIGH |
| Generation of Error Message Containing Sensitive Information in GitHub repository nocodb/nocodb prior to 0.91.7+. | |||||
| CVE-2024-56342 | 1 Ibm | 1 Verify Identity Access Digital Credentials | 2025-08-20 | N/A | 4.3 MEDIUM |
| IBM Verify Identity Access Digital Credentials 24.06 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. | |||||