Export limit exceeded: 10363 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10363 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2002-2276 | 1 Ultimate Php Board | 1 Ultimate Php Board | 2025-04-03 | N/A |
| Ultimate PHP Board (UPB) 1.0 allows remote attackers to view the physical path of the message board via a direct request to add.php, which leaks the path in an error message. | ||||
| CVE-2002-1718 | 1 Microsoft | 1 Internet Information Services | 2025-04-03 | N/A |
| Microsoft Internet Information Server (IIS) 5.1 may allow remote attackers to view the contents of a Frontpage Server Extension (FPSE) file, as claimed using an HTTP request for colegal.htm that contains .. (dot dot) sequences. | ||||
| CVE-2004-2320 | 1 Bea | 1 Weblogic Server | 2025-04-03 | N/A |
| The default configuration of BEA WebLogic Server and Express 8.1 SP2 and earlier, 7.0 SP4 and earlier, 6.1 through SP6, and 5.1 through SP13 responds to the HTTP TRACE request, which can allow remote attackers to steal information using cross-site tracing (XST) attacks in applications that are vulnerable to cross-site scripting. | ||||
| CVE-2002-1717 | 1 Microsoft | 1 Internet Information Services | 2025-04-03 | N/A |
| Microsoft Internet Information Server (IIS) 5.1 allows remote attackers to view path information via a GET request to (1) /_vti_pvt/access.cnf, (2) /_vti_pvt/botinfs.cnf, (3) /_vti_pvt/bots.cnf, or (4) /_vti_pvt/linkinfo.cnf. | ||||
| CVE-2025-25975 | 1 Jonschlinkert | 1 Parse-git-config | 2025-04-02 | 7.5 High |
| An issue in parse-git-config v.3.0.0 allows an attacker to obtain sensitive information via the expandKeys function | ||||
| CVE-2022-4054 | 1 Gitlab | 1 Gitlab | 2025-04-02 | 5.5 Medium |
| An issue has been discovered in GitLab affecting all versions starting from 9.3 before 15.4.6, all versions starting from 15.5 before 15.5.5, all versions starting from 15.6 before 15.6.1. It was possible for a project maintainer to leak a webhook secret token by changing the webhook URL to an endpoint that allows them to capture request headers. | ||||
| CVE-2022-43959 | 1 Bitrix24 | 1 Bitrix24 | 2025-04-02 | 4.9 Medium |
| Insufficiently Protected Credentials in the AD/LDAP server settings in 1C-Bitrix Bitrix24 through 22.200.200 allow remote administrators to discover an AD/LDAP administrative password by reading the source code of /bitrix/admin/ldap_server_edit.php. | ||||
| CVE-2022-39167 | 1 Ibm | 1 Spectrum Virtualize | 2025-04-02 | 5.9 Medium |
| IBM Spectrum Virtualize 8.5, 8.4, 8.3, 8.2, and 7.8, under certain configurations, could disclose sensitive information to an attacker using man-in-the-middle techniques. IBM X-Force ID: 235408. | ||||
| CVE-2025-26001 | 1 Telesquare | 2 Tlr-2005ksh, Tlr-2005ksh Firmware | 2025-04-01 | 7.5 High |
| Telesquare TLR-2005KSH 1.1.4 is vulnerable to Information Disclosure via the parameter getUserNamePassword. | ||||
| CVE-2025-26009 | 1 Telesquare | 2 Tlr-2005ksh, Tlr-2005ksh Firmware | 2025-04-01 | 7.5 High |
| Telesquare TLR-2005KSH 1.1.4 has an Information Disclosure vulnerability when requesting systemutilit.cgi. | ||||
| CVE-2022-31711 | 1 Vmware | 1 Vrealize Log Insight | 2025-04-01 | 5.3 Medium |
| VMware vRealize Log Insight contains an Information Disclosure Vulnerability. A malicious actor can remotely collect sensitive session and application information without authentication. | ||||
| CVE-2025-29486 | 1 Libming | 1 Libming | 2025-04-01 | 6.5 Medium |
| libming v0.4.8 was discovered to contain a memory leak via the parseSWF_PLACEOBJECT3 function. | ||||
| CVE-2025-29488 | 1 Libming | 1 Libming | 2025-04-01 | 6.5 Medium |
| libming v0.4.8 was discovered to contain a memory leak via the parseSWF_INITACTION function. | ||||
| CVE-2025-29489 | 1 Libming | 1 Libming | 2025-04-01 | 6.5 Medium |
| libming v0.4.8 was discovered to contain a memory leak via the parseSWF_MORPHLINESTYLES function. | ||||
| CVE-2025-29497 | 1 Libming | 1 Libming | 2025-04-01 | 6.5 Medium |
| libming v0.4.8 was discovered to contain a memory leak via the parseSWF_MORPHFILLSTYLES function. | ||||
| CVE-2024-3505 | 1 Jfrog | 1 Artifactory | 2025-04-01 | 4.3 Medium |
| JFrog Artifactory Self-Hosted versions below 7.77.3, are vulnerable to sensitive information disclosure whereby a low-privileged authenticated user can read the proxy configuration. This does not affect JFrog cloud deployments. | ||||
| CVE-2023-22580 | 1 Sequelizejs | 1 Sequelize | 2025-04-01 | 5.3 Medium |
| Due to improper input filtering in the sequalize js library, can malicious queries lead to sensitive information disclosure. | ||||
| CVE-2024-46471 | 1 Codeastro | 1 Membership Management System | 2025-03-31 | 7.5 High |
| The Directory Listing in /uploads/ Folder in CodeAstro Membership Management System 1.0 exposes the structure and contents of directories, potentially revealing sensitive information. | ||||
| CVE-2021-39327 | 1 Ait-pro | 1 Bulletproof Security | 2025-03-31 | 5.3 Medium |
| The BulletProof Security WordPress plugin is vulnerable to sensitive information disclosure due to a file path disclosure in the publicly accessible ~/db_backup_log.txt file which grants attackers the full path of the site, in addition to the path of database backup files. This affects versions up to, and including, 5.1. | ||||
| CVE-2021-39089 | 2 Ibm, Linux | 2 Cloud Pak For Security, Linux Kernel | 2025-03-31 | 4.3 Medium |
| IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.6.0 could allow an authenticated user to obtain sensitive information from a specially crafted HTTP request. IBM X-Force ID: 216387. | ||||