.NET Framework Information Disclosure Vulnerability

Microsoft .NET Framework 1.1 SP1, 2.0 SP1 and SP2, 3.5, 3.5 SP1, 3.5.1, and 4.0, as used for AS…

Squid is a caching proxy for the Web. In Squid versions prior to 7.2, a failure to redact HTTP …

The Microsoft.XMLDOM ActiveX control in Microsoft Windows 8.1 and earlier allows remote attacke…

loginok.html in Wing FTP Server before 7.4.4 discloses the full local installation path of the …

SSL Network Extender Client for Linux before build 800008302 reveals part of the contents of th…

Zoho ManageEngine ServiceDesk Plus MSP before 10519 is vulnerable to a User Enumeration bug due…

In Divante vue-storefront-api through 1.11.1 and storefront-api through 1.0-rc.1, as used in Vu…

Oracle MySQL 5.5.38 and earlier, 5.6.19 and earlier, and MariaDB 5.5.28a, 5.3.11, 5.2.13, 5.1.6…

Generation of Error Message Containing Sensitive Information vulnerability in Apache Tomcat.Thi…

Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism …

core/authorize.php in Drupal 11.x-dev allows Full Path Disclosure (even when error logging is N…

In APache APISIX before 3.13.1, the jwt-auth plugin has a security issue that leaks the user's …

Generation of Error Message Containing Sensitive Information in Packagist microweber/microweber…

An issue in “Zen 2” CPUs, under specific microarchitectural circumstances, may allow an attacke…

django.contrib.auth.forms.AuthenticationForm in Django 2.0 before 2.0.2, and 1.11.8 and 1.11.9,…

The Journal theme before 3.1.0 for OpenCart allows exposure of sensitive data via SQL errors.

In Eclipse Jetty Server, all 9.x versions, on webapps deployed using default Error Handling, wh…

A possible information disclosure / unintended method execution vulnerability in Action Pack >=…

An issue was discovered in Ollama through 0.3.14. File existence disclosure can occur via api/c…

contrib/pgcrypto in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x b…

ReadtoMyShoe, a web app that lets users upload articles and listen to them later, generates an …

An issue was discovered in Joomla! Core before 3.8.8. The web install application would autofil…

Padding Oracle vulnerability in Apache Tomcat's EncryptInterceptor with default configuration. …

Adobe Campaign Classic version 18.10.5-8984 and earlier versions have an Information Exposure T…

htsearch program in htDig 3.2 beta, 3.1.6, 3.1.5, and earlier allows remote attackers to determ…

store/swift.py in OpenStack Glance Essex (2012.1), Folsom (2012.2) before 2012.2.3, and Grizzly…

The loadUserByUsername function in hudson/security/HudsonPrivateSecurityRealm.java in Jenkins b…

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Admin Console could allow a remote atta…

In Apache Ofbiz, versions v17.12.01 to v17.12.07 implement a try catch exception to handle erro…

PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4…

A discrepancy in error messages for invalid login attempts in Webmin Usermin v2.100 allows atta…

389 Directory Server in Red Hat Enterprise Linux Desktop 6 through 7, Red Hat Enterprise Linux …

A sensitive data disclosure flaw was found in the way Logstash versions before 5.6.15 and 6.6.1…

The Web workers implementation in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Th…

Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability

stack_protect_prologue in cfgexpand.c and stack_protect_epilogue in function.c in GNU Compiler …

An information disclosure vulnerability was discovered in glusterfs server. An attacker could i…

An information disclosure in web interface in D-Link DIR-X1860 before 1.03 RevA1 allows a remot…

IBM Security Identity Manager 7.0.2 could allow a remote attacker to obtain sensitive informati…