Total
451 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2013-7331 | 1 Microsoft | 10 Internet Explorer, Windows 7, Windows 8 and 7 more | 2025-04-12 | 6.5 Medium |
| The Microsoft.XMLDOM ActiveX control in Microsoft Windows 8.1 and earlier allows remote attackers to determine the existence of local pathnames, UNC share pathnames, intranet hostnames, and intranet IP addresses by examining error codes, as demonstrated by a res:// URL, and exploited in the wild in February 2014. | ||||
| CVE-2014-2064 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2025-04-12 | N/A |
| The loadUserByUsername function in hudson/security/HudsonPrivateSecurityRealm.java in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to determine whether a user exists via vectors related to failed login attempts. | ||||
| CVE-2024-11129 | 1 Gitlab | 1 Gitlab | 2025-04-11 | 6.3 Medium |
| An issue has been discovered in GitLab EE affecting all versions from 17.1 before 17.8.7, 17.9 before 17.9.6, and 17.10 before 17.10.4. This allows attackers to perform targeted searches with sensitive keywords to get the count of issues containing the searched term." | ||||
| CVE-2024-30614 | 1 Ametys | 1 Ametys | 2025-04-11 | 5.3 Medium |
| An issue in Ametys CMS v4.5.0 and before allows attackers to obtain sensitive information via exposed resources to the error scope. | ||||
| CVE-2012-5615 | 3 Mariadb, Oracle, Redhat | 5 Mariadb, Mysql, Enterprise Linux and 2 more | 2025-04-11 | N/A |
| Oracle MySQL 5.5.38 and earlier, 5.6.19 and earlier, and MariaDB 5.5.28a, 5.3.11, 5.2.13, 5.1.66, and possibly other versions, generates different error messages with different time delays depending on whether a user name exists, which allows remote attackers to enumerate valid usernames. | ||||
| CVE-2013-0212 | 3 Canonical, Openstack, Redhat | 3 Ubuntu Linux, Image Registry And Delivery Service \(glance\), Openstack | 2025-04-11 | N/A |
| store/swift.py in OpenStack Glance Essex (2012.1), Folsom (2012.2) before 2012.2.3, and Grizzly, when in Swift single tenant mode, logs the Swift endpoint's user name and password in cleartext when the endpoint is misconfigured or unusable, allows remote authenticated users to obtain sensitive information by reading the error messages. | ||||
| CVE-2014-1487 | 7 Canonical, Debian, Fedoraproject and 4 more | 19 Ubuntu Linux, Debian Linux, Fedora and 16 more | 2025-04-11 | 7.5 High |
| The Web workers implementation in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allows remote attackers to bypass the Same Origin Policy and obtain sensitive authentication information via vectors involving error messages. | ||||
| CVE-2010-3332 | 1 Microsoft | 2 .net Framework, Internet Information Services | 2025-04-11 | N/A |
| Microsoft .NET Framework 1.1 SP1, 2.0 SP1 and SP2, 3.5, 3.5 SP1, 3.5.1, and 4.0, as used for ASP.NET in Microsoft Internet Information Services (IIS), provides detailed error codes during decryption attempts, which allows remote attackers to decrypt and modify encrypted View State (aka __VIEWSTATE) form data, and possibly forge cookies or read application files, via a padding oracle attack, aka "ASP.NET Padding Oracle Vulnerability." | ||||
| CVE-2022-46371 | 1 Alotceriot | 2 Ar7088h-a, Ar7088h-a Firmware | 2025-04-08 | 5.3 Medium |
| Alotcer - AR7088H-A firmware version 16.10.3 Information disclosure. Unspecified error message contains the default administrator user name. | ||||
| CVE-2023-22626 | 1 Pghero Project | 1 Pghero | 2025-04-07 | 7.5 High |
| PgHero before 3.1.0 allows Information Disclosure via EXPLAIN because query results may be present in an error message. (Depending on database user privileges, this may only be information from the database, or may be information from file contents on the database server.) | ||||
| CVE-2025-0279 | 2025-04-07 | 4.3 Medium | ||
| HCL Traveler generates some error messages that provide detailed information about errors and failures, such as internal paths, file names, sensitive tokens, credentials, error codes, or stack traces. Attackers could exploit this information to gain insights into the system's architecture and potentially launch targeted attacks. | ||||
| CVE-2023-47639 | 2025-04-07 | 5.3 Medium | ||
| API Platform Core is a system to create hypermedia-driven REST and GraphQL APIs. From 3.2.0 until 3.2.4, exception messages, that are not HTTP exceptions, are visible in the JSON error response. This vulnerability is fixed in 3.2.5. | ||||
| CVE-2025-32238 | 2025-04-07 | 4.3 Medium | ||
| Generation of Error Message Containing Sensitive Information vulnerability in vcita Online Booking & Scheduling Calendar for WordPress by vcita allows Retrieve Embedded Sensitive Data. This issue affects Online Booking & Scheduling Calendar for WordPress by vcita: from n/a through 4.5.2. | ||||
| CVE-2024-6613 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-04-04 | 5.5 Medium |
| The frame iterator could get stuck in a loop when encountering certain wasm frames leading to incorrect stack traces. This vulnerability affects Firefox < 128 and Thunderbird < 128. | ||||
| CVE-2000-1191 | 2 Htdig Project, Redhat | 2 Htdig, Enterprise Linux | 2025-04-03 | N/A |
| htsearch program in htDig 3.2 beta, 3.1.6, 3.1.5, and earlier allows remote attackers to determine the physical path of the server by requesting a non-existent configuration file using the config parameter, which generates an error message that includes the full path. | ||||
| CVE-2024-55895 | 1 Ibm | 1 Infosphere Information Server | 2025-04-01 | 2.7 Low |
| IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. | ||||
| CVE-2025-31141 | 2025-03-27 | 2.7 Low | ||
| In JetBrains TeamCity before 2025.03 exception could lead to credential leakage on Cloud Profiles page | ||||
| CVE-2021-39018 | 3 Ibm, Linux, Microsoft | 4 Engineering Lifecycle Optimization - Publishing, Engineering Lifecycle Optimization Publishing, Linux Kernel and 1 more | 2025-03-25 | 4.3 Medium |
| IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could disclose sensitive information in a SQL error message that could aid in further attacks against the system. IBM X-Force ID: 213726. | ||||
| CVE-2022-46675 | 1 Dell | 1 Wyse Management Suite | 2025-03-24 | 5.3 Medium |
| Wyse Management Suite Repository 3.8 and below contain an information disclosure vulnerability. A unauthenticated attacker could potentially discover the internal structure of the application and its components and use this information for further vulnerability research. | ||||
| CVE-2024-5591 | 3 Ibm, Linux, Microsoft | 3 Jazz Foundation, Linux Kernel, Windows | 2025-03-21 | 4.3 Medium |
| IBM Jazz Foundation 7.0.2, 7.0.3, and 7.1.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. | ||||