.NET Framework Information Disclosure Vulnerability

Microsoft .NET Framework 1.1 SP1, 2.0 SP1 and SP2, 3.5, 3.5 SP1, 3.5.1, and 4.0, as used for AS…

The easy-wp-smtp plugin before 1.4.4 for WordPress allows Administrator account takeover, as ex…

Squid is a caching proxy for the Web. In Squid versions prior to 7.2, a failure to redact HTTP …

An information disclosure in Milesight UR5X, UR32L, UR32, UR35, UR41 before v35.3.0.7 allows at…

The Microsoft.XMLDOM ActiveX control in Microsoft Windows 8.1 and earlier allows remote attacke…

loginok.html in Wing FTP Server before 7.4.4 discloses the full local installation path of the …

A vulnerability in Cisco Smart Licensing Utility could allow an unauthenticated, remote attacke…

SSL Network Extender Client for Linux before build 800008302 reveals part of the contents of th…

Zoho ManageEngine ServiceDesk Plus MSP before 10519 is vulnerable to a User Enumeration bug due…

An issue was discovered in the WP Security Audit Log plugin 3.1.1 for WordPress. Access to wp-c…

In Divante vue-storefront-api through 1.11.1 and storefront-api through 1.0-rc.1, as used in Vu…

Oracle MySQL 5.5.38 and earlier, 5.6.19 and earlier, and MariaDB 5.5.28a, 5.3.11, 5.2.13, 5.1.6…

An issue was discovered in Zoho ManageEngine Desktop Central before 100230. There is unauthenti…

Generation of Error Message Containing Sensitive Information vulnerability in Apache Tomcat.Thi…

GreenCMS 2.3.0603 allows remote attackers to obtain sensitive information via a direct request …

A cleartext storage of sensitive information vulnerability in Palo Alto Networks Expedition all…

The Featured Image from URL (FIFU) plugin for WordPress is vulnerable to Sensitive Information …

Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism …

core/authorize.php in Drupal 11.x-dev allows Full Path Disclosure (even when error logging is N…

An issue was discovered in Zoho ManageEngine Desktop Central before 100251. By leveraging acces…

In APache APISIX before 3.13.1, the jwt-auth plugin has a security issue that leaks the user's …

An information disclosure vulnerability exists in the way Azure IoT Java SDK logs sensitive inf…

Generation of Error Message Containing Sensitive Information in Packagist microweber/microweber…

An issue in “Zen 2” CPUs, under specific microarchitectural circumstances, may allow an attacke…

django.contrib.auth.forms.AuthenticationForm in Django 2.0 before 2.0.2, and 1.11.8 and 1.11.9,…

The Journal theme before 3.1.0 for OpenCart allows exposure of sensitive data via SQL errors.

In Eclipse Jetty Server, all 9.x versions, on webapps deployed using default Error Handling, wh…

A possible information disclosure / unintended method execution vulnerability in Action Pack >=…

An issue was discovered in Ollama through 0.3.14. File existence disclosure can occur via api/c…

contrib/pgcrypto in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x b…

An information disclosure vulnerability was found in Apache NiFi 1.10.0. The sensitive paramete…

ReadtoMyShoe, a web app that lets users upload articles and listen to them later, generates an …

An issue was discovered in Joomla! Core before 3.8.8. The web install application would autofil…

In Docker CE and EE before 18.09.8 (as well as Docker EE before 17.06.2-ee-23 and 18.x before 1…

Padding Oracle vulnerability in Apache Tomcat's EncryptInterceptor with default configuration. …

The log files in Apache web server contain information directly supplied by clients and does no…

Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u10…

A flaw was found in the way Ansible (2.3.x before 2.3.3, and 2.4.x before 2.4.1) passed certain…

A vulnerability was found in Undertow web server before 2.0.21. An information exposure of plai…