Total
471 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-23320 | 3 Linux, Microsoft, Nvidia | 3 Linux Kernel, Windows, Triton Inference Server | 2025-08-12 | 7.5 High |
| NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability in the Python backend, where an attacker could cause the shared memory limit to be exceeded by sending a very large request. A successful exploit of this vulnerability might lead to information disclosure. | ||||
| CVE-2024-41983 | 2025-08-12 | 3.5 Low | ||
| A vulnerability has been identified in SmartClient modules Opcenter QL Home (SC) (All versions >= V13.2 < V2506), SOA Audit (All versions >= V13.2 < V2506), SOA Cockpit (All versions >= V13.2 < V2506). The affected application displays SQL statement in the error messages encountered during the generation of reports using Cockpit tool. | ||||
| CVE-2024-41984 | 2025-08-12 | 2.6 Low | ||
| A vulnerability has been identified in SmartClient modules Opcenter QL Home (SC) (All versions >= V13.2 < V2506), SOA Audit (All versions >= V13.2 < V2506), SOA Cockpit (All versions >= V13.2 < V2506). The affected application improperly handles error while accessing an inaccessible resource leading to exposing the system applications. | ||||
| CVE-2025-8852 | 1 Wukongopensource | 1 Wukongcrm | 2025-08-12 | 4.3 Medium |
| A vulnerability was identified in WuKongOpenSource WukongCRM 11.0. This affects an unknown part of the file /adminFile/upload of the component API Response Handler. The manipulation leads to information exposure through error message. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-4166 | 1 Hashicorp | 2 Vault, Vault Enterprise | 2025-08-12 | 4.5 Medium |
| Vault Community and Vault Enterprise Key/Value (kv) Version 2 plugin may unintentionally expose sensitive information in server and audit logs when users submit malformed payloads during secret creation or update operations via the Vault REST API. This vulnerability, identified as CVE-2025-4166, is fixed in Vault Community 1.19.3 and Vault Enterprise 1.19.3, 1.18.9, 1.17.16, 1.16.20. | ||||
| CVE-2024-45658 | 1 Ibm | 1 Security Verify Access | 2025-08-08 | 2.7 Low |
| IBM Security Verify Access Appliance and Container 10.0.0 through 10.0.8 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system. | ||||
| CVE-2024-11129 | 1 Gitlab | 1 Gitlab | 2025-08-07 | 6.3 Medium |
| An issue has been discovered in GitLab EE affecting all versions from 17.1 before 17.8.7, 17.9 before 17.9.6, and 17.10 before 17.10.4. This allows attackers to perform targeted searches with sensitive keywords to get the count of issues containing the searched term." | ||||
| CVE-2025-20150 | 1 Cisco | 1 Nexus Dashboard | 2025-08-07 | 5.3 Medium |
| A vulnerability in Cisco Nexus Dashboard could allow an unauthenticated, remote attacker to enumerate LDAP user accounts. This vulnerability is due to the improper handling of LDAP authentication requests. An attacker could exploit this vulnerability by sending authentication requests to an affected system. A successful exploit could allow an attacker to determine which usernames are valid LDAP user accounts. | ||||
| CVE-2024-12380 | 1 Gitlab | 1 Gitlab | 2025-08-06 | 4.4 Medium |
| An issue was discovered in GitLab EE/CE affecting all versions starting from 11.5 before 17.7.7, all versions starting from 17.8 before 17.8.5, all versions starting from 17.9 before 17.9.2. Certain user inputs in repository mirroring settings could potentially expose sensitive authentication information. | ||||
| CVE-2025-46658 | 2025-08-05 | 9.8 Critical | ||
| An issue was discovered in ExonautWeb in 4C Strategies Exonaut 21.6. There are verbose error messages. | ||||
| CVE-2025-8548 | 1 Atjiu | 1 Pybbs | 2025-08-05 | 3.7 Low |
| A vulnerability was found in atjiu pybbs up to 6.0.0 and classified as problematic. This issue affects the function sendEmailCode of the file src/main/java/co/yiiu/pybbs/controller/api/SettingsApiController.java of the component Registered Email Handler. The manipulation of the argument email leads to information exposure through error message. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The identifier of the patch is 234197c4f8fc7ce24bdcff5430cd42492f28936a. It is recommended to apply a patch to fix this issue. | ||||
| CVE-2024-45659 | 1 Ibm | 2 Security Verify Access, Verify Identity Access | 2025-08-05 | 5.3 Medium |
| IBM Security Verify Access Appliance and Container 10.0.0 through 10.0.8 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system. | ||||
| CVE-2013-7331 | 1 Microsoft | 10 Internet Explorer, Windows 7, Windows 8 and 7 more | 2025-07-30 | 6.5 Medium |
| The Microsoft.XMLDOM ActiveX control in Microsoft Windows 8.1 and earlier allows remote attackers to determine the existence of local pathnames, UNC share pathnames, intranet hostnames, and intranet IP addresses by examining error codes, as demonstrated by a res:// URL, and exploited in the wild in February 2014. | ||||
| CVE-2024-29059 | 1 Microsoft | 15 .net Framework, Windows 10 1507, Windows 10 1607 and 12 more | 2025-07-30 | 7.5 High |
| .NET Framework Information Disclosure Vulnerability | ||||
| CVE-2024-11625 | 1 Progress | 1 Sitefinity | 2025-07-29 | 7.7 High |
| Information Exposure Through an Error Message vulnerability in Progress Software Corporation Sitefinity.This issue affects Sitefinity: from 4.0 through 14.4.8142, from 15.0.8200 through 15.0.8229, from 15.1.8300 through 15.1.8327, from 15.2.8400 through 15.2.8421. | ||||
| CVE-2024-35134 | 1 Ibm | 1 Analytics Content Hub | 2025-07-25 | 5.3 Medium |
| IBM Analytics Content Hub 2.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. | ||||
| CVE-2025-36090 | 1 Ibm | 1 Analytics Content Hub | 2025-07-23 | 4.3 Medium |
| IBM Analytics Content Hub 2.0, 2.1, 2.2, and 2.3 could allow a remote attacker to obtain information about the application framework which could be used in reconnaissance to gather information for future attacks from a detailed technical error message. | ||||
| CVE-2024-37524 | 1 Ibm | 1 Analytics Content Hub | 2025-07-23 | 5.3 Medium |
| IBM Analytics Content Hub 2.0, 2.1, 2.2, and 2.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. | ||||
| CVE-2025-5731 | 1 Redhat | 3 Jboss Data Grid, Jboss Enterprise Application Platform, Jbosseapxp | 2025-07-22 | 6.2 Medium |
| A flaw was found in Infinispan CLI. A sensitive password, decoded from a Base64-encoded Kubernetes secret, is processed in plaintext and included in a command string that may expose the data in an error message when a command is not found. | ||||
| CVE-2024-52893 | 1 Ibm | 1 Concert | 2025-07-18 | 5.3 Medium |
| IBM Concert Software 1.0.0, 1.0.1, 1.0.2, 1.0.2.1, and 1.0.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. | ||||