ReportizFlow
Filtered by vendor
Subscriptions
Total
466 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-49107 | 3 Hitachi, Linux, Microsoft | 3 Device Manager, Linux Kernel, Windows | 2025-06-02 | 5.3 Medium |
| Generation of Error Message Containing Sensitive Information vulnerability in Hitachi Device Manager on Windows, Linux (Device Manager Agent modules).This issue affects Hitachi Device Manager: before 8.8.5-04. | ||||
| CVE-2024-23689 | 1 Clickhouse | 1 Java Libraries | 2025-05-30 | 8.8 High |
| Exposure of sensitive information in exceptions in ClichHouse's clickhouse-r2dbc, com.clickhouse:clickhouse-jdbc, and com.clickhouse:clickhouse-client versions less than 0.4.6 allows unauthorized users to gain access to client certificate passwords via client exception logs. This occurs when 'sslkey' is specified and an exception, such as a ClickHouseException or SQLException, is thrown during database operations; the certificate password is then included in the logged exception message. | ||||
| CVE-2023-47152 | 3 Ibm, Linux, Microsoft | 5 Aix, Db2, Linux On Ibm Z and 2 more | 2025-05-30 | 5.9 Medium |
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to an insecure cryptographic algorithm and to information disclosure in stack trace under exceptional conditions. | ||||
| CVE-2025-40653 | 2025-05-28 | N/A | ||
| User enumeration vulnerability in M3M Printer Server Web. This issue occurs during user authentication, where a difference in error messages could allow an attacker to determine whether a username is valid or not, allowing a brute force attack on valid usernames. | ||||
| CVE-2021-27774 | 1 Hcltech | 1 Hcl Digital Experience | 2025-05-27 | 3.1 Low |
| User input included in error response, which could be used in a phishing attack. | ||||
| CVE-2023-1210 | 1 Gitlab | 1 Gitlab | 2025-05-22 | 3.1 Low |
| An issue has been discovered in GitLab affecting all versions starting from 12.9 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. It was possible to leak a user's email via an error message for groups that restrict membership by email domain. | ||||
| CVE-2022-2760 | 1 Octopus | 1 Octopus Server | 2025-05-21 | 4.3 Medium |
| In affected versions of Octopus Deploy it is possible to reveal the Space ID of spaces that the user does not have access to view in an error message when a resource is part of another Space. | ||||
| CVE-2025-31141 | 1 Jetbrains | 1 Teamcity | 2025-05-16 | 2.7 Low |
| In JetBrains TeamCity before 2025.03 exception could lead to credential leakage on Cloud Profiles page | ||||
| CVE-2025-22218 | 1 Vmware | 2 Aria Operations For Logs, Cloud Foundation | 2025-05-14 | 8.5 High |
| VMware Aria Operations for Logs contains an information disclosure vulnerability. A malicious actor with View Only Admin permissions may be able to read the credentials of a VMware product integrated with VMware Aria Operations for Logs | ||||
| CVE-2021-29040 | 1 Liferay | 2 Digital Experience Platform, Liferay Portal | 2025-05-13 | 5.3 Medium |
| The JSON web services in Liferay Portal 7.3.4 and earlier, and Liferay DXP 7.0 before fix pack 97, 7.1 before fix pack 20 and 7.2 before fix pack 10 may provide overly verbose error messages, which allows remote attackers to use the contents of error messages to help launch another, more focused attacks via crafted inputs. | ||||
| CVE-2024-39719 | 1 Ollama | 1 Ollama | 2025-05-13 | 7.5 High |
| An issue was discovered in Ollama through 0.3.14. File existence disclosure can occur via api/create. When calling the CreateModel route with a path parameter that does not exist, it reflects the "File does not exist" error message to the attacker, providing a primitive for file existence on the server. | ||||
| CVE-2025-46575 | 1 Zte | 1 Zxcloud Goldendb | 2025-05-12 | 4.9 Medium |
| There is an information disclosure vulnerability in the GoldenDB database product. Attackers can exploit error messages to obtain the system's sensitive information. | ||||
| CVE-2025-46746 | 2025-05-12 | 5.8 Medium | ||
| An administrator could discover another account's credentials. | ||||
| CVE-2024-32046 | 1 Mattermost | 1 Mattermost Server | 2025-05-12 | 4.3 Medium |
| Mattermost versions 9.6.x <= 9.6.0, 9.5.x <= 9.5.2, 9.4.x <= 9.4.4 and 8.1.x <= 8.1.11 fail to remove detailed error messages in API requests even if the developer mode is off which allows an attacker to get information about the server such as the full path were files are stored | ||||
| CVE-2025-0049 | 1 Fortra | 1 Goanywhere Managed File Transfer | 2025-05-10 | 3.5 Low |
| When a Web User without Create permission on subfolders attempts to upload a file to a non-existent directory, the error message includes the absolute server path which may allow Fuzzing for application mapping. This issue affects GoAnywhere: before 7.8.0. | ||||
| CVE-2022-38107 | 1 Solarwinds | 1 Sql Sentry | 2025-05-08 | 5.3 Medium |
| Sensitive information could be displayed when a detailed technical error message is posted. This information could disclose environmental details. | ||||
| CVE-2025-4166 | 2025-05-08 | 4.5 Medium | ||
| Vault Community and Vault Enterprise Key/Value (kv) Version 2 plugin may unintentionally expose sensitive information in server and audit logs when users submit malformed payloads during secret creation or update operations via the Vault REST API. This vulnerability, identified as CVE-2025-4166, is fixed in Vault Community 1.19.3 and Vault Enterprise 1.19.3, 1.18.9, 1.17.16, 1.16.20. | ||||
| CVE-2022-2508 | 1 Octopus | 1 Octopus Server | 2025-05-07 | 5.3 Medium |
| In affected versions of Octopus Server it is possible to reveal the existence of resources in a space that the user does not have access to due to verbose error messaging. | ||||
| CVE-2021-42777 | 1 Stimulsoft | 1 Reports | 2025-05-07 | 9.8 Critical |
| Stimulsoft (aka Stimulsoft Reports) 2013.1.1600.0, when Compilation Mode is used, allows an attacker to execute arbitrary C# code on any machine that renders a report, including the application server or a user's local machine, as demonstrated by System.Diagnostics.Process.Start. | ||||
| CVE-2022-40292 | 1 Phppointofsale | 1 Php Point Of Sale | 2025-05-06 | 5.3 Medium |
| The application allowed for Unauthenticated User Enumeration by interacting with an unsecured endpoint to retrieve information on each account within the system. | ||||