Metabase is an open source data analytics platform. In affected versions a security issue has b…

Potentially allowing an attacker to read certain information on Check Point Security Gateways o…

An issue was discovered in ownCloud owncloud/graphapi 0.2.x before 0.2.1 and 0.3.x before 0.3.1…

There is a File Content Disclosure vulnerability in Action View <5.2.2.1, <5.1.6.2, <5.0.7.2, <…

A critical unauthenticated remote code execution vulnerability was found all recent versions of…

Minio is a Multi-Cloud Object Storage framework. In a cluster deployment starting with RELEASE.…

In the Druid ingestion system, the InputSource is used for reading data from a certain data sou…

For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 & 11.0.1-11.0.5, URIs can be crafted us…

.NET Framework Information Disclosure Vulnerability

Affected versions of Atlassian Jira Server and Data Center allow an unauthenticated user to enu…

In Eclipse Jetty 9.4.37.v20210219 to 9.4.38.v20210224, the default compliance mode allows reque…

Atlassian Confluence before 5.8.17 allows remote authenticated users to read configuration file…

A vulnerability was found in Guangzhou Yingke Electronic Technology Ncast up to 2017 and classi…

ACME mini_httpd before 1.30 lets remote users read arbitrary files.

The server IKEv1 implementation in Cisco IOS 12.2 through 12.4 and 15.0 through 15.6, IOS XE th…

wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php in the REST API implementatio…

CirCarLife Scada before 4.3 allows remote attackers to obtain sensitive information via a direc…

Splunk through 7.0.1 allows information disclosure by appending __raw/services/server/info/serv…

In Apache OFBiz 16.11.01 to 16.11.04, the OFBiz HTTP engine (org.apache.ofbiz.service.engine.Ht…

DataEase, an open source data visualization and analysis tool, has a database configuration inf…

dataTaker DT80 dEX 1.50.012 allows remote attackers to obtain sensitive credential and configur…

The exception handling code in Eclipse Jetty before 9.2.9.v20150224 allows remote attackers to …

The BulletProof Security WordPress plugin is vulnerable to sensitive information disclosure due…

An issue was discovered in config/error.php in Anchor 0.12.3. The error log is exposed at an er…

OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout fo…

A vulnerability has been found in TVT DVR TD-2104TS-CL, DVR TD-2108TS-HP, Provision-ISR DVR SH-…

sshd in OpenSSH before 7.3, when SHA256 or SHA512 are used for user password hashing, uses BLOW…

Vite, a provider of frontend development tooling, has a vulnerability in versions prior to 6.2.…

A flaw was found in Keycloak. Certain endpoints in Keycloak's admin REST API allow low-privileg…

Squirrelly is a template engine implemented in JavaScript that works out of the box with Expres…

An SNMP community name is the default (e.g. public), null, or missing.

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in WPChill Download Mo…

In Laravel framework through 5.5.21, remote attackers can obtain sensitive information (such as…

ImageMagick 7.1.0-49 is vulnerable to Information Disclosure. When it parses a PNG image (e.g.,…

The FailOverHelperServlet (aka FailServlet) servlet in ZOHO ManageEngine Applications Manager b…

Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM a…

ReadXBMImage in coders/xbm.c in ImageMagick before 7.0.8-9 leaves data uninitialized when proce…

Multiple directory traversal vulnerabilities in MyFaces JavaServer Faces (JSF) in Apache MyFace…

The AI Engine plugin for WordPress is vulnerable to Sensitive Information Exposure in all versi…

ExaGrid appliances with firmware before 4.8 P26 have a default SSH public key in the authorized…